github/descheduler
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/descheduler.git synced 2026-05-06 01:08:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

[v0.35.0] bump to kubernetes 1.35 deps

Browse Source 
Signed-off-by: Amir Alavi <amiralavi7@gmail.com>
This commit is contained in:
Amir Alavi
2026-02-09 19:47:55 -05:00
parent 7221fa7613
commit a206a88d86
2162 changed files with 124889 additions and 69972 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
vendor/github.com/openshift/api/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,191 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
Copyright 2020 Red Hat, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

137
vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,137 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/497
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: clusteroperators.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ClusterOperator
listKind: ClusterOperatorList
plural: clusteroperators
shortNames:
- co
singular: clusteroperator
scope: Cluster
versions:
- additionalPrinterColumns:
- description: The version the operator is at.
jsonPath: .status.versions[?(@.name=="operator")].version
name: Version
type: string
- description: Whether the operator is running and stable.
jsonPath: .status.conditions[?(@.type=="Available")].status
name: Available
type: string
- description: Whether the operator is processing changes.
jsonPath: .status.conditions[?(@.type=="Progressing")].status
name: Progressing
type: string
- description: Whether the operator is degraded.
jsonPath: .status.conditions[?(@.type=="Degraded")].status
name: Degraded
type: string
- description: The time the operator's Available status last changed.
jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime
name: Since
type: date
name: v1
schema:
openAPIV3Schema:
description: "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds configuration that could apply to any operator.
type: object
status:
description: status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.
type: object
properties:
conditions:
description: conditions describes the state of the operator's managed and monitored components.
type: array
items:
description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
type: object
required:
- lastTransitionTime
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the time of the last update to the current status property.
type: string
format: date-time
message:
description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
reason:
description: reason is the CamelCase reason for the condition's current status.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type specifies the aspect reported by this condition.
type: string
extension:
description: extension contains any additional status information specific to the operator which owns this status object.
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
relatedObjects:
description: 'relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces'
type: array
items:
description: ObjectReference contains enough information to let you inspect or modify the referred object.
type: object
required:
- group
- name
- resource
properties:
group:
description: group of the referent.
type: string
name:
description: name of the referent.
type: string
namespace:
description: namespace of the referent.
type: string
resource:
description: resource of the referent.
type: string
versions:
description: versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
type: array
items:
type: object
required:
- name
- version
properties:
name:
description: name is the name of the particular operand this version is for. It usually matches container images, not operators.
type: string
version:
description: version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0
type: string
served: true
storage: true
subresources:
status: {}

435
vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,435 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/495
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: clusterversions.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ClusterVersion
plural: clusterversions
singular: clusterversion
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.history[?(@.state=="Completed")].version
name: Version
type: string
- jsonPath: .status.conditions[?(@.type=="Available")].status
name: Available
type: string
- jsonPath: .status.conditions[?(@.type=="Progressing")].status
name: Progressing
type: string
- jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime
name: Since
type: date
- jsonPath: .status.conditions[?(@.type=="Progressing")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.
type: object
required:
- clusterID
properties:
capabilities:
description: capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.
type: object
properties:
additionalEnabledCapabilities:
description: additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
x-kubernetes-list-type: atomic
baselineCapabilitySet:
description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.
type: string
enum:
- None
- v4.11
- v4.12
- v4.13
- vCurrent
channel:
description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.
type: string
clusterID:
description: clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.
type: string
desiredUpdate:
description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. \n Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. \n If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed."
type: object
properties:
architecture:
description: architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.
type: string
enum:
- Multi
- ""
force:
description: force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.
type: boolean
image:
description: image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.
type: string
version:
description: version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.
type: string
x-kubernetes-validations:
- rule: 'has(self.architecture) && has(self.image) ? (self.architecture == '''' || self.image == '''') : true'
message: cannot set both Architecture and Image
- rule: 'has(self.architecture) && self.architecture != '''' ? self.version != '''' : true'
message: Version must be set if Architecture is set
overrides:
description: overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.
type: array
items:
description: ComponentOverride allows overriding cluster version operator's behavior for a component.
type: object
required:
- group
- kind
- name
- namespace
- unmanaged
properties:
group:
description: group identifies the API group that the kind is in.
type: string
kind:
description: kind indentifies which object to override.
type: string
name:
description: name is the component's name.
type: string
namespace:
description: namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.
type: string
unmanaged:
description: 'unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false'
type: boolean
upstream:
description: upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.
type: string
status:
description: status contains information about the available updates and any in-progress updates.
type: object
required:
- availableUpdates
- desired
- observedGeneration
- versionHash
properties:
availableUpdates:
description: availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.
type: array
items:
description: Release represents an OpenShift release image and associated metadata.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
nullable: true
capabilities:
description: capabilities describes the state of optional, core cluster components.
type: object
properties:
enabledCapabilities:
description: enabledCapabilities lists all the capabilities that are currently managed.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
x-kubernetes-list-type: atomic
knownCapabilities:
description: knownCapabilities lists all the capabilities known to the current cluster.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
x-kubernetes-list-type: atomic
conditionalUpdates:
description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.
type: array
items:
description: ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.
type: object
required:
- release
- risks
properties:
conditions:
description: 'conditions represents the observations of the conditional update''s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.'
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
release:
description: release is the target of the update.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
risks:
description: risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.
type: array
minItems: 1
items:
description: ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.
type: object
required:
- matchingRules
- message
- name
- url
properties:
matchingRules:
description: matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.
type: array
minItems: 1
items:
description: ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.
type: object
required:
- type
properties:
promql:
description: promQL represents a cluster condition based on PromQL.
type: object
required:
- promql
properties:
promql:
description: PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.
type: string
type:
description: type represents the cluster-condition type. This defines the members and semantics of any additional properties.
type: string
enum:
- Always
- PromQL
x-kubernetes-list-type: atomic
message:
description: message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
minLength: 1
name:
description: name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.
type: string
minLength: 1
url:
description: url contains information about this risk.
type: string
format: uri
minLength: 1
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
x-kubernetes-list-type: atomic
conditions:
description: conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.
type: array
items:
description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
type: object
required:
- lastTransitionTime
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the time of the last update to the current status property.
type: string
format: date-time
message:
description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
reason:
description: reason is the CamelCase reason for the condition's current status.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type specifies the aspect reported by this condition.
type: string
desired:
description: desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
history:
description: history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.
type: array
items:
description: UpdateHistory is a single attempted update to the cluster.
type: object
required:
- completionTime
- image
- startedTime
- state
- verified
properties:
acceptedRisks:
description: acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.
type: string
completionTime:
description: completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).
type: string
format: date-time
nullable: true
image:
description: image is a container image location that contains the update. This value is always populated.
type: string
startedTime:
description: startedTime is the time at which the update was started.
type: string
format: date-time
state:
description: state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).
type: string
verified:
description: verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.
type: boolean
version:
description: version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.
type: string
observedGeneration:
description: observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.
type: integer
format: int64
versionHash:
description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.
type: string
served: true
storage: true
subresources:
status: {}

78
vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,78 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: proxies.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Proxy
listKind: ProxyList
plural: proxies
singular: proxy
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec holds user-settable values for the proxy configuration
type: object
properties:
httpProxy:
description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.
type: string
httpsProxy:
description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.
type: string
noProxy:
description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.
type: string
readinessEndpoints:
description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
type: array
items:
type: string
trustedCA:
description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----"
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
httpProxy:
description: httpProxy is the URL of the proxy for HTTP requests.
type: string
httpsProxy:
description: httpsProxy is the URL of the proxy for HTTPS requests.
type: string
noProxy:
description: noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
type: string
served: true
storage: true
subresources:
status: {}

84
vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,84 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
capability.openshift.io/name: marketplace
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: operatorhubs.config.openshift.io
spec:
group: config.openshift.io
names:
kind: OperatorHub
listKind: OperatorHubList
plural: operatorhubs
singular: operatorhub
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: OperatorHubSpec defines the desired state of OperatorHub
type: object
properties:
disableAllDefaultSources:
description: disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source.
type: boolean
sources:
description: sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block.
type: array
items:
description: HubSource is used to specify the hub source and its configuration
type: object
properties:
disabled:
description: disabled is used to disable a default hub source on cluster
type: boolean
name:
description: name is the name of one of the default hub sources
type: string
maxLength: 253
minLength: 1
status:
description: OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.
type: object
properties:
sources:
description: sources encapsulates the result of applying the configuration for each hub source
type: array
items:
description: HubSourceStatus is used to reflect the current state of applying the configuration to a default source
type: object
properties:
disabled:
description: disabled is used to disable a default hub source on cluster
type: boolean
message:
description: message provides more information regarding failures
type: string
name:
description: name is the name of one of the default hub sources
type: string
maxLength: 253
minLength: 1
status:
description: status indicates success or failure in applying the configuration
type: string
served: true
storage: true
subresources:
status: {}

179
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,179 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: Default
name: apiservers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: APIServer
listKind: APIServerList
plural: apiservers
singular: apiserver
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
additionalCORSAllowedOrigins:
description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.
type: array
items:
type: string
audit:
description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.
type: object
default:
profile: Default
properties:
customRules:
description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.
type: array
items:
description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.
type: object
required:
- group
- profile
properties:
group:
description: group is a name of group a request user must be member of in order to this profile to apply.
type: string
minLength: 1
profile:
description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default."
type: string
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
x-kubernetes-list-map-keys:
- group
x-kubernetes-list-type: map
profile:
description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default."
type: string
default: Default
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
clientCA:
description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
encryption:
description: encryption allows the configuration of encryption of resources at the datastore layer.
type: object
properties:
type:
description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io"
type: string
enum:
- ""
- identity
- aescbc
- aesgcm
servingCerts:
description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
type: object
properties:
namedCertificates:
description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
type: array
items:
description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
type: object
properties:
names:
description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
type: array
items:
type: string
servingCertificate:
description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsSecurityProfile:
description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12."
type: object
properties:
custom:
description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1"
type: object
properties:
ciphers:
description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA"
type: array
items:
type: string
minTLSVersion:
description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12"
type: string
enum:
- VersionTLS10
- VersionTLS11
- VersionTLS12
- VersionTLS13
nullable: true
intermediate:
description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2"
type: object
nullable: true
modern:
description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported."
type: object
nullable: true
old:
description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0"
type: object
nullable: true
type:
description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries."
type: string
enum:
- Old
- Intermediate
- Modern
- Custom
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

179
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,179 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: apiservers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: APIServer
listKind: APIServerList
plural: apiservers
singular: apiserver
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
additionalCORSAllowedOrigins:
description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.
type: array
items:
type: string
audit:
description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.
type: object
default:
profile: Default
properties:
customRules:
description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.
type: array
items:
description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.
type: object
required:
- group
- profile
properties:
group:
description: group is a name of group a request user must be member of in order to this profile to apply.
type: string
minLength: 1
profile:
description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default."
type: string
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
x-kubernetes-list-map-keys:
- group
x-kubernetes-list-type: map
profile:
description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default."
type: string
default: Default
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
clientCA:
description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
encryption:
description: encryption allows the configuration of encryption of resources at the datastore layer.
type: object
properties:
type:
description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io"
type: string
enum:
- ""
- identity
- aescbc
- aesgcm
servingCerts:
description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
type: object
properties:
namedCertificates:
description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
type: array
items:
description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
type: object
properties:
names:
description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
type: array
items:
type: string
servingCertificate:
description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsSecurityProfile:
description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12."
type: object
properties:
custom:
description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1"
type: object
properties:
ciphers:
description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA"
type: array
items:
type: string
minTLSVersion:
description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12"
type: string
enum:
- VersionTLS10
- VersionTLS11
- VersionTLS12
- VersionTLS13
nullable: true
intermediate:
description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2"
type: object
nullable: true
modern:
description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported."
type: object
nullable: true
old:
description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0"
type: object
nullable: true
type:
description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries."
type: string
enum:
- Old
- Intermediate
- Modern
- Custom
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

101
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: authentications.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Authentication
listKind: AuthenticationList
plural: authentications
singular: authentication
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
oauthMetadata:
description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
serviceAccountIssuer:
description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.'
type: string
type:
description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
type: string
webhookTokenAuthenticator:
description: webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.
type: object
required:
- kubeConfig
properties:
kubeConfig:
description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored."
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
webhookTokenAuthenticators:
description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect.
type: array
items:
description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
type: object
properties:
kubeConfig:
description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
integratedOAuthMetadata:
description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
served: true
storage: true
subresources:
status: {}

290
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,290 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: builds.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Build
listKind: BuildList
plural: builds
singular: build
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. \n The canonical name is \"cluster\" \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec holds user-settable values for the build controller configuration
type: object
properties:
additionalTrustedCA:
description: "AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config. \n DEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead."
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
buildDefaults:
description: BuildDefaults controls the default information for Builds
type: object
properties:
defaultProxy:
description: "DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download. \n Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy."
type: object
properties:
httpProxy:
description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.
type: string
httpsProxy:
description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.
type: string
noProxy:
description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.
type: string
readinessEndpoints:
description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
type: array
items:
type: string
trustedCA:
description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----"
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
env:
description: Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build
type: array
items:
description: EnvVar represents an environment variable present in a Container.
type: object
required:
- name
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value. Cannot be used if value is not empty.
type: object
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
type: object
required:
- key
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
fieldRef:
description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.'
type: object
required:
- fieldPath
properties:
apiVersion:
description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified API version.
type: string
x-kubernetes-map-type: atomic
resourceFieldRef:
description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.'
type: object
required:
- resource
properties:
containerName:
description: 'Container name: required for volumes, optional for env vars'
type: string
divisor:
description: Specifies the output format of the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
type: object
required:
- key
properties:
key:
description: The key of the secret to select from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
x-kubernetes-map-type: atomic
gitProxy:
description: "GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. \n Values that are not set here will be inherited from DefaultProxy."
type: object
properties:
httpProxy:
description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.
type: string
httpsProxy:
description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.
type: string
noProxy:
description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.
type: string
readinessEndpoints:
description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
type: array
items:
type: string
trustedCA:
description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----"
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
imageLabels:
description: ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.
type: array
items:
type: object
properties:
name:
description: Name defines the name of the label. It must have non-zero length.
type: string
value:
description: Value defines the literal value of the label.
type: string
resources:
description: Resources defines resource requirements to execute the build.
type: object
properties:
claims:
description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
type: array
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
type: object
required:
- name
properties:
name:
description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
type: string
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
requests:
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
additionalProperties:
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
buildOverrides:
description: BuildOverrides controls override settings for builds
type: object
properties:
forcePull:
description: ForcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself
type: boolean
imageLabels:
description: ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.
type: array
items:
type: object
properties:
name:
description: Name defines the name of the label. It must have non-zero length.
type: string
value:
description: Value defines the literal value of the label.
type: string
nodeSelector:
description: NodeSelector is a selector which must be true for the build pod to fit on a node
type: object
additionalProperties:
type: string
tolerations:
description: Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.
type: array
items:
description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
type: object
properties:
effect:
description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
type: integer
format: int64
value:
description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
served: true
storage: true
subresources:
status: {}

57
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,57 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: consoles.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Console
listKind: ConsoleList
plural: consoles
singular: console
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
authentication:
description: ConsoleAuthentication defines a list of optional configuration for console authentication.
type: object
properties:
logoutRedirect:
description: 'An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user''s token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.'
type: string
pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
consoleURL:
description: The URL for the console. This will be derived from the host for the route that is created for the console.
type: string
served: true
storage: true
subresources:
status: {}

72
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: dnses.config.openshift.io
spec:
group: config.openshift.io
names:
kind: DNS
listKind: DNSList
plural: dnses
singular: dns
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
baseDomain:
description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed."
type: string
privateZone:
description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed."
type: object
properties:
id:
description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
type: string
tags:
description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
type: object
additionalProperties:
type: string
publicZone:
description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed."
type: object
properties:
id:
description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
type: string
tags:
description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
type: object
additionalProperties:
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

153
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,153 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: featuregates.config.openshift.io
spec:
group: config.openshift.io
names:
kind: FeatureGate
listKind: FeatureGateList
plural: featuregates
singular: featuregate
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Feature holds cluster-wide information about feature gates. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
customNoUpgrade:
description: customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field.
type: object
properties:
disabled:
description: disabled is a list of all feature gates that you want to force off
type: array
items:
description: FeatureGateName is a string to enforce patterns on the name of a FeatureGate
type: string
pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
enabled:
description: enabled is a list of all feature gates that you want to force on
type: array
items:
description: FeatureGateName is a string to enforce patterns on the name of a FeatureGate
type: string
pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
nullable: true
featureSet:
description: featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
conditions:
description: 'conditions represent the observations of the current state. Known .status.conditions.type are: "DeterminationDegraded"'
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
featureGates:
description: featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.
type: array
items:
type: object
required:
- version
properties:
disabled:
description: disabled is a list of all feature gates that are disabled in the cluster for the named version.
type: array
items:
type: object
required:
- name
properties:
name:
description: name is the name of the FeatureGate.
type: string
pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
enabled:
description: enabled is a list of all feature gates that are enabled in the cluster for the named version.
type: array
items:
type: object
required:
- name
properties:
name:
description: name is the name of the FeatureGate.
type: string
pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
version:
description: version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.
type: string
x-kubernetes-list-map-keys:
- version
x-kubernetes-list-type: map
served: true
storage: true
subresources:
status: {}

108
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,108 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: images.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Image
listKind: ImageList
plural: images
singular: image
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
additionalTrustedCA:
description: additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
allowedRegistriesForImport:
description: allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.
type: array
items:
description: RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.
type: object
properties:
domainName:
description: domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.
type: string
insecure:
description: insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.
type: boolean
externalRegistryHostnames:
description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format.
type: array
items:
type: string
registrySources:
description: registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.
type: object
properties:
allowedRegistries:
description: "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. \n Only one of BlockedRegistries or AllowedRegistries may be set."
type: array
items:
type: string
blockedRegistries:
description: "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. \n Only one of BlockedRegistries or AllowedRegistries may be set."
type: array
items:
type: string
containerRuntimeSearchRegistries:
description: 'containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.'
type: array
format: hostname
minItems: 1
items:
type: string
x-kubernetes-list-type: set
insecureRegistries:
description: insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
type: array
items:
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
externalRegistryHostnames:
description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format.
type: array
items:
type: string
internalRegistryHostname:
description: internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this setting overrides the environment variable.
type: string
served: true
storage: true
subresources:
status: {}

68
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/874
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: imagecontentpolicies.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ImageContentPolicy
listKind: ImageContentPolicyList
plural: imagecontentpolicies
singular: imagecontentpolicy
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
repositoryDigestMirrors:
description: "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\". \n Each “source” repository is treated independently; configurations for different “source” repositories dont interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified."
type: array
items:
description: RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type: object
required:
- source
properties:
allowMirrorByTags:
description: allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.
type: boolean
mirrors:
description: mirrors is zero or more repositories that may also contain the same images. If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.
type: array
items:
type: string
pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$
x-kubernetes-list-type: set
source:
description: source is the repository that users refer to, e.g. in image pull specifications.
type: string
pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$
x-kubernetes-list-map-keys:
- source
x-kubernetes-list-type: map
served: true
storage: true
subresources:
status: {}

74
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/1126
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: imagedigestmirrorsets.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ImageDigestMirrorSet
listKind: ImageDigestMirrorSetList
plural: imagedigestmirrorsets
shortNames:
- idms
singular: imagedigestmirrorset
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
imageDigestMirrors:
description: "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD. \n If the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories dont interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order."
type: array
items:
description: ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type: object
required:
- source
properties:
mirrorSourcePolicy:
description: mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
type: string
enum:
- NeverContactSource
- AllowContactingSource
mirrors:
description: 'mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user''s desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table'
type: array
items:
type: string
pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
x-kubernetes-list-type: set
source:
description: 'source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table'
type: string
pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
x-kubernetes-list-type: atomic
status:
description: status contains the observed state of the resource.
type: object
served: true
storage: true
subresources:
status: {}

74
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/1126
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: imagetagmirrorsets.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ImageTagMirrorSet
listKind: ImageTagMirrorSetList
plural: imagetagmirrorsets
shortNames:
- itms
singular: imagetagmirrorset
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
imageTagMirrors:
description: "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD. \n If the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories dont interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order."
type: array
items:
description: ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type: object
required:
- source
properties:
mirrorSourcePolicy:
description: mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
type: string
enum:
- NeverContactSource
- AllowContactingSource
mirrors:
description: 'mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user''s desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table'
type: array
items:
type: string
pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
x-kubernetes-list-type: set
source:
description: 'source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table'
type: string
pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
x-kubernetes-list-type: atomic
status:
description: status contains the observed state of the resource.
type: object
served: true
storage: true
subresources:
status: {}

834
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,834 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: Default
name: infrastructures.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Infrastructure
listKind: InfrastructureList
plural: infrastructures
singular: infrastructure
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
properties:
cloudConfig:
description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only."
properties:
key:
description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.
type: string
name:
type: string
type: object
platformSpec:
description: platformSpec holds desired information specific to the underlying infrastructure provider.
properties:
alibabaCloud:
description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.
type: object
aws:
description: AWS contains settings specific to the Amazon Web Services infrastructure provider.
properties:
serviceEndpoints:
description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
items:
description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
properties:
name:
description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
pattern: ^https://
type: string
type: object
type: array
type: object
azure:
description: Azure contains settings specific to the Azure infrastructure provider.
type: object
baremetal:
description: BareMetal contains settings specific to the BareMetal platform.
type: object
equinixMetal:
description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.
type: object
external:
description: ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.
properties:
platformName:
default: Unknown
description: PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.
type: string
x-kubernetes-validations:
- message: platform name cannot be changed once set
rule: oldSelf == 'Unknown' || self == oldSelf
type: object
gcp:
description: GCP contains settings specific to the Google Cloud Platform infrastructure provider.
type: object
ibmcloud:
description: IBMCloud contains settings specific to the IBMCloud infrastructure provider.
type: object
kubevirt:
description: Kubevirt contains settings specific to the kubevirt infrastructure provider.
type: object
nutanix:
description: Nutanix contains settings specific to the Nutanix infrastructure provider.
properties:
prismCentral:
description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
properties:
address:
description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)
maxLength: 256
type: string
port:
description: port is the port number to access the Nutanix Prism Central or Element (cluster)
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- address
- port
type: object
prismElements:
description: prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.
items:
description: NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)
properties:
endpoint:
description: endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
properties:
address:
description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)
maxLength: 256
type: string
port:
description: port is the port number to access the Nutanix Prism Central or Element (cluster)
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- address
- port
type: object
name:
description: name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).
maxLength: 256
type: string
required:
- endpoint
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
required:
- prismCentral
- prismElements
type: object
openstack:
description: OpenStack contains settings specific to the OpenStack infrastructure provider.
type: object
ovirt:
description: Ovirt contains settings specific to the oVirt infrastructure provider.
type: object
powervs:
description: PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.
properties:
serviceEndpoints:
description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
items:
description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
properties:
name:
description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
format: uri
pattern: ^https://
type: string
required:
- name
- url
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
type:
description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
vsphere:
description: VSphere contains settings specific to the VSphere infrastructure provider.
properties:
failureDomains:
description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.
items:
description: VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.
properties:
name:
description: name defines the arbitrary but unique name of a failure domain.
maxLength: 256
minLength: 1
type: string
region:
description: region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.
maxLength: 80
minLength: 1
type: string
server:
anyOf:
- format: ipv4
- format: ipv6
- format: hostname
description: server is the fully-qualified domain name or the IP address of the vCenter server. ---
maxLength: 255
minLength: 1
type: string
topology:
description: Topology describes a given failure domain using vSphere constructs
properties:
computeCluster:
description: computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form /<datacenter>/host/<cluster>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/host/.*?
type: string
datacenter:
description: datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.
maxLength: 80
type: string
datastore:
description: datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form /<datacenter>/datastore/<datastore> The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/datastore/.*?
type: string
folder:
description: folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form /<datacenter>/vm/<folder>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/vm/.*?
type: string
networks:
description: networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form /<datacenter>/network/<portgroup>.
items:
type: string
maxItems: 1
minItems: 1
type: array
resourcePool:
description: resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form /<datacenter>/host/<cluster>/Resources/<resourcepool>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/host/.*?/Resources.*
type: string
required:
- computeCluster
- datacenter
- datastore
- networks
type: object
zone:
description: zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.
maxLength: 80
minLength: 1
type: string
required:
- name
- region
- server
- topology
- zone
type: object
type: array
nodeNetworking:
description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.
properties:
external:
description: external represents the network configuration of the node that is externally routable.
properties:
excludeNetworkSubnetCidr:
description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. ---
items:
format: cidr
type: string
type: array
network:
description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`
type: string
networkSubnetCidr:
description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. ---
items:
format: cidr
type: string
type: array
type: object
internal:
description: internal represents the network configuration of the node that is routable only within the cluster.
properties:
excludeNetworkSubnetCidr:
description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. ---
items:
format: cidr
type: string
type: array
network:
description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`
type: string
networkSubnetCidr:
description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. ---
items:
format: cidr
type: string
type: array
type: object
type: object
vcenters:
description: vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. ---
items:
description: VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.
properties:
datacenters:
description: The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.
items:
type: string
minItems: 1
type: array
port:
description: port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.
format: int32
maximum: 32767
minimum: 1
type: integer
server:
anyOf:
- format: ipv4
- format: ipv6
- format: hostname
description: server is the fully-qualified domain name or the IP address of the vCenter server. ---
maxLength: 255
type: string
required:
- datacenters
- server
type: object
maxItems: 1
minItems: 0
type: array
type: object
type: object
type: object
status:
description: status holds observed values from the cluster. They may not be overridden.
properties:
apiServerInternalURI:
description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.
type: string
apiServerURL:
description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.
type: string
controlPlaneTopology:
default: HighlyAvailable
description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.
enum:
- HighlyAvailable
- SingleReplica
- External
type: string
etcdDiscoveryDomain:
description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.'
type: string
infrastructureName:
description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.
type: string
infrastructureTopology:
default: HighlyAvailable
description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.'
enum:
- HighlyAvailable
- SingleReplica
type: string
platform:
description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead."
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
platformStatus:
description: platformStatus holds status information specific to the underlying infrastructure provider.
properties:
alibabaCloud:
description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.
properties:
region:
description: region specifies the region for Alibaba Cloud resources created for the cluster.
pattern: ^[0-9A-Za-z-]+$
type: string
resourceGroupID:
description: resourceGroupID is the ID of the resource group for the cluster.
pattern: ^(rg-[0-9A-Za-z]+)?$
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.
items:
description: AlibabaCloudResourceTag is the set of tags to add to apply to resources.
properties:
key:
description: key is the key of the tag.
maxLength: 128
minLength: 1
type: string
value:
description: value is the value of the tag.
maxLength: 128
minLength: 1
type: string
required:
- key
- value
type: object
maxItems: 20
type: array
x-kubernetes-list-map-keys:
- key
x-kubernetes-list-type: map
required:
- region
type: object
aws:
description: AWS contains settings specific to the Amazon Web Services infrastructure provider.
properties:
region:
description: region holds the default AWS region for new AWS resources created by the cluster.
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.
items:
description: AWSResourceTag is a tag to apply to AWS resources created for the cluster.
properties:
key:
description: key is the key of the tag
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
value:
description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
required:
- key
- value
type: object
maxItems: 25
type: array
serviceEndpoints:
description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
items:
description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
properties:
name:
description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
pattern: ^https://
type: string
type: object
type: array
type: object
azure:
description: Azure contains settings specific to the Azure infrastructure provider.
properties:
armEndpoint:
description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.
type: string
cloudName:
description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.
enum:
- ""
- AzurePublicCloud
- AzureUSGovernmentCloud
- AzureChinaCloud
- AzureGermanCloud
- AzureStackCloud
type: string
networkResourceGroupName:
description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.
type: string
resourceGroupName:
description: resourceGroupName is the Resource Group for new Azure resources created for the cluster.
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
items:
description: AzureResourceTag is a tag to apply to Azure resources created for the cluster.
properties:
key:
description: key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$
type: string
value:
description: 'value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.'
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.=+-@]+$
type: string
required:
- key
- value
type: object
maxItems: 10
type: array
x-kubernetes-validations:
- message: resourceTags are immutable and may only be configured during installation
rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
type: object
x-kubernetes-validations:
- message: resourceTags may only be configured during installation
rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)'
baremetal:
description: BareMetal contains settings specific to the BareMetal platform.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
equinixMetal:
description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.
properties:
apiServerInternalIP:
description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.
type: string
ingressIP:
description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
type: string
type: object
external:
description: External contains settings specific to the generic External infrastructure provider.
type: object
gcp:
description: GCP contains settings specific to the Google Cloud Platform infrastructure provider.
properties:
projectID:
description: resourceGroupName is the Project ID for new GCP resources created for the cluster.
type: string
region:
description: region holds the region for new GCP resources created for the cluster.
type: string
type: object
ibmcloud:
description: IBMCloud contains settings specific to the IBMCloud infrastructure provider.
properties:
cisInstanceCRN:
description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain
type: string
dnsInstanceCRN:
description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain
type: string
location:
description: Location is where the cluster has been deployed
type: string
providerType:
description: ProviderType indicates the type of cluster that was created
type: string
resourceGroupName:
description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.
type: string
type: object
kubevirt:
description: Kubevirt contains settings specific to the kubevirt infrastructure provider.
properties:
apiServerInternalIP:
description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.
type: string
ingressIP:
description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
type: string
type: object
nutanix:
description: Nutanix contains settings specific to the Nutanix infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
type: object
openstack:
description: OpenStack contains settings specific to the OpenStack infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
cloudName:
description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).
type: string
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
loadBalancer:
default:
type: OpenShiftManagedDefault
description: loadBalancer defines how the load balancer used by the cluster is configured.
properties:
type:
default: OpenShiftManagedDefault
description: type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
enum:
- OpenShiftManagedDefault
- UserManaged
type: string
x-kubernetes-validations:
- message: type is immutable once set
rule: oldSelf == '' || self == oldSelf
type: object
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
ovirt:
description: Ovirt contains settings specific to the oVirt infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
nodeDNSIP:
description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.'
type: string
type: object
powervs:
description: PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider.
properties:
cisInstanceCRN:
description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain
type: string
dnsInstanceCRN:
description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain
type: string
region:
description: region holds the default Power VS region for new Power VS resources created by the cluster.
type: string
resourceGroup:
description: 'resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won''t be able to configure storage, which results in the image registry cluster operator not being in an available state.'
maxLength: 40
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
x-kubernetes-validations:
- message: resourceGroup is immutable once set
rule: oldSelf == '' || self == oldSelf
serviceEndpoints:
description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
items:
description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
properties:
name:
description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
format: uri
pattern: ^https://
type: string
required:
- name
- url
type: object
type: array
zone:
description: 'zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported'
type: string
type: object
x-kubernetes-validations:
- message: cannot unset resourceGroup once set
rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)'
type:
description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set."
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
vsphere:
description: VSphere contains settings specific to the VSphere infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

24
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml-patch generated vendored Normal file
View File

@@ -0,0 +1,24 @@
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format
value: cidr

905
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,905 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: infrastructures.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Infrastructure
listKind: InfrastructureList
plural: infrastructures
singular: infrastructure
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
properties:
cloudConfig:
description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only."
properties:
key:
description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.
type: string
name:
type: string
type: object
platformSpec:
description: platformSpec holds desired information specific to the underlying infrastructure provider.
properties:
alibabaCloud:
description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.
type: object
aws:
description: AWS contains settings specific to the Amazon Web Services infrastructure provider.
properties:
serviceEndpoints:
description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
items:
description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
properties:
name:
description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
pattern: ^https://
type: string
type: object
type: array
type: object
azure:
description: Azure contains settings specific to the Azure infrastructure provider.
type: object
baremetal:
description: BareMetal contains settings specific to the BareMetal platform.
type: object
equinixMetal:
description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.
type: object
external:
description: ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.
properties:
platformName:
default: Unknown
description: PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.
type: string
x-kubernetes-validations:
- message: platform name cannot be changed once set
rule: oldSelf == 'Unknown' || self == oldSelf
type: object
gcp:
description: GCP contains settings specific to the Google Cloud Platform infrastructure provider.
type: object
ibmcloud:
description: IBMCloud contains settings specific to the IBMCloud infrastructure provider.
type: object
kubevirt:
description: Kubevirt contains settings specific to the kubevirt infrastructure provider.
type: object
nutanix:
description: Nutanix contains settings specific to the Nutanix infrastructure provider.
properties:
prismCentral:
description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
properties:
address:
description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)
maxLength: 256
type: string
port:
description: port is the port number to access the Nutanix Prism Central or Element (cluster)
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- address
- port
type: object
prismElements:
description: prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.
items:
description: NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)
properties:
endpoint:
description: endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
properties:
address:
description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)
maxLength: 256
type: string
port:
description: port is the port number to access the Nutanix Prism Central or Element (cluster)
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- address
- port
type: object
name:
description: name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).
maxLength: 256
type: string
required:
- endpoint
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
required:
- prismCentral
- prismElements
type: object
openstack:
description: OpenStack contains settings specific to the OpenStack infrastructure provider.
type: object
ovirt:
description: Ovirt contains settings specific to the oVirt infrastructure provider.
type: object
powervs:
description: PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.
properties:
serviceEndpoints:
description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
items:
description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
properties:
name:
description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
format: uri
pattern: ^https://
type: string
required:
- name
- url
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
type:
description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
vsphere:
description: VSphere contains settings specific to the VSphere infrastructure provider.
properties:
failureDomains:
description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.
items:
description: VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.
properties:
name:
description: name defines the arbitrary but unique name of a failure domain.
maxLength: 256
minLength: 1
type: string
region:
description: region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.
maxLength: 80
minLength: 1
type: string
server:
anyOf:
- format: ipv4
- format: ipv6
- format: hostname
description: server is the fully-qualified domain name or the IP address of the vCenter server. ---
maxLength: 255
minLength: 1
type: string
topology:
description: Topology describes a given failure domain using vSphere constructs
properties:
computeCluster:
description: computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form /<datacenter>/host/<cluster>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/host/.*?
type: string
datacenter:
description: datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.
maxLength: 80
type: string
datastore:
description: datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form /<datacenter>/datastore/<datastore> The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/datastore/.*?
type: string
folder:
description: folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form /<datacenter>/vm/<folder>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/vm/.*?
type: string
networks:
description: networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form /<datacenter>/network/<portgroup>.
items:
type: string
maxItems: 1
minItems: 1
type: array
resourcePool:
description: resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form /<datacenter>/host/<cluster>/Resources/<resourcepool>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/host/.*?/Resources.*
type: string
required:
- computeCluster
- datacenter
- datastore
- networks
type: object
zone:
description: zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.
maxLength: 80
minLength: 1
type: string
required:
- name
- region
- server
- topology
- zone
type: object
type: array
nodeNetworking:
description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.
properties:
external:
description: external represents the network configuration of the node that is externally routable.
properties:
excludeNetworkSubnetCidr:
description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. ---
items:
format: cidr
type: string
type: array
network:
description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`
type: string
networkSubnetCidr:
description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. ---
items:
format: cidr
type: string
type: array
type: object
internal:
description: internal represents the network configuration of the node that is routable only within the cluster.
properties:
excludeNetworkSubnetCidr:
description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. ---
items:
format: cidr
type: string
type: array
network:
description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`
type: string
networkSubnetCidr:
description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. ---
items:
format: cidr
type: string
type: array
type: object
type: object
vcenters:
description: vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. ---
items:
description: VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.
properties:
datacenters:
description: The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.
items:
type: string
minItems: 1
type: array
port:
description: port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.
format: int32
maximum: 32767
minimum: 1
type: integer
server:
anyOf:
- format: ipv4
- format: ipv6
- format: hostname
description: server is the fully-qualified domain name or the IP address of the vCenter server. ---
maxLength: 255
type: string
required:
- datacenters
- server
type: object
maxItems: 1
minItems: 0
type: array
type: object
type: object
type: object
status:
description: status holds observed values from the cluster. They may not be overridden.
properties:
apiServerInternalURI:
description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.
type: string
apiServerURL:
description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.
type: string
controlPlaneTopology:
default: HighlyAvailable
description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.
enum:
- HighlyAvailable
- SingleReplica
- External
type: string
cpuPartitioning:
default: None
description: cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.
enum:
- None
- AllNodes
type: string
etcdDiscoveryDomain:
description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.'
type: string
infrastructureName:
description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.
type: string
infrastructureTopology:
default: HighlyAvailable
description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.'
enum:
- HighlyAvailable
- SingleReplica
type: string
platform:
description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead."
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
platformStatus:
description: platformStatus holds status information specific to the underlying infrastructure provider.
properties:
alibabaCloud:
description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.
properties:
region:
description: region specifies the region for Alibaba Cloud resources created for the cluster.
pattern: ^[0-9A-Za-z-]+$
type: string
resourceGroupID:
description: resourceGroupID is the ID of the resource group for the cluster.
pattern: ^(rg-[0-9A-Za-z]+)?$
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.
items:
description: AlibabaCloudResourceTag is the set of tags to add to apply to resources.
properties:
key:
description: key is the key of the tag.
maxLength: 128
minLength: 1
type: string
value:
description: value is the value of the tag.
maxLength: 128
minLength: 1
type: string
required:
- key
- value
type: object
maxItems: 20
type: array
x-kubernetes-list-map-keys:
- key
x-kubernetes-list-type: map
required:
- region
type: object
aws:
description: AWS contains settings specific to the Amazon Web Services infrastructure provider.
properties:
region:
description: region holds the default AWS region for new AWS resources created by the cluster.
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.
items:
description: AWSResourceTag is a tag to apply to AWS resources created for the cluster.
properties:
key:
description: key is the key of the tag
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
value:
description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
required:
- key
- value
type: object
maxItems: 25
type: array
serviceEndpoints:
description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
items:
description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
properties:
name:
description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
pattern: ^https://
type: string
type: object
type: array
type: object
azure:
description: Azure contains settings specific to the Azure infrastructure provider.
properties:
armEndpoint:
description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.
type: string
cloudName:
description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.
enum:
- ""
- AzurePublicCloud
- AzureUSGovernmentCloud
- AzureChinaCloud
- AzureGermanCloud
- AzureStackCloud
type: string
networkResourceGroupName:
description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.
type: string
resourceGroupName:
description: resourceGroupName is the Resource Group for new Azure resources created for the cluster.
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
items:
description: AzureResourceTag is a tag to apply to Azure resources created for the cluster.
properties:
key:
description: key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$
type: string
value:
description: 'value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.'
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.=+-@]+$
type: string
required:
- key
- value
type: object
maxItems: 10
type: array
x-kubernetes-validations:
- message: resourceTags are immutable and may only be configured during installation
rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
type: object
x-kubernetes-validations:
- message: resourceTags may only be configured during installation
rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)'
baremetal:
description: BareMetal contains settings specific to the BareMetal platform.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
loadBalancer:
default:
type: OpenShiftManagedDefault
description: loadBalancer defines how the load balancer used by the cluster is configured.
properties:
type:
default: OpenShiftManagedDefault
description: type defines the type of load balancer used by the cluster on BareMetal platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
enum:
- OpenShiftManagedDefault
- UserManaged
type: string
x-kubernetes-validations:
- message: type is immutable once set
rule: oldSelf == '' || self == oldSelf
type: object
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
equinixMetal:
description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.
properties:
apiServerInternalIP:
description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.
type: string
ingressIP:
description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
type: string
type: object
external:
description: External contains settings specific to the generic External infrastructure provider.
type: object
gcp:
description: GCP contains settings specific to the Google Cloud Platform infrastructure provider.
properties:
projectID:
description: resourceGroupName is the Project ID for new GCP resources created for the cluster.
type: string
region:
description: region holds the region for new GCP resources created for the cluster.
type: string
type: object
ibmcloud:
description: IBMCloud contains settings specific to the IBMCloud infrastructure provider.
properties:
cisInstanceCRN:
description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain
type: string
dnsInstanceCRN:
description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain
type: string
location:
description: Location is where the cluster has been deployed
type: string
providerType:
description: ProviderType indicates the type of cluster that was created
type: string
resourceGroupName:
description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.
type: string
type: object
kubevirt:
description: Kubevirt contains settings specific to the kubevirt infrastructure provider.
properties:
apiServerInternalIP:
description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.
type: string
ingressIP:
description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
type: string
type: object
nutanix:
description: Nutanix contains settings specific to the Nutanix infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
loadBalancer:
default:
type: OpenShiftManagedDefault
description: loadBalancer defines how the load balancer used by the cluster is configured.
properties:
type:
default: OpenShiftManagedDefault
description: type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
enum:
- OpenShiftManagedDefault
- UserManaged
type: string
x-kubernetes-validations:
- message: type is immutable once set
rule: oldSelf == '' || self == oldSelf
type: object
type: object
openstack:
description: OpenStack contains settings specific to the OpenStack infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
cloudName:
description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).
type: string
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
loadBalancer:
default:
type: OpenShiftManagedDefault
description: loadBalancer defines how the load balancer used by the cluster is configured.
properties:
type:
default: OpenShiftManagedDefault
description: type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
enum:
- OpenShiftManagedDefault
- UserManaged
type: string
x-kubernetes-validations:
- message: type is immutable once set
rule: oldSelf == '' || self == oldSelf
type: object
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
ovirt:
description: Ovirt contains settings specific to the oVirt infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
loadBalancer:
default:
type: OpenShiftManagedDefault
description: loadBalancer defines how the load balancer used by the cluster is configured.
properties:
type:
default: OpenShiftManagedDefault
description: type defines the type of load balancer used by the cluster on Ovirt platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
enum:
- OpenShiftManagedDefault
- UserManaged
type: string
x-kubernetes-validations:
- message: type is immutable once set
rule: oldSelf == '' || self == oldSelf
type: object
nodeDNSIP:
description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.'
type: string
type: object
powervs:
description: PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider.
properties:
cisInstanceCRN:
description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain
type: string
dnsInstanceCRN:
description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain
type: string
region:
description: region holds the default Power VS region for new Power VS resources created by the cluster.
type: string
resourceGroup:
description: 'resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won''t be able to configure storage, which results in the image registry cluster operator not being in an available state.'
maxLength: 40
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
x-kubernetes-validations:
- message: resourceGroup is immutable once set
rule: oldSelf == '' || self == oldSelf
serviceEndpoints:
description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
items:
description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
properties:
name:
description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
format: uri
pattern: ^https://
type: string
required:
- name
- url
type: object
type: array
zone:
description: 'zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported'
type: string
type: object
x-kubernetes-validations:
- message: cannot unset resourceGroup once set
rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)'
type:
description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set."
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
vsphere:
description: VSphere contains settings specific to the VSphere infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
loadBalancer:
default:
type: OpenShiftManagedDefault
description: loadBalancer defines how the load balancer used by the cluster is configured.
properties:
type:
default: OpenShiftManagedDefault
description: type defines the type of load balancer used by the cluster on VSphere platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
enum:
- OpenShiftManagedDefault
- UserManaged
type: string
x-kubernetes-validations:
- message: type is immutable once set
rule: oldSelf == '' || self == oldSelf
type: object
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

24
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch generated vendored Normal file
View File

@@ -0,0 +1,24 @@
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format
value: cidr

334
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,334 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: ingresses.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Ingress
listKind: IngressList
plural: ingresses
singular: ingress
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
appsDomain:
description: appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.
type: string
componentRoutes:
description: "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. \n To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes."
type: array
items:
description: ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.
type: object
required:
- hostname
- name
- namespace
properties:
hostname:
description: hostname is the hostname that should be used by the route.
type: string
pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$
name:
description: "name is the logical name of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized."
type: string
maxLength: 256
minLength: 1
namespace:
description: "namespace is the namespace of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized."
type: string
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
servingCertKeyPairSecret:
description: servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
x-kubernetes-list-map-keys:
- namespace
- name
x-kubernetes-list-type: map
domain:
description: "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"<route-name>.<route-namespace>.<domain>\". \n It is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.<domain>\". \n Once set, changing domain is not currently supported."
type: string
loadBalancer:
description: loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.
type: object
properties:
platform:
description: platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
type: object
properties:
aws:
description: aws contains settings specific to the Amazon Web Services infrastructure provider.
type: object
required:
- type
properties:
type:
description: "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are: \n * \"Classic\": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb \n * \"NLB\": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb"
type: string
enum:
- NLB
- Classic
type:
description: type is the underlying infrastructure provider for the cluster. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.
type: string
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
requiredHSTSPolicies:
description: "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. \n A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains \n - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. \n The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. \n Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid."
type: array
items:
type: object
required:
- domainPatterns
properties:
domainPatterns:
description: "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. \n The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*."
type: array
minItems: 1
items:
type: string
includeSubDomainsPolicy:
description: 'includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host''s domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com'
type: string
enum:
- RequireIncludeSubDomains
- RequireNoIncludeSubDomains
- NoOpinion
maxAge:
description: maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.
type: object
properties:
largestMaxAge:
description: The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.
type: integer
format: int32
maximum: 2147483647
minimum: 0
smallestMaxAge:
description: The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.
type: integer
format: int32
maximum: 2147483647
minimum: 0
namespaceSelector:
description: namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.
type: object
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
type: array
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
type: object
required:
- key
- operator
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
additionalProperties:
type: string
x-kubernetes-map-type: atomic
preloadPolicy:
description: preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).
type: string
enum:
- RequirePreload
- RequireNoPreload
- NoOpinion
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
componentRoutes:
description: componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.
type: array
items:
description: ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.
type: object
required:
- defaultHostname
- name
- namespace
- relatedObjects
properties:
conditions:
description: "conditions are used to communicate the state of the componentRoutes entry. \n Supported conditions include Available, Degraded and Progressing. \n If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. \n If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. \n If Progressing is true, that means the component is taking some action related to the componentRoutes entry."
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
consumingUsers:
description: consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.
type: array
maxItems: 5
items:
description: ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported.
type: string
maxLength: 512
minLength: 1
pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
currentHostnames:
description: currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.
type: array
minItems: 1
items:
description: "Hostname is an alias for hostname string validation. \n The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. ^([a-zA-Z0-9\\p{S}\\p{L}]((-?[a-zA-Z0-9\\p{S}\\p{L}]{0,62})?)|([a-zA-Z0-9\\p{S}\\p{L}](([a-zA-Z0-9-\\p{S}\\p{L}]{0,61}[a-zA-Z0-9\\p{S}\\p{L}])?)(\\.)){1,}([a-zA-Z\\p{L}]){2,63})$ \n The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, except that it allows hostnames longer than the maximum length: ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ \n Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname was saved via validation by the incorrect left operand of the | operator."
type: string
pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$
defaultHostname:
description: defaultHostname is the hostname of this route prior to customization.
type: string
pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$
name:
description: "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized."
type: string
maxLength: 256
minLength: 1
namespace:
description: "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized."
type: string
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
relatedObjects:
description: relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.
type: array
minItems: 1
items:
description: ObjectReference contains enough information to let you inspect or modify the referred object.
type: object
required:
- group
- name
- resource
properties:
group:
description: group of the referent.
type: string
name:
description: name of the referent.
type: string
namespace:
description: namespace of the referent.
type: string
resource:
description: resource of the referent.
type: string
x-kubernetes-list-map-keys:
- namespace
- name
x-kubernetes-list-type: map
defaultPlacement:
description: "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes. \n This field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments. \n See the documentation for the IngressController replicas and nodePlacement fields for more information. \n When omitted, the default value is Workers"
type: string
enum:
- ControlPlane
- Workers
- ""
served: true
storage: true
subresources:
status: {}

163
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,163 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: networks.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Network
listKind: NetworkList
plural: networks
singular: network
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
type: object
properties:
clusterNetwork:
description: IP address pool to use for pod IPs. This field is immutable after installation.
type: array
items:
description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
type: object
properties:
cidr:
description: The complete block for pod IPs.
type: string
hostPrefix:
description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
type: integer
format: int32
minimum: 0
externalIP:
description: externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.
type: object
properties:
autoAssignCIDRs:
description: autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.
type: array
items:
type: string
policy:
description: policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.
type: object
properties:
allowedCIDRs:
description: allowedCIDRs is the list of allowed CIDRs.
type: array
items:
type: string
rejectedCIDRs:
description: rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.
type: array
items:
type: string
networkType:
description: 'NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.'
type: string
serviceNetwork:
description: IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.
type: array
items:
type: string
serviceNodePortRange:
description: The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.
type: string
pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
clusterNetwork:
description: IP address pool to use for pod IPs.
type: array
items:
description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
type: object
properties:
cidr:
description: The complete block for pod IPs.
type: string
hostPrefix:
description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
type: integer
format: int32
minimum: 0
clusterNetworkMTU:
description: ClusterNetworkMTU is the MTU for inter-pod networking.
type: integer
migration:
description: Migration contains the cluster network migration configuration.
type: object
properties:
mtu:
description: MTU contains the MTU migration configuration.
type: object
properties:
machine:
description: Machine contains MTU migration configuration for the machine's uplink.
type: object
properties:
from:
description: From is the MTU to migrate from.
type: integer
format: int32
minimum: 0
to:
description: To is the MTU to migrate to.
type: integer
format: int32
minimum: 0
network:
description: Network contains MTU migration configuration for the default network.
type: object
properties:
from:
description: From is the MTU to migrate from.
type: integer
format: int32
minimum: 0
to:
description: To is the MTU to migrate to.
type: integer
format: int32
minimum: 0
networkType:
description: 'NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes'
type: string
enum:
- OpenShiftSDN
- OVNKubernetes
networkType:
description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
type: string
serviceNetwork:
description: IP address pool for services. Currently, we only support a single entry here.
type: array
items:
type: string
served: true
storage: true

59
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/1107
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: nodes.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Node
listKind: NodeList
plural: nodes
singular: node
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Node holds cluster-wide information about node specific features. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
cgroupMode:
description: CgroupMode determines the cgroups version on the node
type: string
enum:
- v1
- v2
- ""
workerLatencyProfile:
description: WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster
type: string
enum:
- Default
- MediumUpdateAverageReaction
- LowUpdateSlowReaction
status:
description: status holds observed values.
type: object
served: true
storage: true
subresources:
status: {}

444
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,444 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: oauths.config.openshift.io
spec:
group: config.openshift.io
names:
kind: OAuth
listKind: OAuthList
plural: oauths
singular: oauth
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
identityProviders:
description: identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.
type: array
items:
description: IdentityProvider provides identities for users authenticating using credentials
type: object
properties:
basicAuth:
description: basicAuth contains configuration options for the BasicAuth IdP
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
tlsClientCert:
description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsClientKey:
description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
url:
description: url is the remote URL to connect to
type: string
github:
description: github enables user authentication using GitHub credentials
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
clientID:
description: clientID is the oauth client ID
type: string
clientSecret:
description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
hostname:
description: hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.
type: string
organizations:
description: organizations optionally restricts which organizations are allowed to log in
type: array
items:
type: string
teams:
description: teams optionally restricts which teams are allowed to log in. Format is <org>/<team>.
type: array
items:
type: string
gitlab:
description: gitlab enables user authentication using GitLab credentials
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
clientID:
description: clientID is the oauth client ID
type: string
clientSecret:
description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
url:
description: url is the oauth server base URL
type: string
google:
description: google enables user authentication using Google credentials
type: object
properties:
clientID:
description: clientID is the oauth client ID
type: string
clientSecret:
description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
hostedDomain:
description: hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to
type: string
htpasswd:
description: htpasswd enables user authentication using an HTPasswd file to validate credentials
type: object
properties:
fileData:
description: fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key "htpasswd" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
keystone:
description: keystone enables user authentication using keystone password credentials
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
domainName:
description: domainName is required for keystone v3
type: string
tlsClientCert:
description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsClientKey:
description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
url:
description: url is the remote URL to connect to
type: string
ldap:
description: ldap enables user authentication using LDAP credentials
type: object
properties:
attributes:
description: attributes maps LDAP attributes to identities
type: object
properties:
email:
description: email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity
type: array
items:
type: string
id:
description: id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is "dn"
type: array
items:
type: string
name:
description: name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is "cn"
type: array
items:
type: string
preferredUsername:
description: preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is "uid"
type: array
items:
type: string
bindDN:
description: bindDN is an optional DN to bind with during the search phase.
type: string
bindPassword:
description: bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key "bindPassword" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
insecure:
description: 'insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always attempt to connect using TLS, even when `insecure` is set to `true` When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.'
type: boolean
url:
description: 'url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter'
type: string
mappingMethod:
description: mappingMethod determines how identities from this provider are mapped to users Defaults to "claim"
type: string
name:
description: 'name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName'
type: string
openID:
description: openID enables user authentication using OpenID credentials
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
claims:
description: claims mappings
type: object
properties:
email:
description: email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity
type: array
items:
type: string
x-kubernetes-list-type: atomic
groups:
description: groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.
type: array
items:
description: OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo responses
type: string
minLength: 1
x-kubernetes-list-type: atomic
name:
description: name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity
type: array
items:
type: string
x-kubernetes-list-type: atomic
preferredUsername:
description: preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim
type: array
items:
type: string
x-kubernetes-list-type: atomic
clientID:
description: clientID is the oauth client ID
type: string
clientSecret:
description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
extraAuthorizeParameters:
description: extraAuthorizeParameters are any custom parameters to add to the authorize request.
type: object
additionalProperties:
type: string
extraScopes:
description: extraScopes are any scopes to request in addition to the standard "openid" scope.
type: array
items:
type: string
issuer:
description: issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.
type: string
requestHeader:
description: requestHeader enables user authentication using request header credentials
type: object
properties:
ca:
description: ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key "ca.crt" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
challengeURL:
description: challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when challenge is set to true.
type: string
clientCommonNames:
description: clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.
type: array
items:
type: string
emailHeaders:
description: emailHeaders is the set of headers to check for the email address
type: array
items:
type: string
headers:
description: headers is the set of headers to check for identity information
type: array
items:
type: string
loginURL:
description: loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when login is set to true.
type: string
nameHeaders:
description: nameHeaders is the set of headers to check for the display name
type: array
items:
type: string
preferredUsernameHeaders:
description: preferredUsernameHeaders is the set of headers to check for the preferred username
type: array
items:
type: string
type:
description: type identifies the identity provider type for this entry.
type: string
x-kubernetes-list-type: atomic
templates:
description: templates allow you to customize pages like the login page.
type: object
properties:
error:
description: error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key "errors.html" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
login:
description: login is the name of a secret that specifies a go template to use to render the login page. The key "login.html" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
providerSelection:
description: providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key "providers.html" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tokenConfig:
description: tokenConfig contains options for authorization and access tokens
type: object
properties:
accessTokenInactivityTimeout:
description: "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime. \n WARNING: existing tokens' timeout will not be affected (lowered) by changing this value"
type: string
accessTokenInactivityTimeoutSeconds:
description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.'
type: integer
format: int32
accessTokenMaxAgeSeconds:
description: accessTokenMaxAgeSeconds defines the maximum age of access tokens
type: integer
format: int32
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

55
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,55 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: projects.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Project
listKind: ProjectList
plural: projects
singular: project
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Project holds cluster-wide information about Project. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
projectRequestMessage:
description: projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint
type: string
projectRequestTemplate:
description: projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.
type: object
properties:
name:
description: name is the metadata.name of the referenced project request template
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

68
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml generated vendored Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: schedulers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Scheduler
listKind: SchedulerList
plural: schedulers
singular: scheduler
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
defaultNodeSelector:
description: 'defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod''s selector. For example, defaultNodeSelector: "type=user-node,region=east" would set nodeSelector field in pod spec to "type=user-node,region=east" to all pods created in all namespaces. Namespaces having project-wide node selectors won''t be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: "type=user-node,region=west" means that the default of "type=user-node,region=east" set in defaultNodeSelector would not be applied.'
type: string
mastersSchedulable:
description: 'MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.'
type: boolean
policy:
description: 'DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
profile:
description: "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods. \n Valid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\""
type: string
enum:
- ""
- LowNodeUtilization
- HighNodeUtilization
- NoScoring
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

3
vendor/github.com/openshift/api/config/v1/Makefile generated vendored Normal file
View File

@@ -0,0 +1,3 @@
.PHONY: test
test:
make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="config.openshift.io/v1"

8
vendor/github.com/openshift/api/config/v1/doc.go generated vendored Normal file
View File

@@ -0,0 +1,8 @@
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
// +kubebuilder:validation:Optional
// +groupName=config.openshift.io
// Package v1 is the v1 version of the API.
package v1

185
vendor/github.com/openshift/api/config/v1/feature_gates.go generated vendored Normal file
View File

@@ -0,0 +1,185 @@
package v1
// FeatureGateDescription is a golang-only interface used to contains details for a feature gate.
type FeatureGateDescription struct {
// FeatureGateAttributes is the information that appears in the API
FeatureGateAttributes FeatureGateAttributes
// OwningJiraComponent is the jira component that owns most of the impl and first assignment for the bug.
// This is the team that owns the feature long term.
OwningJiraComponent string
// ResponsiblePerson is the person who is on the hook for first contact. This is often, but not always, a team lead.
// It is someone who can make the promise on the behalf of the team.
ResponsiblePerson string
// OwningProduct is the product that owns the lifecycle of the gate.
OwningProduct OwningProduct
}
type OwningProduct string
var (
ocpSpecific = OwningProduct("OCP")
kubernetes = OwningProduct("Kubernetes")
)
var (
FeatureGateGatewayAPI = FeatureGateName("GatewayAPI")
gateGatewayAPI = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateGatewayAPI,
},
OwningJiraComponent: "Routing",
ResponsiblePerson: "miciah",
OwningProduct: ocpSpecific,
}
FeatureGateOpenShiftPodSecurityAdmission = FeatureGateName("OpenShiftPodSecurityAdmission")
openShiftPodSecurityAdmission = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateOpenShiftPodSecurityAdmission,
},
OwningJiraComponent: "auth",
ResponsiblePerson: "stlaz",
OwningProduct: ocpSpecific,
}
FeatureGateRetroactiveDefaultStorageClass = FeatureGateName("RetroactiveDefaultStorageClass")
retroactiveDefaultStorageClass = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateRetroactiveDefaultStorageClass,
},
OwningJiraComponent: "storage",
ResponsiblePerson: "RomanBednar",
OwningProduct: kubernetes,
}
FeatureGateExternalCloudProvider = FeatureGateName("ExternalCloudProvider")
externalCloudProvider = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateExternalCloudProvider,
},
OwningJiraComponent: "cloud-provider",
ResponsiblePerson: "jspeed",
OwningProduct: ocpSpecific,
}
FeatureGateExternalCloudProviderAzure = FeatureGateName("ExternalCloudProviderAzure")
externalCloudProviderAzure = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateExternalCloudProviderAzure,
},
OwningJiraComponent: "cloud-provider",
ResponsiblePerson: "jspeed",
OwningProduct: ocpSpecific,
}
FeatureGateExternalCloudProviderGCP = FeatureGateName("ExternalCloudProviderGCP")
externalCloudProviderGCP = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateExternalCloudProviderGCP,
},
OwningJiraComponent: "cloud-provider",
ResponsiblePerson: "jspeed",
OwningProduct: ocpSpecific,
}
FeatureGateCSIDriverSharedResource = FeatureGateName("CSIDriverSharedResource")
csiDriverSharedResource = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateCSIDriverSharedResource,
},
OwningJiraComponent: "builds",
ResponsiblePerson: "adkaplan",
OwningProduct: ocpSpecific,
}
FeatureGateBuildCSIVolumes = FeatureGateName("BuildCSIVolumes")
buildCSIVolumes = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateBuildCSIVolumes,
},
OwningJiraComponent: "builds",
ResponsiblePerson: "adkaplan",
OwningProduct: ocpSpecific,
}
FeatureGateNodeSwap = FeatureGateName("NodeSwap")
nodeSwap = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateNodeSwap,
},
OwningJiraComponent: "node",
ResponsiblePerson: "ehashman",
OwningProduct: kubernetes,
}
FeatureGateMachineAPIProviderOpenStack = FeatureGateName("MachineAPIProviderOpenStack")
machineAPIProviderOpenStack = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateMachineAPIProviderOpenStack,
},
OwningJiraComponent: "openstack",
ResponsiblePerson: "egarcia",
OwningProduct: ocpSpecific,
}
FeatureGateInsightsConfigAPI = FeatureGateName("InsightsConfigAPI")
insightsConfigAPI = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateInsightsConfigAPI,
},
OwningJiraComponent: "insights",
ResponsiblePerson: "tremes",
OwningProduct: ocpSpecific,
}
FeatureGateMatchLabelKeysInPodTopologySpread = FeatureGateName("MatchLabelKeysInPodTopologySpread")
matchLabelKeysInPodTopologySpread = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateMatchLabelKeysInPodTopologySpread,
},
OwningJiraComponent: "scheduling",
ResponsiblePerson: "ingvagabund",
OwningProduct: kubernetes,
}
FeatureGatePDBUnhealthyPodEvictionPolicy = FeatureGateName("PDBUnhealthyPodEvictionPolicy")
pdbUnhealthyPodEvictionPolicy = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGatePDBUnhealthyPodEvictionPolicy,
},
OwningJiraComponent: "apps",
ResponsiblePerson: "atiratree",
OwningProduct: kubernetes,
}
FeatureGateDynamicResourceAllocation = FeatureGateName("DynamicResourceAllocation")
dynamicResourceAllocation = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateDynamicResourceAllocation,
},
OwningJiraComponent: "scheduling",
ResponsiblePerson: "jchaloup",
OwningProduct: kubernetes,
}
FeatureGateAdmissionWebhookMatchConditions = FeatureGateName("AdmissionWebhookMatchConditions")
admissionWebhookMatchConditions = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateAdmissionWebhookMatchConditions,
},
OwningJiraComponent: "kube-apiserver",
ResponsiblePerson: "benluddy",
OwningProduct: kubernetes,
}
FeatureGateAzureWorkloadIdentity = FeatureGateName("AzureWorkloadIdentity")
azureWorkloadIdentity = FeatureGateDescription{
FeatureGateAttributes: FeatureGateAttributes{
Name: FeatureGateAzureWorkloadIdentity,
},
OwningJiraComponent: "cloud-credential-operator",
ResponsiblePerson: "abutcher",
OwningProduct: ocpSpecific,
}
)

78
vendor/github.com/openshift/api/config/v1/register.go generated vendored Normal file
View File

@@ -0,0 +1,78 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
var (
GroupName = "config.openshift.io"
GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
// Install is a function which adds this version to a scheme
Install = schemeBuilder.AddToScheme
// SchemeGroupVersion generated code relies on this name
// Deprecated
SchemeGroupVersion = GroupVersion
// AddToScheme exists solely to keep the old generators creating valid code
// DEPRECATED
AddToScheme = schemeBuilder.AddToScheme
)
// Resource generated code relies on this being here, but it logically belongs to the group
// DEPRECATED
func Resource(resource string) schema.GroupResource {
return schema.GroupResource{Group: GroupName, Resource: resource}
}
// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(GroupVersion,
&APIServer{},
&APIServerList{},
&Authentication{},
&AuthenticationList{},
&Build{},
&BuildList{},
&ClusterOperator{},
&ClusterOperatorList{},
&ClusterVersion{},
&ClusterVersionList{},
&Console{},
&ConsoleList{},
&DNS{},
&DNSList{},
&FeatureGate{},
&FeatureGateList{},
&Image{},
&ImageList{},
&Infrastructure{},
&InfrastructureList{},
&Ingress{},
&IngressList{},
&Node{},
&NodeList{},
&Network{},
&NetworkList{},
&OAuth{},
&OAuthList{},
&OperatorHub{},
&OperatorHubList{},
&Project{},
&ProjectList{},
&Proxy{},
&ProxyList{},
&Scheduler{},
&SchedulerList{},
&ImageContentPolicy{},
&ImageContentPolicyList{},
&ImageDigestMirrorSet{},
&ImageDigestMirrorSetList{},
&ImageTagMirrorSet{},
&ImageTagMirrorSetList{},
)
metav1.AddToGroupVersion(scheme, GroupVersion)
return nil
}

36
vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] APIServer"
crd: 0000_10_config-operator_01_apiserver-Default.crd.yaml
tests:
onCreate:
- name: Should be able to create encrypt with aescbc
initial: |
apiVersion: config.openshift.io/v1
kind: APIServer
spec:
encryption:
type: aescbc
expected: |
apiVersion: config.openshift.io/v1
kind: APIServer
spec:
audit:
profile: Default
encryption:
type: aescbc
- name: Should be able to create encrypt with aesgcm
initial: |
apiVersion: config.openshift.io/v1
kind: APIServer
spec:
encryption:
type: aesgcm
expected: |
apiVersion: config.openshift.io/v1
kind: APIServer
spec:
audit:
profile: Default
encryption:
type: aesgcm

14
vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Authentication"
crd: 0000_10_config-operator_01_authentication.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Authentication
initial: |
apiVersion: config.openshift.io/v1
kind: Authentication
spec: {} # No spec is required for a Authentication
expected: |
apiVersion: config.openshift.io/v1
kind: Authentication
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Build"
crd: 0000_10_config-operator_01_build.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Build
initial: |
apiVersion: config.openshift.io/v1
kind: Build
spec: {} # No spec is required for a Build
expected: |
apiVersion: config.openshift.io/v1
kind: Build
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] ClusterOperator"
crd: 0000_00_cluster-version-operator_01_clusteroperator.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal ClusterOperator
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterOperator
spec: {} # No spec is required for a ClusterOperator
expected: |
apiVersion: config.openshift.io/v1
kind: ClusterOperator
spec: {}

138
vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,138 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] ClusterVersion"
crd: 0000_00_cluster-version-operator_01_clusterversion.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal ClusterVersion
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
expected: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
- name: Should allow image to be set
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
image: bar
expected: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
image: bar
- name: Should allow version to be set
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
version: 4.11.1
expected: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
version: 4.11.1
- name: Should allow architecture to be empty
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: ""
version: 4.11.1
expected: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: ""
version: 4.11.1
- name: Should allow architecture and version to be set
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: Multi
version: 4.11.1
expected: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: Multi
version: 4.11.1
- name: Version must be set if architecture is set
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: Multi
expectedError: "Version must be set if Architecture is set"
- name: Should not allow image and architecture to be set
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: Multi
version: 4.11.1
image: bar
expectedError: "cannot set both Architecture and Image"
onUpdate:
- name: Should not allow image to be set if architecture set
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: Multi
version: 4.11.1
updated: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: Multi
version: 4.11.1
image: bar
expectedError: "cannot set both Architecture and Image"
- name: Should not allow architecture to be set if image set
initial: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
image: bar
updated: |
apiVersion: config.openshift.io/v1
kind: ClusterVersion
spec:
clusterID: foo
desiredUpdate:
architecture: Multi
version: 4.11.1
image: bar
expectedError: "cannot set both Architecture and Image"

14
vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Console"
crd: 0000_10_config-operator_01_console.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Console
initial: |
apiVersion: config.openshift.io/v1
kind: Console
spec: {} # No spec is required for a Console
expected: |
apiVersion: config.openshift.io/v1
kind: Console
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] DNS"
crd: 0000_10_config-operator_01_dns.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal DNS
initial: |
apiVersion: config.openshift.io/v1
kind: DNS
spec: {} # No spec is required for a DNS
expected: |
apiVersion: config.openshift.io/v1
kind: DNS
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] FeatureGate"
crd: 0000_10_config-operator_01_featuregate.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal FeatureGate
initial: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec: {} # No spec is required for a FeatureGate
expected: |
apiVersion: config.openshift.io/v1
kind: FeatureGate
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Image"
crd: 0000_10_config-operator_01_image.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Image
initial: |
apiVersion: config.openshift.io/v1
kind: Image
spec: {} # No spec is required for a Image
expected: |
apiVersion: config.openshift.io/v1
kind: Image
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] ImageContentPolicy"
crd: 0000_10_config-operator_01_imagecontentpolicy.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal ImageContentPolicy
initial: |
apiVersion: config.openshift.io/v1
kind: ImageContentPolicy
spec: {} # No spec is required for a ImageContentPolicy
expected: |
apiVersion: config.openshift.io/v1
kind: ImageContentPolicy
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] ImageDigestMirrorSet"
crd: 0000_10_config-operator_01_imagedigestmirrorset.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal ImageDigestMirrorSet
initial: |
apiVersion: config.openshift.io/v1
kind: ImageDigestMirrorSet
spec: {} # No spec is required for a ImageDigestMirrorSet
expected: |
apiVersion: config.openshift.io/v1
kind: ImageDigestMirrorSet
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] ImageTagMirrorSet"
crd: 0000_10_config-operator_01_imagetagmirrorset.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal ImageTagMirrorSet
initial: |
apiVersion: config.openshift.io/v1
kind: ImageTagMirrorSet
spec: {} # No spec is required for a ImageTagMirrorSet
expected: |
apiVersion: config.openshift.io/v1
kind: ImageTagMirrorSet
spec: {}

476
vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,476 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Infrastructure"
crd: 0000_10_config-operator_01_infrastructure-Default.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Infrastructure
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {} # No spec is required for a Infrastructure
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
onUpdate:
- name: Should be able to change External platformName from unknown to something else
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: External
external:
platformName: Unknown
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: External
external:
platformName: M&PCloud
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: External
external:
platformName: M&PCloud
- name: Should not be able to change External platformName once it was set
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: External
external:
platformName: M&PCloud
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: External
external:
platformName: SomeOtherCoolplatformName
expectedError: " spec.platformSpec.external.platformName: Invalid value: \"string\": platform name cannot be changed once set"
- name: Should not be able to modify an existing Azure ResourceTags Tag
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
controlPlaneTopology: "HighlyAvailable"
infrastructureTopology: "HighlyAvailable"
platform: Azure
platformStatus:
type: Azure
azure:
resourceTags:
- {key: "key", value: "value"}
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
type: Azure
azure:
resourceTags:
- {key: "key", value: "changed"}
expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation"
- name: Should not be able to add a Tag to an existing Azure ResourceTags
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
controlPlaneTopology: "HighlyAvailable"
infrastructureTopology: "HighlyAvailable"
platform: Azure
platformStatus:
type: Azure
azure:
resourceTags:
- {key: "key", value: "value"}
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
type: Azure
azure:
resourceTags:
- {key: "key", value: "value"}
- {key: "new", value: "entry"}
expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation"
- name: Should not be able to remove a Tag from an existing Azure ResourceTags
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
type: Azure
azure:
resourceTags:
- {key: "key", value: "value"}
- {key: "new", value: "entry"}
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
type: Azure
azure:
resourceTags:
- {key: "key", value: "value"}
expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation"
- name: Should not be able to add Azure ResourceTags to an empty platformStatus.azure
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
type: Azure
azure: {}
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
azure:
resourceTags:
- {key: "key", value: "value"}
expectedStatusError: "status.platformStatus.azure: Invalid value: \"object\": resourceTags may only be configured during installation"
- name: Should not be able to remove Azure ResourceTags from platformStatus.azure
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
type: Azure
azure:
resourceTags:
- {key: "key", value: "value"}
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
type: Azure
azure: {}
expectedStatusError: "status.platformStatus.azure: Invalid value: \"object\": resourceTags may only be configured during installation"
- name: Should be able to modify the ResourceGroupName while Azure ResourceTags are present
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
type: Azure
azure:
resourceGroupName: foo
resourceTags:
- {key: "key", value: "value"}
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
platform: Azure
platformStatus:
azure:
resourceGroupName: bar
resourceTags:
- {key: "key", value: "value"}
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
controlPlaneTopology: "HighlyAvailable"
infrastructureTopology: "HighlyAvailable"
platform: Azure
platformStatus:
azure:
resourceGroupName: bar
resourceTags:
- {key: "key", value: "value"}
- name: PowerVS platform status's resourceGroup length should not exceed the max length set
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: PowerVS
status:
platform: PowerVS
platformStatus:
powervs:
resourceGroup: resource-group
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: PowerVS
status:
platform: PowerVS
platformStatus:
powervs:
resourceGroup: resource-group-should-not-accept-the-string-that-exceeds-max-length-set
expectedStatusError: "status.platformStatus.powervs.resourceGroup: Too long: may not be longer than 40"
- name: PowerVS platform status's resourceGroup should match the regex configured
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: PowerVS
status:
platform: PowerVS
platformStatus:
powervs:
resourceGroup: resource-group
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: PowerVS
status:
platform: PowerVS
platformStatus:
powervs:
resourceGroup: re$ource-group
expectedStatusError: "status.platformStatus.powervs.resourceGroup in body should match '^[a-zA-Z0-9-_ ]+$'"
- name: Should not be able to change PowerVS platform status's resourceGroup once it was set
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: PowerVS
status:
platform: PowerVS
platformStatus:
powervs:
resourceGroup: resource-group
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: PowerVS
status:
platform: PowerVS
platformStatus:
powervs:
resourceGroup: other-resource-group-name
expectedStatusError: "status.platformStatus.powervs.resourceGroup: Invalid value: \"string\": resourceGroup is immutable once set"
- name: Should not be able to unset PowerVS platform status's resourceGroup once it was set
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: PowerVS
status:
platform: PowerVS
platformStatus:
powervs:
region: some-region
resourceGroup: resource-group
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: PowerVS
status:
platform: PowerVS
platformStatus:
powervs:
region: some-region
expectedStatusError: "status.platformStatus.powervs: Invalid value: \"object\": cannot unset resourceGroup once set"
- name: Should set load balancer type to OpenShiftManagedDefault if not specified
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
status:
platform: OpenStack
platformStatus:
openstack: {}
type: OpenStack
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: OpenStack
platformStatus:
openstack:
loadBalancer:
type: OpenShiftManagedDefault
type: OpenStack
- name: Should be able to override the default load balancer with a valid value
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
status:
platform: OpenStack
platformStatus:
openstack:
loadBalancer:
type: UserManaged
type: OpenStack
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: OpenStack
platformStatus:
openstack:
loadBalancer:
type: UserManaged
type: OpenStack
- name: Should not allow changing the immutable load balancer type field
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: OpenStack
platformStatus:
openstack:
loadBalancer:
type: OpenShiftManagedDefault
type: OpenStack
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: OpenStack
openstack: {}
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: OpenStack
platformStatus:
openstack:
loadBalancer:
type: UserManaged
type: OpenStack
expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Invalid value: \"string\": type is immutable once set"
- name: Should not allow removing the immutable load balancer type field that was initially set
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: OpenStack
platformStatus:
openstack:
loadBalancer:
type: UserManaged
type: OpenStack
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: OpenStack
openstack: {}
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: OpenStack
platformStatus:
openstack: {}
type: OpenStack
expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Invalid value: \"string\": type is immutable once set"
- name: Should not allow setting the load balancer type to a wrong value
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
openstack: {}
type: OpenStack
status:
platform: OpenStack
platformStatus:
openstack:
loadBalancer:
type: FooBar
type: OpenStack
expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\""

14
vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Ingress"
crd: 0000_10_config-operator_01_ingress.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Ingress
initial: |
apiVersion: config.openshift.io/v1
kind: Ingress
spec: {} # No spec is required for a Ingress
expected: |
apiVersion: config.openshift.io/v1
kind: Ingress
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Network"
crd: 0000_10_config-operator_01_network.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Network
initial: |
apiVersion: config.openshift.io/v1
kind: Network
spec: {} # No spec is required for a Network
expected: |
apiVersion: config.openshift.io/v1
kind: Network
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Node"
crd: 0000_10_config-operator_01_node.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Node
initial: |
apiVersion: config.openshift.io/v1
kind: Node
spec: {} # No spec is required for a Node
expected: |
apiVersion: config.openshift.io/v1
kind: Node
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] OAuth"
crd: 0000_10_config-operator_01_oauth.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal OAuth
initial: |
apiVersion: config.openshift.io/v1
kind: OAuth
spec: {} # No spec is required for a OAuth
expected: |
apiVersion: config.openshift.io/v1
kind: OAuth
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] OperatorHub"
crd: 0000_03_marketplace-operator_01_operatorhub.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal OperatorHub
initial: |
apiVersion: config.openshift.io/v1
kind: OperatorHub
spec: {} # No spec is required for a OperatorHub
expected: |
apiVersion: config.openshift.io/v1
kind: OperatorHub
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Project"
crd: 0000_10_config-operator_01_project.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Project
initial: |
apiVersion: config.openshift.io/v1
kind: Project
spec: {} # No spec is required for a Project
expected: |
apiVersion: config.openshift.io/v1
kind: Project
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Proxy"
crd: 0000_03_config-operator_01_proxy.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Proxy
initial: |
apiVersion: config.openshift.io/v1
kind: Proxy
spec: {} # No spec is required for a Proxy
expected: |
apiVersion: config.openshift.io/v1
kind: Proxy
spec: {}

14
vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Scheduler"
crd: 0000_10_config-operator_01_scheduler.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Scheduler
initial: |
apiVersion: config.openshift.io/v1
kind: Scheduler
spec: {} # No spec is required for a Scheduler
expected: |
apiVersion: config.openshift.io/v1
kind: Scheduler
spec: {}

31
vendor/github.com/openshift/api/config/v1/stringsource.go generated vendored Normal file
View File

@@ -0,0 +1,31 @@
package v1
import "encoding/json"
// UnmarshalJSON implements the json.Unmarshaller interface.
// If the value is a string, it sets the Value field of the StringSource.
// Otherwise, it is unmarshaled into the StringSourceSpec struct
func (s *StringSource) UnmarshalJSON(value []byte) error {
// If we can unmarshal to a simple string, just set the value
var simpleValue string
if err := json.Unmarshal(value, &simpleValue); err == nil {
s.Value = simpleValue
return nil
}
// Otherwise do the full struct unmarshal
return json.Unmarshal(value, &s.StringSourceSpec)
}
// MarshalJSON implements the json.Marshaller interface.
// If the StringSource contains only a string Value (or is empty), it is marshaled as a JSON string.
// Otherwise, the StringSourceSpec struct is marshaled as a JSON object.
func (s *StringSource) MarshalJSON() ([]byte, error) {
// If we have only a cleartext value set, do a simple string marshal
if s.StringSourceSpec == (StringSourceSpec{Value: s.Value}) {
return json.Marshal(s.Value)
}
// Otherwise do the full struct marshal of the externalized bits
return json.Marshal(s.StringSourceSpec)
}

35
vendor/github.com/openshift/api/config/v1/techpreview.apiserver.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[TechPreviewNoUpgrade] APIServer"
crd: 0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml
tests:
onCreate:
- name: Should be able to create encrypt with aescbc
initial: |
apiVersion: config.openshift.io/v1
kind: APIServer
spec:
encryption:
type: aescbc
expected: |
apiVersion: config.openshift.io/v1
kind: APIServer
spec:
audit:
profile: Default
encryption:
type: aescbc
- name: Should be able to create encrypt with aesgcm
initial: |
apiVersion: config.openshift.io/v1
kind: APIServer
spec:
encryption:
type: aesgcm
expected: |
apiVersion: config.openshift.io/v1
kind: APIServer
spec:
audit:
profile: Default
encryption:
type: aesgcm

213
vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml generated vendored Normal file
View File

@@ -0,0 +1,213 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[TechPreviewNoUpgrade] Infrastructure"
crd: 0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal Infrastructure
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {} # No spec is required for a Infrastructure
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
onUpdate:
- name: Status Should contain default fields
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status: {}
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status: {}
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
cpuPartitioning: None
infrastructureTopology: HighlyAvailable
controlPlaneTopology: HighlyAvailable
- name: Status update cpuPartitioning should fail validation check
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
cpuPartitioning: None
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec: {}
status:
cpuPartitioning: "Invalid"
expectedStatusError: 'status.cpuPartitioning: Unsupported value: "Invalid": supported values: "None", "AllNodes"'
- name: Should set load balancer type to OpenShiftManagedDefault if not specified
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
status:
platform: BareMetal
platformStatus:
baremetal: {}
type: BareMetal
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
status:
controlPlaneTopology: HighlyAvailable
cpuPartitioning: None
infrastructureTopology: HighlyAvailable
platform: BareMetal
platformStatus:
baremetal:
loadBalancer:
type: OpenShiftManagedDefault
type: BareMetal
- name: Should be able to override the default load balancer with a valid value
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
status:
platform: BareMetal
platformStatus:
baremetal:
loadBalancer:
type: UserManaged
type: BareMetal
expected: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
status:
controlPlaneTopology: HighlyAvailable
cpuPartitioning: None
infrastructureTopology: HighlyAvailable
platform: BareMetal
platformStatus:
baremetal:
loadBalancer:
type: UserManaged
type: BareMetal
- name: Should not allow changing the immutable load balancer type field
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: BareMetal
platformStatus:
baremetal:
loadBalancer:
type: OpenShiftManagedDefault
type: BareMetal
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: BareMetal
baremetal: {}
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: BareMetal
platformStatus:
baremetal:
loadBalancer:
type: UserManaged
type: BareMetal
expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Invalid value: \"string\": type is immutable once set"
- name: Should not allow removing the immutable load balancer type field that was initially set
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: BareMetal
platformStatus:
baremetal:
loadBalancer:
type: UserManaged
type: BareMetal
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
type: BareMetal
baremetal: {}
status:
controlPlaneTopology: HighlyAvailable
infrastructureTopology: HighlyAvailable
platform: BareMetal
platformStatus:
baremetal: {}
type: BareMetal
expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Invalid value: \"string\": type is immutable once set"
- name: Should not allow setting the load balancer type to a wrong value
initial: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
updated: |
apiVersion: config.openshift.io/v1
kind: Infrastructure
spec:
platformSpec:
baremetal: {}
type: BareMetal
status:
platform: BareMetal
platformStatus:
baremetal:
loadBalancer:
type: FooBar
type: BareMetal
expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\""

400
vendor/github.com/openshift/api/config/v1/types.go generated vendored Normal file
View File

@@ -0,0 +1,400 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
// ConfigMapFileReference references a config map in a specific namespace.
// The namespace must be specified at the point of use.
type ConfigMapFileReference struct {
Name string `json:"name"`
// Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.
Key string `json:"key,omitempty"`
}
// ConfigMapNameReference references a config map in a specific namespace.
// The namespace must be specified at the point of use.
type ConfigMapNameReference struct {
// name is the metadata.name of the referenced config map
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
}
// SecretNameReference references a secret in a specific namespace.
// The namespace must be specified at the point of use.
type SecretNameReference struct {
// name is the metadata.name of the referenced secret
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
}
// HTTPServingInfo holds configuration for serving HTTP
type HTTPServingInfo struct {
// ServingInfo is the HTTP serving information
ServingInfo `json:",inline"`
// MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.
MaxRequestsInFlight int64 `json:"maxRequestsInFlight"`
// RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if
// -1 there is no limit on requests.
RequestTimeoutSeconds int64 `json:"requestTimeoutSeconds"`
}
// ServingInfo holds information about serving web pages
type ServingInfo struct {
// BindAddress is the ip:port to serve on
BindAddress string `json:"bindAddress"`
// BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp",
// "tcp4", and "tcp6"
BindNetwork string `json:"bindNetwork"`
// CertInfo is the TLS cert info for serving secure traffic.
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
// +optional
ClientCA string `json:"clientCA,omitempty"`
// NamedCertificates is a list of certificates to use to secure requests to specific hostnames
NamedCertificates []NamedCertificate `json:"namedCertificates,omitempty"`
// MinTLSVersion is the minimum TLS version supported.
// Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
MinTLSVersion string `json:"minTLSVersion,omitempty"`
// CipherSuites contains an overridden list of ciphers for the server to support.
// Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants
CipherSuites []string `json:"cipherSuites,omitempty"`
}
// CertInfo relates a certificate with a private key
type CertInfo struct {
// CertFile is a file containing a PEM-encoded certificate
CertFile string `json:"certFile"`
// KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile
KeyFile string `json:"keyFile"`
}
// NamedCertificate specifies a certificate/key, and the names it should be served for
type NamedCertificate struct {
// Names is a list of DNS names this certificate should be used to secure
// A name can be a normal DNS name, or can contain leading wildcard segments.
Names []string `json:"names,omitempty"`
// CertInfo is the TLS cert info for serving secure traffic
CertInfo `json:",inline"`
}
// LeaderElection provides information to elect a leader
type LeaderElection struct {
// disable allows leader election to be suspended while allowing a fully defaulted "normal" startup case.
Disable bool `json:"disable,omitempty"`
// namespace indicates which namespace the resource is in
Namespace string `json:"namespace,omitempty"`
// name indicates what name to use for the resource
Name string `json:"name,omitempty"`
// leaseDuration is the duration that non-leader candidates will wait
// after observing a leadership renewal until attempting to acquire
// leadership of a led but unrenewed leader slot. This is effectively the
// maximum duration that a leader can be stopped before it is replaced
// by another candidate. This is only applicable if leader election is
// enabled.
// +nullable
LeaseDuration metav1.Duration `json:"leaseDuration"`
// renewDeadline is the interval between attempts by the acting master to
// renew a leadership slot before it stops leading. This must be less
// than or equal to the lease duration. This is only applicable if leader
// election is enabled.
// +nullable
RenewDeadline metav1.Duration `json:"renewDeadline"`
// retryPeriod is the duration the clients should wait between attempting
// acquisition and renewal of a leadership. This is only applicable if
// leader election is enabled.
// +nullable
RetryPeriod metav1.Duration `json:"retryPeriod"`
}
// StringSource allows specifying a string inline, or externally via env var or file.
// When it contains only a string value, it marshals to a simple JSON string.
type StringSource struct {
// StringSourceSpec specifies the string value, or external location
StringSourceSpec `json:",inline"`
}
// StringSourceSpec specifies a string value, or external location
type StringSourceSpec struct {
// Value specifies the cleartext value, or an encrypted value if keyFile is specified.
Value string `json:"value"`
// Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.
Env string `json:"env"`
// File references a file containing the cleartext value, or an encrypted value if a keyFile is specified.
File string `json:"file"`
// KeyFile references a file containing the key to use to decrypt the value.
KeyFile string `json:"keyFile"`
}
// RemoteConnectionInfo holds information necessary for establishing a remote connection
type RemoteConnectionInfo struct {
// URL is the remote URL to connect to
URL string `json:"url"`
// CA is the CA for verifying TLS connections
CA string `json:"ca"`
// CertInfo is the TLS client cert information to present
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
}
type AdmissionConfig struct {
PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig,omitempty"`
// enabledPlugins is a list of admission plugins that must be on in addition to the default list.
// Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon
// and can result in performance penalties and unexpected behavior.
EnabledAdmissionPlugins []string `json:"enabledPlugins,omitempty"`
// disabledPlugins is a list of admission plugins that must be off. Putting something in this list
// is almost always a mistake and likely to result in cluster instability.
DisabledAdmissionPlugins []string `json:"disabledPlugins,omitempty"`
}
// AdmissionPluginConfig holds the necessary configuration options for admission plugins
type AdmissionPluginConfig struct {
// Location is the path to a configuration file that contains the plugin's
// configuration
Location string `json:"location"`
// Configuration is an embedded configuration object to be used as the plugin's
// configuration. If present, it will be used instead of the path to the configuration file.
// +nullable
// +kubebuilder:pruning:PreserveUnknownFields
Configuration runtime.RawExtension `json:"configuration"`
}
type LogFormatType string
type WebHookModeType string
const (
// LogFormatLegacy saves event in 1-line text format.
LogFormatLegacy LogFormatType = "legacy"
// LogFormatJson saves event in structured json format.
LogFormatJson LogFormatType = "json"
// WebHookModeBatch indicates that the webhook should buffer audit events
// internally, sending batch updates either once a certain number of
// events have been received or a certain amount of time has passed.
WebHookModeBatch WebHookModeType = "batch"
// WebHookModeBlocking causes the webhook to block on every attempt to process
// a set of events. This causes requests to the API server to wait for a
// round trip to the external audit service before sending a response.
WebHookModeBlocking WebHookModeType = "blocking"
)
// AuditConfig holds configuration for the audit capabilities
type AuditConfig struct {
// If this flag is set, audit log will be printed in the logs.
// The logs contains, method, user and a requested URL.
Enabled bool `json:"enabled"`
// All requests coming to the apiserver will be logged to this file.
AuditFilePath string `json:"auditFilePath"`
// Maximum number of days to retain old log files based on the timestamp encoded in their filename.
MaximumFileRetentionDays int32 `json:"maximumFileRetentionDays"`
// Maximum number of old log files to retain.
MaximumRetainedFiles int32 `json:"maximumRetainedFiles"`
// Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.
MaximumFileSizeMegabytes int32 `json:"maximumFileSizeMegabytes"`
// PolicyFile is a path to the file that defines the audit policy configuration.
PolicyFile string `json:"policyFile"`
// PolicyConfiguration is an embedded policy configuration object to be used
// as the audit policy configuration. If present, it will be used instead of
// the path to the policy file.
// +nullable
// +kubebuilder:pruning:PreserveUnknownFields
PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"`
// Format of saved audits (legacy or json).
LogFormat LogFormatType `json:"logFormat"`
// Path to a .kubeconfig formatted file that defines the audit webhook configuration.
WebHookKubeConfig string `json:"webHookKubeConfig"`
// Strategy for sending audit events (block or batch).
WebHookMode WebHookModeType `json:"webHookMode"`
}
// EtcdConnectionInfo holds information necessary for connecting to an etcd server
type EtcdConnectionInfo struct {
// URLs are the URLs for etcd
URLs []string `json:"urls,omitempty"`
// CA is a file containing trusted roots for the etcd server certificates
CA string `json:"ca"`
// CertInfo is the TLS client cert information for securing communication to etcd
// this is anonymous so that we can inline it for serialization
CertInfo `json:",inline"`
}
type EtcdStorageConfig struct {
EtcdConnectionInfo `json:",inline"`
// StoragePrefix is the path within etcd that the OpenShift resources will
// be rooted under. This value, if changed, will mean existing objects in etcd will
// no longer be located.
StoragePrefix string `json:"storagePrefix"`
}
// GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd
type GenericAPIServerConfig struct {
// servingInfo describes how to start serving
ServingInfo HTTPServingInfo `json:"servingInfo"`
// corsAllowedOrigins
CORSAllowedOrigins []string `json:"corsAllowedOrigins"`
// auditConfig describes how to configure audit information
AuditConfig AuditConfig `json:"auditConfig"`
// storageConfig contains information about how to use
StorageConfig EtcdStorageConfig `json:"storageConfig"`
// admissionConfig holds information about how to configure admission.
AdmissionConfig AdmissionConfig `json:"admission"`
KubeClientConfig KubeClientConfig `json:"kubeClientConfig"`
}
type KubeClientConfig struct {
// kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config
KubeConfig string `json:"kubeConfig"`
// connectionOverrides specifies client overrides for system components to loop back to this master.
ConnectionOverrides ClientConnectionOverrides `json:"connectionOverrides"`
}
type ClientConnectionOverrides struct {
// acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
// default value of 'application/json'. This field will control all connections to the server used by a particular
// client.
AcceptContentTypes string `json:"acceptContentTypes"`
// contentType is the content type used when sending data to the server from this client.
ContentType string `json:"contentType"`
// qps controls the number of queries per second allowed for this connection.
QPS float32 `json:"qps"`
// burst allows extra queries to accumulate when a client is exceeding its rate.
Burst int32 `json:"burst"`
}
// GenericControllerConfig provides information to configure a controller
type GenericControllerConfig struct {
// ServingInfo is the HTTP serving information for the controller's endpoints
ServingInfo HTTPServingInfo `json:"servingInfo"`
// leaderElection provides information to elect a leader. Only override this if you have a specific need
LeaderElection LeaderElection `json:"leaderElection"`
// authentication allows configuration of authentication for the endpoints
Authentication DelegatedAuthentication `json:"authentication"`
// authorization allows configuration of authentication for the endpoints
Authorization DelegatedAuthorization `json:"authorization"`
}
// DelegatedAuthentication allows authentication to be disabled.
type DelegatedAuthentication struct {
// disabled indicates that authentication should be disabled. By default it will use delegated authentication.
Disabled bool `json:"disabled,omitempty"`
}
// DelegatedAuthorization allows authorization to be disabled.
type DelegatedAuthorization struct {
// disabled indicates that authorization should be disabled. By default it will use delegated authorization.
Disabled bool `json:"disabled,omitempty"`
}
type RequiredHSTSPolicy struct {
// namespaceSelector specifies a label selector such that the policy applies only to those routes that
// are in namespaces with labels that match the selector, and are in one of the DomainPatterns.
// Defaults to the empty LabelSelector, which matches everything.
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
// domainPatterns is a list of domains for which the desired HSTS annotations are required.
// If domainPatterns is specified and a route is created with a spec.host matching one of the domains,
// the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.
//
// The use of wildcards is allowed like this: *.foo.com matches everything under foo.com.
// foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:Required
// +required
DomainPatterns []string `json:"domainPatterns"`
// maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts.
// If set to 0, it negates the effect, and hosts are removed as HSTS hosts.
// If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts.
// maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS
// policy will eventually expire on that client.
MaxAge MaxAgePolicy `json:"maxAge"`
// preloadPolicy directs the client to include hosts in its host preload list so that
// it never needs to do an initial load to get the HSTS header (note that this is not defined
// in RFC 6797 and is therefore client implementation-dependent).
// +optional
PreloadPolicy PreloadPolicy `json:"preloadPolicy,omitempty"`
// includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's
// domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains:
// - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com
// - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com
// - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com
// - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com
// +optional
IncludeSubDomainsPolicy IncludeSubDomainsPolicy `json:"includeSubDomainsPolicy,omitempty"`
}
// MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy
type MaxAgePolicy struct {
// The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age
// This value can be left unspecified, in which case no upper limit is enforced.
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=2147483647
LargestMaxAge *int32 `json:"largestMaxAge,omitempty"`
// The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age
// Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary
// tool for administrators to quickly correct mistakes.
// This value can be left unspecified, in which case no lower limit is enforced.
// +kubebuilder:validation:Minimum=0
// +kubebuilder:validation:Maximum=2147483647
SmallestMaxAge *int32 `json:"smallestMaxAge,omitempty"`
}
// PreloadPolicy contains a value for specifying a compliant HSTS preload policy for the enclosing RequiredHSTSPolicy
// +kubebuilder:validation:Enum=RequirePreload;RequireNoPreload;NoOpinion
type PreloadPolicy string
const (
// RequirePreloadPolicy means HSTS "preload" is required by the RequiredHSTSPolicy
RequirePreloadPolicy PreloadPolicy = "RequirePreload"
// RequireNoPreloadPolicy means HSTS "preload" is forbidden by the RequiredHSTSPolicy
RequireNoPreloadPolicy PreloadPolicy = "RequireNoPreload"
// NoOpinionPreloadPolicy means HSTS "preload" doesn't matter to the RequiredHSTSPolicy
NoOpinionPreloadPolicy PreloadPolicy = "NoOpinion"
)
// IncludeSubDomainsPolicy contains a value for specifying a compliant HSTS includeSubdomains policy
// for the enclosing RequiredHSTSPolicy
// +kubebuilder:validation:Enum=RequireIncludeSubDomains;RequireNoIncludeSubDomains;NoOpinion
type IncludeSubDomainsPolicy string
const (
// RequireIncludeSubDomains means HSTS "includeSubDomains" is required by the RequiredHSTSPolicy
RequireIncludeSubDomains IncludeSubDomainsPolicy = "RequireIncludeSubDomains"
// RequireNoIncludeSubDomains means HSTS "includeSubDomains" is forbidden by the RequiredHSTSPolicy
RequireNoIncludeSubDomains IncludeSubDomainsPolicy = "RequireNoIncludeSubDomains"
// NoOpinionIncludeSubDomains means HSTS "includeSubDomains" doesn't matter to the RequiredHSTSPolicy
NoOpinionIncludeSubDomains IncludeSubDomainsPolicy = "NoOpinion"
)

221
vendor/github.com/openshift/api/config/v1/types_apiserver.go generated vendored Normal file
View File

@@ -0,0 +1,221 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// APIServer holds configuration (like serving certificates, client CA and CORS domains)
// shared by all API servers in the system, among them especially kube-apiserver
// and openshift-apiserver. The canonical name of an instance is 'cluster'.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type APIServer struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec APIServerSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status APIServerStatus `json:"status"`
}
type APIServerSpec struct {
// servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
// will be used for serving secure traffic.
// +optional
ServingCerts APIServerServingCerts `json:"servingCerts"`
// clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for
// incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid.
// You usually only have to set this if you have your own PKI you wish to honor client certificates from.
// The ConfigMap must exist in the openshift-config namespace and contain the following required fields:
// - ConfigMap.Data["ca-bundle.crt"] - CA bundle.
// +optional
ClientCA ConfigMapNameReference `json:"clientCA"`
// additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the
// API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth
// server from JavaScript applications.
// The values are regular expressions that correspond to the Golang regular expression language.
// +optional
AdditionalCORSAllowedOrigins []string `json:"additionalCORSAllowedOrigins,omitempty"`
// encryption allows the configuration of encryption of resources at the datastore layer.
// +optional
Encryption APIServerEncryption `json:"encryption"`
// tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.
//
// If unset, a default (which may change between releases) is chosen. Note that only Old,
// Intermediate and Custom profiles are currently supported, and the maximum available
// MinTLSVersions is VersionTLS12.
// +optional
TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"`
// audit specifies the settings for audit configuration to be applied to all OpenShift-provided
// API servers in the cluster.
// +optional
// +kubebuilder:default={profile: Default}
Audit Audit `json:"audit"`
}
// AuditProfileType defines the audit policy profile type.
// +kubebuilder:validation:Enum=Default;WriteRequestBodies;AllRequestBodies;None
type AuditProfileType string
const (
// "None" disables audit logs.
NoneAuditProfileType AuditProfileType = "None"
// "Default" is the existing default audit configuration policy.
DefaultAuditProfileType AuditProfileType = "Default"
// "WriteRequestBodies" is similar to Default but it logs request and response
// HTTP payloads for write requests (create, update, patch)
WriteRequestBodiesAuditProfileType AuditProfileType = "WriteRequestBodies"
// "AllRequestBodies" is similar to WriteRequestBodies, but also logs request
// and response HTTP payloads for read requests (get, list).
AllRequestBodiesAuditProfileType AuditProfileType = "AllRequestBodies"
)
type Audit struct {
// profile specifies the name of the desired top-level audit profile to be applied to all requests
// sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver,
// openshift-apiserver and oauth-apiserver), with the exception of those requests that match
// one or more of the customRules.
//
// The following profiles are provided:
// - Default: default policy which means MetaData level logging with the exception of events
// (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody
// level).
// - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for
// write requests (create, update, patch).
// - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response
// HTTP payloads for read requests (get, list).
// - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.
//
// Warning: It is not recommended to disable audit logging by using the `None` profile unless you
// are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues.
// If you disable audit logging and a support situation arises, you might need to enable audit logging
// and reproduce the issue in order to troubleshoot properly.
//
// If unset, the 'Default' profile is used as the default.
//
// +kubebuilder:default=Default
Profile AuditProfileType `json:"profile,omitempty"`
// customRules specify profiles per group. These profile take precedence over the
// top-level profile field if they apply. They are evaluation from top to bottom and
// the first one that matches, applies.
// +listType=map
// +listMapKey=group
// +optional
CustomRules []AuditCustomRule `json:"customRules,omitempty"`
}
// AuditCustomRule describes a custom rule for an audit profile that takes precedence over
// the top-level profile.
type AuditCustomRule struct {
// group is a name of group a request user must be member of in order to this profile to apply.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
// +required
Group string `json:"group"`
// profile specifies the name of the desired audit policy configuration to be deployed to
// all OpenShift-provided API servers in the cluster.
//
// The following profiles are provided:
// - Default: the existing default policy.
// - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for
// write requests (create, update, patch).
// - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response
// HTTP payloads for read requests (get, list).
// - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.
//
// If unset, the 'Default' profile is used as the default.
//
// +kubebuilder:validation:Required
// +required
Profile AuditProfileType `json:"profile,omitempty"`
}
type APIServerServingCerts struct {
// namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames.
// If no named certificates are provided, or no named certificates match the server name as understood by a client,
// the defaultServingCertificate will be used.
// +optional
NamedCertificates []APIServerNamedServingCert `json:"namedCertificates,omitempty"`
}
// APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
type APIServerNamedServingCert struct {
// names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to
// serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates.
// Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
// +optional
Names []string `json:"names,omitempty"`
// servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.
// The secret must exist in the openshift-config namespace and contain the following required fields:
// - Secret.Data["tls.key"] - TLS private key.
// - Secret.Data["tls.crt"] - TLS certificate.
ServingCertificate SecretNameReference `json:"servingCertificate"`
}
type APIServerEncryption struct {
// type defines what encryption type should be used to encrypt resources at the datastore layer.
// When this field is unset (i.e. when it is set to the empty string), identity is implied.
// The behavior of unset can and will change over time. Even if encryption is enabled by default,
// the meaning of unset may change to a different encryption type based on changes in best practices.
//
// When encryption is enabled, all sensitive resources shipped with the platform are encrypted.
// This list of sensitive resources can and will change over time. The current authoritative list is:
//
// 1. secrets
// 2. configmaps
// 3. routes.route.openshift.io
// 4. oauthaccesstokens.oauth.openshift.io
// 5. oauthauthorizetokens.oauth.openshift.io
//
// +unionDiscriminator
// +optional
Type EncryptionType `json:"type,omitempty"`
}
// +kubebuilder:validation:Enum="";identity;aescbc;aesgcm
type EncryptionType string
const (
// identity refers to a type where no encryption is performed at the datastore layer.
// Resources are written as-is without encryption.
EncryptionTypeIdentity EncryptionType = "identity"
// aescbc refers to a type where AES-CBC with PKCS#7 padding and a 32-byte key
// is used to perform encryption at the datastore layer.
EncryptionTypeAESCBC EncryptionType = "aescbc"
// aesgcm refers to a type where AES-GCM with random nonce and a 32-byte key
// is used to perform encryption at the datastore layer.
EncryptionTypeAESGCM EncryptionType = "aesgcm"
)
type APIServerStatus struct {
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type APIServerList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []APIServer `json:"items"`
}

161
vendor/github.com/openshift/api/config/v1/types_authentication.go generated vendored Normal file
View File

@@ -0,0 +1,161 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Authentication specifies cluster-wide settings for authentication (like OAuth and
// webhook token authenticators). The canonical name of an instance is `cluster`.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Authentication struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec AuthenticationSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status AuthenticationStatus `json:"status"`
}
type AuthenticationSpec struct {
// type identifies the cluster managed, user facing authentication mode in use.
// Specifically, it manages the component that responds to login attempts.
// The default is IntegratedOAuth.
// +optional
Type AuthenticationType `json:"type"`
// oauthMetadata contains the discovery endpoint data for OAuth 2.0
// Authorization Server Metadata for an external OAuth server.
// This discovery document can be viewed from its served location:
// oc get --raw '/.well-known/oauth-authorization-server'
// For further details, see the IETF Draft:
// https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
// If oauthMetadata.name is non-empty, this value has precedence
// over any metadata reference stored in status.
// The key "oauthMetadata" is used to locate the data.
// If specified and the config map or expected key is not found, no metadata is served.
// If the specified metadata is not valid, no metadata is served.
// The namespace for this config map is openshift-config.
// +optional
OAuthMetadata ConfigMapNameReference `json:"oauthMetadata"`
// webhookTokenAuthenticators is DEPRECATED, setting it has no effect.
WebhookTokenAuthenticators []DeprecatedWebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"`
// webhookTokenAuthenticator configures a remote token reviewer.
// These remote authentication webhooks can be used to verify bearer tokens
// via the tokenreviews.authentication.k8s.io REST API. This is required to
// honor bearer tokens that are provisioned by an external authentication service.
// +optional
WebhookTokenAuthenticator *WebhookTokenAuthenticator `json:"webhookTokenAuthenticator,omitempty"`
// serviceAccountIssuer is the identifier of the bound service account token
// issuer.
// The default is https://kubernetes.default.svc
// WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the
// previous issuer value. Instead, the tokens issued by previous service account issuer will continue to
// be trusted for a time period chosen by the platform (currently set to 24h).
// This time period is subject to change over time.
// This allows internal components to transition to use new service account issuer without service distruption.
// +optional
ServiceAccountIssuer string `json:"serviceAccountIssuer"`
}
type AuthenticationStatus struct {
// integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0
// Authorization Server Metadata for the in-cluster integrated OAuth server.
// This discovery document can be viewed from its served location:
// oc get --raw '/.well-known/oauth-authorization-server'
// For further details, see the IETF Draft:
// https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
// This contains the observed value based on cluster state.
// An explicitly set value in spec.oauthMetadata has precedence over this field.
// This field has no meaning if authentication spec.type is not set to IntegratedOAuth.
// The key "oauthMetadata" is used to locate the data.
// If the config map or expected key is not found, no metadata is served.
// If the specified metadata is not valid, no metadata is served.
// The namespace for this config map is openshift-config-managed.
IntegratedOAuthMetadata ConfigMapNameReference `json:"integratedOAuthMetadata"`
// TODO if we add support for an in-cluster operator managed Keycloak instance
// KeycloakOAuthMetadata ConfigMapNameReference `json:"keycloakOAuthMetadata"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type AuthenticationList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Authentication `json:"items"`
}
type AuthenticationType string
const (
// None means that no cluster managed authentication system is in place.
// Note that user login will only work if a manually configured system is in place and
// referenced in authentication spec via oauthMetadata and webhookTokenAuthenticators.
AuthenticationTypeNone AuthenticationType = "None"
// IntegratedOAuth refers to the cluster managed OAuth server.
// It is configured via the top level OAuth config.
AuthenticationTypeIntegratedOAuth AuthenticationType = "IntegratedOAuth"
// TODO if we add support for an in-cluster operator managed Keycloak instance
// AuthenticationTypeKeycloak AuthenticationType = "Keycloak"
)
// deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator.
// It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
type DeprecatedWebhookTokenAuthenticator struct {
// kubeConfig contains kube config file data which describes how to access the remote webhook service.
// For further details, see:
// https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
// The key "kubeConfig" is used to locate the data.
// If the secret or expected key is not found, the webhook is not honored.
// If the specified kube config data is not valid, the webhook is not honored.
// The namespace for this secret is determined by the point of use.
KubeConfig SecretNameReference `json:"kubeConfig"`
}
// webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator
type WebhookTokenAuthenticator struct {
// kubeConfig references a secret that contains kube config file data which
// describes how to access the remote webhook service.
// The namespace for the referenced secret is openshift-config.
//
// For further details, see:
//
// https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
//
// The key "kubeConfig" is used to locate the data.
// If the secret or expected key is not found, the webhook is not honored.
// If the specified kube config data is not valid, the webhook is not honored.
// +kubebuilder:validation:Required
// +required
KubeConfig SecretNameReference `json:"kubeConfig"`
}
const (
// OAuthMetadataKey is the key for the oauth authorization server metadata
OAuthMetadataKey = "oauthMetadata"
// KubeConfigKey is the key for the kube config file data in a secret
KubeConfigKey = "kubeConfig"
)

127
vendor/github.com/openshift/api/config/v1/types_build.go generated vendored Normal file
View File

@@ -0,0 +1,127 @@
package v1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Build configures the behavior of OpenShift builds for the entire cluster.
// This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.
//
// The canonical name is "cluster"
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Build struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec holds user-settable values for the build controller configuration
// +kubebuilder:validation:Required
// +required
Spec BuildSpec `json:"spec"`
}
type BuildSpec struct {
// AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that
// should be trusted for image pushes and pulls during builds.
// The namespace for this config map is openshift-config.
//
// DEPRECATED: Additional CAs for image pull and push should be set on
// image.config.openshift.io/cluster instead.
//
// +optional
AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"`
// BuildDefaults controls the default information for Builds
// +optional
BuildDefaults BuildDefaults `json:"buildDefaults"`
// BuildOverrides controls override settings for builds
// +optional
BuildOverrides BuildOverrides `json:"buildOverrides"`
}
type BuildDefaults struct {
// DefaultProxy contains the default proxy settings for all build operations, including image pull/push
// and source download.
//
// Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables
// in the build config's strategy.
// +optional
DefaultProxy *ProxySpec `json:"defaultProxy,omitempty"`
// GitProxy contains the proxy settings for git operations only. If set, this will override
// any Proxy settings for all git commands, such as git clone.
//
// Values that are not set here will be inherited from DefaultProxy.
// +optional
GitProxy *ProxySpec `json:"gitProxy,omitempty"`
// Env is a set of default environment variables that will be applied to the
// build if the specified variables do not exist on the build
// +optional
Env []corev1.EnvVar `json:"env,omitempty"`
// ImageLabels is a list of docker labels that are applied to the resulting image.
// User can override a default label by providing a label with the same name in their
// Build/BuildConfig.
// +optional
ImageLabels []ImageLabel `json:"imageLabels,omitempty"`
// Resources defines resource requirements to execute the build.
// +optional
Resources corev1.ResourceRequirements `json:"resources"`
}
type ImageLabel struct {
// Name defines the name of the label. It must have non-zero length.
Name string `json:"name"`
// Value defines the literal value of the label.
// +optional
Value string `json:"value,omitempty"`
}
type BuildOverrides struct {
// ImageLabels is a list of docker labels that are applied to the resulting image.
// If user provided a label in their Build/BuildConfig with the same name as one in this
// list, the user's label will be overwritten.
// +optional
ImageLabels []ImageLabel `json:"imageLabels,omitempty"`
// NodeSelector is a selector which must be true for the build pod to fit on a node
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
// Tolerations is a list of Tolerations that will override any existing
// tolerations set on a build pod.
// +optional
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// ForcePull overrides, if set, the equivalent value in the builds,
// i.e. false disables force pull for all builds,
// true enables force pull for all builds,
// independently of what each build specifies itself
// +optional
ForcePull *bool `json:"forcePull,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type BuildList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Build `json:"items"`
}

216
vendor/github.com/openshift/api/config/v1/types_cluster_operator.go generated vendored Normal file
View File

@@ -0,0 +1,216 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterOperator is the Custom Resource object which holds the current state
// of an operator. This object is used by operators to convey their state to
// the rest of the cluster.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ClusterOperator struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
// spec holds configuration that could apply to any operator.
// +kubebuilder:validation:Required
// +required
Spec ClusterOperatorSpec `json:"spec"`
// status holds the information about the state of an operator. It is consistent with status information across
// the Kubernetes ecosystem.
// +optional
Status ClusterOperatorStatus `json:"status"`
}
// ClusterOperatorSpec is empty for now, but you could imagine holding information like "pause".
type ClusterOperatorSpec struct {
}
// ClusterOperatorStatus provides information about the status of the operator.
// +k8s:deepcopy-gen=true
type ClusterOperatorStatus struct {
// conditions describes the state of the operator's managed and monitored components.
// +patchMergeKey=type
// +patchStrategy=merge
// +optional
Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
// versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple
// operand entries in the array. Available operators must report the version of the operator itself with the name "operator".
// An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
// +optional
Versions []OperandVersion `json:"versions,omitempty"`
// relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are:
// 1. the detailed resource driving the operator
// 2. operator namespaces
// 3. operand namespaces
// +optional
RelatedObjects []ObjectReference `json:"relatedObjects,omitempty"`
// extension contains any additional status information specific to the
// operator which owns this status object.
// +nullable
// +optional
// +kubebuilder:pruning:PreserveUnknownFields
Extension runtime.RawExtension `json:"extension"`
}
type OperandVersion struct {
// name is the name of the particular operand this version is for. It usually matches container images, not operators.
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
// version indicates which version of a particular operand is currently being managed. It must always match the Available
// operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout
// 1.1.0
// +kubebuilder:validation:Required
// +required
Version string `json:"version"`
}
// ObjectReference contains enough information to let you inspect or modify the referred object.
type ObjectReference struct {
// group of the referent.
// +kubebuilder:validation:Required
// +required
Group string `json:"group"`
// resource of the referent.
// +kubebuilder:validation:Required
// +required
Resource string `json:"resource"`
// namespace of the referent.
// +optional
Namespace string `json:"namespace,omitempty"`
// name of the referent.
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
}
type ConditionStatus string
// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
// can't decide if a resource is in the condition or not. In the future, we could add other
// intermediate conditions, e.g. ConditionDegraded.
const (
ConditionTrue ConditionStatus = "True"
ConditionFalse ConditionStatus = "False"
ConditionUnknown ConditionStatus = "Unknown"
)
// ClusterOperatorStatusCondition represents the state of the operator's
// managed and monitored components.
// +k8s:deepcopy-gen=true
type ClusterOperatorStatusCondition struct {
// type specifies the aspect reported by this condition.
// +kubebuilder:validation:Required
// +required
Type ClusterStatusConditionType `json:"type"`
// status of the condition, one of True, False, Unknown.
// +kubebuilder:validation:Required
// +required
Status ConditionStatus `json:"status"`
// lastTransitionTime is the time of the last update to the current status property.
// +kubebuilder:validation:Required
// +required
LastTransitionTime metav1.Time `json:"lastTransitionTime"`
// reason is the CamelCase reason for the condition's current status.
// +optional
Reason string `json:"reason,omitempty"`
// message provides additional information about the current condition.
// This is only to be consumed by humans. It may contain Line Feed
// characters (U+000A), which should be rendered as new lines.
// +optional
Message string `json:"message,omitempty"`
}
// ClusterStatusConditionType is an aspect of operator state.
type ClusterStatusConditionType string
const (
// Available indicates that the component (operator and all configured operands)
// is functional and available in the cluster. Available=False means at least
// part of the component is non-functional, and that the condition requires
// immediate administrator intervention.
OperatorAvailable ClusterStatusConditionType = "Available"
// Progressing indicates that the component (operator and all configured operands)
// is actively rolling out new code, propagating config changes, or otherwise
// moving from one steady state to another. Operators should not report
// progressing when they are reconciling (without action) a previously known
// state. If the observed cluster state has changed and the component is
// reacting to it (scaling up for instance), Progressing should become true
// since it is moving from one steady state to another.
OperatorProgressing ClusterStatusConditionType = "Progressing"
// Degraded indicates that the component (operator and all configured operands)
// does not match its desired state over a period of time resulting in a lower
// quality of service. The period of time may vary by component, but a Degraded
// state represents persistent observation of a condition. As a result, a
// component should not oscillate in and out of Degraded state. A component may
// be Available even if its degraded. For example, a component may desire 3
// running pods, but 1 pod is crash-looping. The component is Available but
// Degraded because it may have a lower quality of service. A component may be
// Progressing but not Degraded because the transition from one state to
// another does not persist over a long enough period to report Degraded. A
// component should not report Degraded during the course of a normal upgrade.
// A component may report Degraded in response to a persistent infrastructure
// failure that requires eventual administrator intervention. For example, if
// a control plane host is unhealthy and must be replaced. A component should
// report Degraded if unexpected errors occur over a period, but the
// expectation is that all unexpected errors are handled as operators mature.
OperatorDegraded ClusterStatusConditionType = "Degraded"
// Upgradeable indicates whether the component (operator and all configured
// operands) is safe to upgrade based on the current cluster state. When
// Upgradeable is False, the cluster-version operator will prevent the
// cluster from performing impacted updates unless forced. When set on
// ClusterVersion, the message will explain which updates (minor or patch)
// are impacted. When set on ClusterOperator, False will block minor
// OpenShift updates. The message field should contain a human readable
// description of what the administrator should do to allow the cluster or
// component to successfully update. The cluster-version operator will
// allow updates when this condition is not False, including when it is
// missing, True, or Unknown.
OperatorUpgradeable ClusterStatusConditionType = "Upgradeable"
// EvaluationConditionsDetected is used to indicate the result of the detection
// logic that was added to a component to evaluate the introduction of an
// invasive change that could potentially result in highly visible alerts,
// breakages or upgrade failures. You can concatenate multiple Reason using
// the "::" delimiter if you need to evaluate the introduction of multiple changes.
EvaluationConditionsDetected ClusterStatusConditionType = "EvaluationConditionsDetected"
)
// ClusterOperatorList is a list of OperatorStatus resources.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +openshift:compatibility-gen:level=1
type ClusterOperatorList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []ClusterOperator `json:"items"`
}

650
vendor/github.com/openshift/api/config/v1/types_cluster_version.go generated vendored Normal file
View File

@@ -0,0 +1,650 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ClusterVersion is the configuration for the ClusterVersionOperator. This is where
// parameters related to automatic updates can be set.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ClusterVersion struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec is the desired state of the cluster version - the operator will work
// to ensure that the desired version is applied to the cluster.
// +kubebuilder:validation:Required
// +required
Spec ClusterVersionSpec `json:"spec"`
// status contains information about the available updates and any in-progress
// updates.
// +optional
Status ClusterVersionStatus `json:"status"`
}
// ClusterVersionSpec is the desired version state of the cluster. It includes
// the version the cluster should be at, how the cluster is identified, and
// where the cluster should look for version updates.
// +k8s:deepcopy-gen=true
type ClusterVersionSpec struct {
// clusterID uniquely identifies this cluster. This is expected to be
// an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in
// hexadecimal values). This is a required field.
// +kubebuilder:validation:Required
// +required
ClusterID ClusterID `json:"clusterID"`
// desiredUpdate is an optional field that indicates the desired value of
// the cluster version. Setting this value will trigger an upgrade (if
// the current version does not match the desired version). The set of
// recommended update values is listed as part of available updates in
// status, and setting values outside that range may cause the upgrade
// to fail.
//
// Some of the fields are inter-related with restrictions and meanings described here.
// 1. image is specified, version is specified, architecture is specified. API validation error.
// 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used.
// 3. image is specified, version is not specified, architecture is specified. API validation error.
// 4. image is specified, version is not specified, architecture is not specified. image is used.
// 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image.
// 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image.
// 7. image is not specified, version is not specified, architecture is specified. API validation error.
// 8. image is not specified, version is not specified, architecture is not specified. API validation error.
//
// If an upgrade fails the operator will halt and report status
// about the failing component. Setting the desired update value back to
// the previous version will cause a rollback to be attempted. Not all
// rollbacks will succeed.
//
// +optional
DesiredUpdate *Update `json:"desiredUpdate,omitempty"`
// upstream may be used to specify the preferred update server. By default
// it will use the appropriate update server for the cluster and region.
//
// +optional
Upstream URL `json:"upstream,omitempty"`
// channel is an identifier for explicitly requesting that a non-default
// set of updates be applied to this cluster. The default channel will be
// contain stable updates that are appropriate for production clusters.
//
// +optional
Channel string `json:"channel,omitempty"`
// capabilities configures the installation of optional, core
// cluster components. A null value here is identical to an
// empty object; see the child properties for default semantics.
// +optional
Capabilities *ClusterVersionCapabilitiesSpec `json:"capabilities,omitempty"`
// overrides is list of overides for components that are managed by
// cluster version operator. Marking a component unmanaged will prevent
// the operator from creating or updating the object.
// +optional
Overrides []ComponentOverride `json:"overrides,omitempty"`
}
// ClusterVersionStatus reports the status of the cluster versioning,
// including any upgrades that are in progress. The current field will
// be set to whichever version the cluster is reconciling to, and the
// conditions array will report whether the update succeeded, is in
// progress, or is failing.
// +k8s:deepcopy-gen=true
type ClusterVersionStatus struct {
// desired is the version that the cluster is reconciling towards.
// If the cluster is not yet fully initialized desired will be set
// with the information available, which may be an image or a tag.
// +kubebuilder:validation:Required
// +required
Desired Release `json:"desired"`
// history contains a list of the most recent versions applied to the cluster.
// This value may be empty during cluster startup, and then will be updated
// when a new update is being applied. The newest update is first in the
// list and it is ordered by recency. Updates in the history have state
// Completed if the rollout completed - if an update was failing or halfway
// applied the state will be Partial. Only a limited amount of update history
// is preserved.
// +optional
History []UpdateHistory `json:"history,omitempty"`
// observedGeneration reports which version of the spec is being synced.
// If this value is not equal to metadata.generation, then the desired
// and conditions fields may represent a previous version.
// +kubebuilder:validation:Required
// +required
ObservedGeneration int64 `json:"observedGeneration"`
// versionHash is a fingerprint of the content that the cluster will be
// updated with. It is used by the operator to avoid unnecessary work
// and is for internal use only.
// +kubebuilder:validation:Required
// +required
VersionHash string `json:"versionHash"`
// capabilities describes the state of optional, core cluster components.
Capabilities ClusterVersionCapabilitiesStatus `json:"capabilities"`
// conditions provides information about the cluster version. The condition
// "Available" is set to true if the desiredUpdate has been reached. The
// condition "Progressing" is set to true if an update is being applied.
// The condition "Degraded" is set to true if an update is currently blocked
// by a temporary or permanent error. Conditions are only valid for the
// current desiredUpdate when metadata.generation is equal to
// status.generation.
// +optional
Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"`
// availableUpdates contains updates recommended for this
// cluster. Updates which appear in conditionalUpdates but not in
// availableUpdates may expose this cluster to known issues. This list
// may be empty if no updates are recommended, if the update service
// is unavailable, or if an invalid channel has been specified.
// +nullable
// +kubebuilder:validation:Required
// +required
AvailableUpdates []Release `json:"availableUpdates"`
// conditionalUpdates contains the list of updates that may be
// recommended for this cluster if it meets specific required
// conditions. Consumers interested in the set of updates that are
// actually recommended for this cluster should use
// availableUpdates. This list may be empty if no updates are
// recommended, if the update service is unavailable, or if an empty
// or invalid channel has been specified.
// +listType=atomic
// +optional
ConditionalUpdates []ConditionalUpdate `json:"conditionalUpdates,omitempty"`
}
// UpdateState is a constant representing whether an update was successfully
// applied to the cluster or not.
type UpdateState string
const (
// CompletedUpdate indicates an update was successfully applied
// to the cluster (all resource updates were successful).
CompletedUpdate UpdateState = "Completed"
// PartialUpdate indicates an update was never completely applied
// or is currently being applied.
PartialUpdate UpdateState = "Partial"
)
// UpdateHistory is a single attempted update to the cluster.
type UpdateHistory struct {
// state reflects whether the update was fully applied. The Partial state
// indicates the update is not fully applied, while the Completed state
// indicates the update was successfully rolled out at least once (all
// parts of the update successfully applied).
// +kubebuilder:validation:Required
// +required
State UpdateState `json:"state"`
// startedTime is the time at which the update was started.
// +kubebuilder:validation:Required
// +required
StartedTime metav1.Time `json:"startedTime"`
// completionTime, if set, is when the update was fully applied. The update
// that is currently being applied will have a null completion time.
// Completion time will always be set for entries that are not the current
// update (usually to the started time of the next update).
// +kubebuilder:validation:Required
// +required
// +nullable
CompletionTime *metav1.Time `json:"completionTime"`
// version is a semantic version identifying the update version. If the
// requested image does not define a version, or if a failure occurs
// retrieving the image, this value may be empty.
//
// +optional
Version string `json:"version"`
// image is a container image location that contains the update. This value
// is always populated.
// +kubebuilder:validation:Required
// +required
Image string `json:"image"`
// verified indicates whether the provided update was properly verified
// before it was installed. If this is false the cluster may not be trusted.
// Verified does not cover upgradeable checks that depend on the cluster
// state at the time when the update target was accepted.
// +kubebuilder:validation:Required
// +required
Verified bool `json:"verified"`
// acceptedRisks records risks which were accepted to initiate the update.
// For example, it may menition an Upgradeable=False or missing signature
// that was overriden via desiredUpdate.force, or an update that was
// initiated despite not being in the availableUpdates set of recommended
// update targets.
// +optional
AcceptedRisks string `json:"acceptedRisks,omitempty"`
}
// ClusterID is string RFC4122 uuid.
type ClusterID string
// ClusterVersionArchitecture enumerates valid cluster architectures.
// +kubebuilder:validation:Enum="Multi";""
type ClusterVersionArchitecture string
const (
// ClusterVersionArchitectureMulti identifies a multi architecture. A multi
// architecture cluster is capable of running nodes with multiple architectures.
ClusterVersionArchitectureMulti ClusterVersionArchitecture = "Multi"
)
// ClusterVersionCapability enumerates optional, core cluster components.
// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning
type ClusterVersionCapability string
const (
// ClusterVersionCapabilityOpenShiftSamples manages the sample
// image streams and templates stored in the openshift
// namespace, and any registry credentials, stored as a secret,
// needed for the image streams to import the images they
// reference.
ClusterVersionCapabilityOpenShiftSamples ClusterVersionCapability = "openshift-samples"
// ClusterVersionCapabilityBaremetal manages the cluster
// baremetal operator which is responsible for running the metal3
// deployment.
ClusterVersionCapabilityBaremetal ClusterVersionCapability = "baremetal"
// ClusterVersionCapabilityMarketplace manages the Marketplace operator which
// supplies Operator Lifecycle Manager (OLM) users with default catalogs of
// "optional" operators.
ClusterVersionCapabilityMarketplace ClusterVersionCapability = "marketplace"
// ClusterVersionCapabilityConsole manages the Console operator which
// installs and maintains the web console.
ClusterVersionCapabilityConsole ClusterVersionCapability = "Console"
// ClusterVersionCapabilityInsights manages the Insights operator which
// collects anonymized information about the cluster to generate
// recommendations for possible cluster issues.
ClusterVersionCapabilityInsights ClusterVersionCapability = "Insights"
// ClusterVersionCapabilityStorage manages the storage operator which
// is responsible for providing cluster-wide storage defaults
// WARNING: Do not disable this capability when deployed to
// RHEV and OpenStack without reading the docs.
// These clusters heavily rely on that capability and may cause
// damage to the cluster.
ClusterVersionCapabilityStorage ClusterVersionCapability = "Storage"
// ClusterVersionCapabilityCSISnapshot manages the csi snapshot
// controller operator which is responsible for watching the
// VolumeSnapshot CRD objects and manages the creation and deletion
// lifecycle of volume snapshots
ClusterVersionCapabilityCSISnapshot ClusterVersionCapability = "CSISnapshot"
// ClusterVersionCapabilityNodeTuning manages the Node Tuning Operator
// which is responsible for watching the Tuned and Profile CRD
// objects and manages the containerized TuneD daemon which controls
// system level tuning of Nodes
ClusterVersionCapabilityNodeTuning ClusterVersionCapability = "NodeTuning"
)
// KnownClusterVersionCapabilities includes all known optional, core cluster components.
var KnownClusterVersionCapabilities = []ClusterVersionCapability{
ClusterVersionCapabilityBaremetal,
ClusterVersionCapabilityConsole,
ClusterVersionCapabilityInsights,
ClusterVersionCapabilityMarketplace,
ClusterVersionCapabilityStorage,
ClusterVersionCapabilityOpenShiftSamples,
ClusterVersionCapabilityCSISnapshot,
ClusterVersionCapabilityNodeTuning,
}
// ClusterVersionCapabilitySet defines sets of cluster version capabilities.
// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;vCurrent
type ClusterVersionCapabilitySet string
const (
// ClusterVersionCapabilitySetNone is an empty set enabling
// no optional capabilities.
ClusterVersionCapabilitySetNone ClusterVersionCapabilitySet = "None"
// ClusterVersionCapabilitySet4_11 is the recommended set of
// optional capabilities to enable for the 4.11 version of
// OpenShift. This list will remain the same no matter which
// version of OpenShift is installed.
ClusterVersionCapabilitySet4_11 ClusterVersionCapabilitySet = "v4.11"
// ClusterVersionCapabilitySet4_12 is the recommended set of
// optional capabilities to enable for the 4.12 version of
// OpenShift. This list will remain the same no matter which
// version of OpenShift is installed.
ClusterVersionCapabilitySet4_12 ClusterVersionCapabilitySet = "v4.12"
// ClusterVersionCapabilitySet4_13 is the recommended set of
// optional capabilities to enable for the 4.13 version of
// OpenShift. This list will remain the same no matter which
// version of OpenShift is installed.
ClusterVersionCapabilitySet4_13 ClusterVersionCapabilitySet = "v4.13"
// ClusterVersionCapabilitySetCurrent is the recommended set
// of optional capabilities to enable for the cluster's
// current version of OpenShift.
ClusterVersionCapabilitySetCurrent ClusterVersionCapabilitySet = "vCurrent"
)
// ClusterVersionCapabilitySets defines sets of cluster version capabilities.
var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVersionCapability{
ClusterVersionCapabilitySetNone: {},
ClusterVersionCapabilitySet4_11: {
ClusterVersionCapabilityBaremetal,
ClusterVersionCapabilityMarketplace,
ClusterVersionCapabilityOpenShiftSamples,
},
ClusterVersionCapabilitySet4_12: {
ClusterVersionCapabilityBaremetal,
ClusterVersionCapabilityConsole,
ClusterVersionCapabilityInsights,
ClusterVersionCapabilityMarketplace,
ClusterVersionCapabilityStorage,
ClusterVersionCapabilityOpenShiftSamples,
ClusterVersionCapabilityCSISnapshot,
},
ClusterVersionCapabilitySet4_13: {
ClusterVersionCapabilityBaremetal,
ClusterVersionCapabilityConsole,
ClusterVersionCapabilityInsights,
ClusterVersionCapabilityMarketplace,
ClusterVersionCapabilityStorage,
ClusterVersionCapabilityOpenShiftSamples,
ClusterVersionCapabilityCSISnapshot,
ClusterVersionCapabilityNodeTuning,
},
ClusterVersionCapabilitySetCurrent: {
ClusterVersionCapabilityBaremetal,
ClusterVersionCapabilityConsole,
ClusterVersionCapabilityInsights,
ClusterVersionCapabilityMarketplace,
ClusterVersionCapabilityStorage,
ClusterVersionCapabilityOpenShiftSamples,
ClusterVersionCapabilityCSISnapshot,
ClusterVersionCapabilityNodeTuning,
},
}
// ClusterVersionCapabilitiesSpec selects the managed set of
// optional, core cluster components.
// +k8s:deepcopy-gen=true
type ClusterVersionCapabilitiesSpec struct {
// baselineCapabilitySet selects an initial set of
// optional capabilities to enable, which can be extended via
// additionalEnabledCapabilities. If unset, the cluster will
// choose a default, and the default may change over time.
// The current default is vCurrent.
// +optional
BaselineCapabilitySet ClusterVersionCapabilitySet `json:"baselineCapabilitySet,omitempty"`
// additionalEnabledCapabilities extends the set of managed
// capabilities beyond the baseline defined in
// baselineCapabilitySet. The default is an empty set.
// +listType=atomic
// +optional
AdditionalEnabledCapabilities []ClusterVersionCapability `json:"additionalEnabledCapabilities,omitempty"`
}
// ClusterVersionCapabilitiesStatus describes the state of optional,
// core cluster components.
// +k8s:deepcopy-gen=true
type ClusterVersionCapabilitiesStatus struct {
// enabledCapabilities lists all the capabilities that are currently managed.
// +listType=atomic
// +optional
EnabledCapabilities []ClusterVersionCapability `json:"enabledCapabilities,omitempty"`
// knownCapabilities lists all the capabilities known to the current cluster.
// +listType=atomic
// +optional
KnownCapabilities []ClusterVersionCapability `json:"knownCapabilities,omitempty"`
}
// ComponentOverride allows overriding cluster version operator's behavior
// for a component.
// +k8s:deepcopy-gen=true
type ComponentOverride struct {
// kind indentifies which object to override.
// +kubebuilder:validation:Required
// +required
Kind string `json:"kind"`
// group identifies the API group that the kind is in.
// +kubebuilder:validation:Required
// +required
Group string `json:"group"`
// namespace is the component's namespace. If the resource is cluster
// scoped, the namespace should be empty.
// +kubebuilder:validation:Required
// +required
Namespace string `json:"namespace"`
// name is the component's name.
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
// unmanaged controls if cluster version operator should stop managing the
// resources in this cluster.
// Default: false
// +kubebuilder:validation:Required
// +required
Unmanaged bool `json:"unmanaged"`
}
// URL is a thin wrapper around string that ensures the string is a valid URL.
type URL string
// Update represents an administrator update request.
// +kubebuilder:validation:XValidation:rule="has(self.architecture) && has(self.image) ? (self.architecture == '' || self.image == '') : true",message="cannot set both Architecture and Image"
// +kubebuilder:validation:XValidation:rule="has(self.architecture) && self.architecture != '' ? self.version != '' : true",message="Version must be set if Architecture is set"
// +k8s:deepcopy-gen=true
type Update struct {
// architecture is an optional field that indicates the desired
// value of the cluster architecture. In this context cluster
// architecture means either a single architecture or a multi
// architecture. architecture can only be set to Multi thereby
// only allowing updates from single to multi architecture. If
// architecture is set, image cannot be set and version must be
// set.
// Valid values are 'Multi' and empty.
//
// +optional
Architecture ClusterVersionArchitecture `json:"architecture"`
// version is a semantic version identifying the update version.
// version is ignored if image is specified and required if
// architecture is specified.
//
// +optional
Version string `json:"version"`
// image is a container image location that contains the update.
// image should be used when the desired version does not exist in availableUpdates or history.
// When image is set, version is ignored. When image is set, version should be empty.
// When image is set, architecture cannot be specified.
//
// +optional
Image string `json:"image"`
// force allows an administrator to update to an image that has failed
// verification or upgradeable checks. This option should only
// be used when the authenticity of the provided image has been verified out
// of band because the provided image will run with full administrative access
// to the cluster. Do not use this flag with images that comes from unknown
// or potentially malicious sources.
//
// +optional
Force bool `json:"force"`
}
// Release represents an OpenShift release image and associated metadata.
// +k8s:deepcopy-gen=true
type Release struct {
// version is a semantic version identifying the update version. When this
// field is part of spec, version is optional if image is specified.
// +required
Version string `json:"version"`
// image is a container image location that contains the update. When this
// field is part of spec, image is optional if version is specified and the
// availableUpdates field contains a matching version.
// +required
Image string `json:"image"`
// url contains information about this release. This URL is set by
// the 'url' metadata property on a release or the metadata returned by
// the update API and should be displayed as a link in user
// interfaces. The URL field may not be set for test or nightly
// releases.
// +optional
URL URL `json:"url,omitempty"`
// channels is the set of Cincinnati channels to which the release
// currently belongs.
// +optional
Channels []string `json:"channels,omitempty"`
}
// RetrievedUpdates reports whether available updates have been retrieved from
// the upstream update server. The condition is Unknown before retrieval, False
// if the updates could not be retrieved or recently failed, or True if the
// availableUpdates field is accurate and recent.
const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates"
// ConditionalUpdate represents an update which is recommended to some
// clusters on the version the current cluster is reconciling, but which
// may not be recommended for the current cluster.
type ConditionalUpdate struct {
// release is the target of the update.
// +kubebuilder:validation:Required
// +required
Release Release `json:"release"`
// risks represents the range of issues associated with
// updating to the target release. The cluster-version
// operator will evaluate all entries, and only recommend the
// update if there is at least one entry and all entries
// recommend the update.
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
// +patchMergeKey=name
// +patchStrategy=merge
// +listType=map
// +listMapKey=name
// +required
Risks []ConditionalUpdateRisk `json:"risks" patchStrategy:"merge" patchMergeKey:"name"`
// conditions represents the observations of the conditional update's
// current status. Known types are:
// * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules.
// * Recommended, for whether the update is recommended for the current cluster.
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
}
// ConditionalUpdateRisk represents a reason and cluster-state
// for not recommending a conditional update.
// +k8s:deepcopy-gen=true
type ConditionalUpdateRisk struct {
// url contains information about this risk.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Format=uri
// +kubebuilder:validation:MinLength=1
// +required
URL string `json:"url"`
// name is the CamelCase reason for not recommending a
// conditional update, in the event that matchingRules match the
// cluster state.
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
// +required
Name string `json:"name"`
// message provides additional information about the risk of
// updating, in the event that matchingRules match the cluster
// state. This is only to be consumed by humans. It may
// contain Line Feed characters (U+000A), which should be
// rendered as new lines.
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
// +required
Message string `json:"message"`
// matchingRules is a slice of conditions for deciding which
// clusters match the risk and which do not. The slice is
// ordered by decreasing precedence. The cluster-version
// operator will walk the slice in order, and stop after the
// first it can successfully evaluate. If no condition can be
// successfully evaluated, the update will not be recommended.
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems=1
// +listType=atomic
// +required
MatchingRules []ClusterCondition `json:"matchingRules"`
}
// ClusterCondition is a union of typed cluster conditions. The 'type'
// property determines which of the type-specific properties are relevant.
// When evaluated on a cluster, the condition may match, not match, or
// fail to evaluate.
// +k8s:deepcopy-gen=true
type ClusterCondition struct {
// type represents the cluster-condition type. This defines
// the members and semantics of any additional properties.
// +kubebuilder:validation:Required
// +kubebuilder:validation:Enum={"Always","PromQL"}
// +required
Type string `json:"type"`
// promQL represents a cluster condition based on PromQL.
// +optional
PromQL *PromQLClusterCondition `json:"promql,omitempty"`
}
// PromQLClusterCondition represents a cluster condition based on PromQL.
type PromQLClusterCondition struct {
// PromQL is a PromQL query classifying clusters. This query
// query should return a 1 in the match case and a 0 in the
// does-not-match case. Queries which return no time
// series, or which return values besides 0 or 1, are
// evaluation failures.
// +kubebuilder:validation:Required
// +required
PromQL string `json:"promql"`
}
// ClusterVersionList is a list of ClusterVersion resources.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +openshift:compatibility-gen:level=1
type ClusterVersionList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []ClusterVersion `json:"items"`
}

75
vendor/github.com/openshift/api/config/v1/types_console.go generated vendored Normal file
View File

@@ -0,0 +1,75 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Console holds cluster-wide configuration for the web console, including the
// logout URL, and reports the public URL of the console. The canonical name is
// `cluster`.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Console struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ConsoleSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ConsoleStatus `json:"status"`
}
// ConsoleSpec is the specification of the desired behavior of the Console.
type ConsoleSpec struct {
// +optional
Authentication ConsoleAuthentication `json:"authentication"`
}
// ConsoleStatus defines the observed status of the Console.
type ConsoleStatus struct {
// The URL for the console. This will be derived from the host for the route that
// is created for the console.
ConsoleURL string `json:"consoleURL"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ConsoleList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Console `json:"items"`
}
// ConsoleAuthentication defines a list of optional configuration for console authentication.
type ConsoleAuthentication struct {
// An optional, absolute URL to redirect web browsers to after logging out of
// the console. If not specified, it will redirect to the default login page.
// This is required when using an identity provider that supports single
// sign-on (SSO) such as:
// - OpenID (Keycloak, Azure)
// - RequestHeader (GSSAPI, SSPI, SAML)
// - OAuth (GitHub, GitLab, Google)
// Logging out of the console will destroy the user's token. The logoutRedirect
// provides the user the option to perform single logout (SLO) through the identity
// provider to destroy their single sign-on session.
// +optional
// +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$`
LogoutRedirect string `json:"logoutRedirect,omitempty"`
}

98
vendor/github.com/openshift/api/config/v1/types_dns.go generated vendored Normal file
View File

@@ -0,0 +1,98 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DNS holds cluster-wide information about DNS. The canonical name is `cluster`
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type DNS struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec DNSSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status DNSStatus `json:"status"`
}
type DNSSpec struct {
// baseDomain is the base domain of the cluster. All managed DNS records will
// be sub-domains of this base.
//
// For example, given the base domain `openshift.example.com`, an API server
// DNS record may be created for `cluster-api.openshift.example.com`.
//
// Once set, this field cannot be changed.
BaseDomain string `json:"baseDomain"`
// publicZone is the location where all the DNS records that are publicly accessible to
// the internet exist.
//
// If this field is nil, no public records should be created.
//
// Once set, this field cannot be changed.
//
// +optional
PublicZone *DNSZone `json:"publicZone,omitempty"`
// privateZone is the location where all the DNS records that are only available internally
// to the cluster exist.
//
// If this field is nil, no private records should be created.
//
// Once set, this field cannot be changed.
//
// +optional
PrivateZone *DNSZone `json:"privateZone,omitempty"`
}
// DNSZone is used to define a DNS hosted zone.
// A zone can be identified by an ID or tags.
type DNSZone struct {
// id is the identifier that can be used to find the DNS hosted zone.
//
// on AWS zone can be fetched using `ID` as id in [1]
// on Azure zone can be fetched using `ID` as a pre-determined name in [2],
// on GCP zone can be fetched using `ID` as a pre-determined name in [3].
//
// [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
// [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
// [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
// +optional
ID string `json:"id,omitempty"`
// tags can be used to query the DNS hosted zone.
//
// on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,
//
// [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
// +optional
Tags map[string]string `json:"tags,omitempty"`
}
type DNSStatus struct {
// dnsSuffix (service-ca amongst others)
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type DNSList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []DNS `json:"items"`
}

283
vendor/github.com/openshift/api/config/v1/types_feature.go generated vendored Normal file
View File

@@ -0,0 +1,283 @@
package v1
import (
"fmt"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Feature holds cluster-wide information about feature gates. The canonical name is `cluster`
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type FeatureGate struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec FeatureGateSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status FeatureGateStatus `json:"status"`
}
type FeatureSet string
var (
// Default feature set that allows upgrades.
Default FeatureSet = ""
// TechPreviewNoUpgrade turns on tech preview features that are not part of the normal supported platform. Turning
// this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES.
TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade"
// CustomNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
// Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations
// your cluster may fail in an unrecoverable way.
CustomNoUpgrade FeatureSet = "CustomNoUpgrade"
// TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature.
LatencySensitive FeatureSet = "LatencySensitive"
)
type FeatureGateSpec struct {
FeatureGateSelection `json:",inline"`
}
// +union
type FeatureGateSelection struct {
// featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting.
// Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
// +unionDiscriminator
// +optional
FeatureSet FeatureSet `json:"featureSet,omitempty"`
// customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
// Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations
// your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field.
// +optional
// +nullable
CustomNoUpgrade *CustomFeatureGates `json:"customNoUpgrade,omitempty"`
}
type CustomFeatureGates struct {
// enabled is a list of all feature gates that you want to force on
// +optional
Enabled []FeatureGateName `json:"enabled,omitempty"`
// disabled is a list of all feature gates that you want to force off
// +optional
Disabled []FeatureGateName `json:"disabled,omitempty"`
}
// FeatureGateName is a string to enforce patterns on the name of a FeatureGate
// +kubebuilder:validation:Pattern=`^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$`
type FeatureGateName string
type FeatureGateStatus struct {
// conditions represent the observations of the current state.
// Known .status.conditions.type are: "DeterminationDegraded"
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion.
// Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate
// the version they are managing, find the enabled/disabled featuregates and make the operand and operator match.
// The enabled/disabled values for a particular version may change during the life of the cluster as various
// .spec.featureSet values are selected.
// Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable
// lists is beyond the scope of this API and is the responsibility of individual operators.
// Only featureGates with .version in the ClusterVersion.status will be present in this list.
// +listType=map
// +listMapKey=version
FeatureGates []FeatureGateDetails `json:"featureGates"`
}
type FeatureGateDetails struct {
// version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.
// +kubebuilder:validation:Required
// +required
Version string `json:"version"`
// enabled is a list of all feature gates that are enabled in the cluster for the named version.
// +optional
Enabled []FeatureGateAttributes `json:"enabled"`
// disabled is a list of all feature gates that are disabled in the cluster for the named version.
// +optional
Disabled []FeatureGateAttributes `json:"disabled"`
}
type FeatureGateAttributes struct {
// name is the name of the FeatureGate.
// +kubebuilder:validation:Required
Name FeatureGateName `json:"name"`
// possible (probable?) future additions include
// 1. support level (Stable, ServiceDeliveryOnly, TechPreview, DevPreview)
// 2. description
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type FeatureGateList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []FeatureGate `json:"items"`
}
type FeatureGateEnabledDisabled struct {
Enabled []FeatureGateDescription
Disabled []FeatureGateDescription
}
// FeatureSets Contains a map of Feature names to Enabled/Disabled Feature.
//
// NOTE: The caller needs to make sure to check for the existence of the value
// using golang's existence field. A possible scenario is an upgrade where new
// FeatureSets are added and a controller has not been upgraded with a newer
// version of this file. In this upgrade scenario the map could return nil.
//
// example:
//
// if featureSet, ok := FeatureSets["SomeNewFeature"]; ok { }
//
// If you put an item in either of these lists, put your area and name on it so we can find owners.
var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{
Default: defaultFeatures,
CustomNoUpgrade: {
Enabled: []FeatureGateDescription{},
Disabled: []FeatureGateDescription{},
},
TechPreviewNoUpgrade: newDefaultFeatures().
with(externalCloudProvider).
with(externalCloudProviderAzure).
with(externalCloudProviderGCP).
with(csiDriverSharedResource).
with(buildCSIVolumes).
with(nodeSwap).
with(machineAPIProviderOpenStack).
with(insightsConfigAPI).
with(matchLabelKeysInPodTopologySpread).
with(retroactiveDefaultStorageClass).
with(pdbUnhealthyPodEvictionPolicy).
with(dynamicResourceAllocation).
with(admissionWebhookMatchConditions).
with(azureWorkloadIdentity).
with(gateGatewayAPI).
toFeatures(defaultFeatures),
LatencySensitive: newDefaultFeatures().
toFeatures(defaultFeatures),
}
var defaultFeatures = &FeatureGateEnabledDisabled{
Enabled: []FeatureGateDescription{
openShiftPodSecurityAdmission,
},
Disabled: []FeatureGateDescription{
retroactiveDefaultStorageClass,
},
}
type featureSetBuilder struct {
forceOn []FeatureGateDescription
forceOff []FeatureGateDescription
}
func newDefaultFeatures() *featureSetBuilder {
return &featureSetBuilder{}
}
func (f *featureSetBuilder) with(forceOn FeatureGateDescription) *featureSetBuilder {
for _, curr := range f.forceOn {
if curr.FeatureGateAttributes.Name == forceOn.FeatureGateAttributes.Name {
panic(fmt.Errorf("coding error: %q enabled twice", forceOn.FeatureGateAttributes.Name))
}
}
f.forceOn = append(f.forceOn, forceOn)
return f
}
func (f *featureSetBuilder) without(forceOff FeatureGateDescription) *featureSetBuilder {
for _, curr := range f.forceOff {
if curr.FeatureGateAttributes.Name == forceOff.FeatureGateAttributes.Name {
panic(fmt.Errorf("coding error: %q disabled twice", forceOff.FeatureGateAttributes.Name))
}
}
f.forceOff = append(f.forceOff, forceOff)
return f
}
func (f *featureSetBuilder) isForcedOff(needle FeatureGateDescription) bool {
for _, forcedOff := range f.forceOff {
if needle.FeatureGateAttributes.Name == forcedOff.FeatureGateAttributes.Name {
return true
}
}
return false
}
func (f *featureSetBuilder) isForcedOn(needle FeatureGateDescription) bool {
for _, forceOn := range f.forceOn {
if needle.FeatureGateAttributes.Name == forceOn.FeatureGateAttributes.Name {
return true
}
}
return false
}
func (f *featureSetBuilder) toFeatures(defaultFeatures *FeatureGateEnabledDisabled) *FeatureGateEnabledDisabled {
finalOn := []FeatureGateDescription{}
finalOff := []FeatureGateDescription{}
// only add the default enabled features if they haven't been explicitly set off
for _, defaultOn := range defaultFeatures.Enabled {
if !f.isForcedOff(defaultOn) {
finalOn = append(finalOn, defaultOn)
}
}
for _, currOn := range f.forceOn {
if f.isForcedOff(currOn) {
panic("coding error, you can't have features both on and off")
}
found := false
for _, alreadyOn := range finalOn {
if alreadyOn.FeatureGateAttributes.Name == currOn.FeatureGateAttributes.Name {
found = true
}
}
if found {
continue
}
finalOn = append(finalOn, currOn)
}
// only add the default disabled features if they haven't been explicitly set on
for _, defaultOff := range defaultFeatures.Disabled {
if !f.isForcedOn(defaultOff) {
finalOff = append(finalOff, defaultOff)
}
}
for _, currOff := range f.forceOff {
finalOff = append(finalOff, currOff)
}
return &FeatureGateEnabledDisabled{
Enabled: finalOn,
Disabled: finalOff,
}
}

134
vendor/github.com/openshift/api/config/v1/types_image.go generated vendored Normal file
View File

@@ -0,0 +1,134 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Image governs policies related to imagestream imports and runtime configuration
// for external registries. It allows cluster admins to configure which registries
// OpenShift is allowed to import images from, extra CA trust bundles for external
// registries, and policies to block or allow registry hostnames.
// When exposing OpenShift's image registry to the public, this also lets cluster
// admins specify the external hostname.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Image struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ImageSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ImageStatus `json:"status"`
}
type ImageSpec struct {
// allowedRegistriesForImport limits the container image registries that normal users may import
// images from. Set this list to the registries that you trust to contain valid Docker
// images and that you want applications to be able to import from. Users with
// permission to create Images or ImageStreamMappings via the API are not affected by
// this policy - typically only administrators or system integrations will have those
// permissions.
// +optional
AllowedRegistriesForImport []RegistryLocation `json:"allowedRegistriesForImport,omitempty"`
// externalRegistryHostnames provides the hostnames for the default external image
// registry. The external hostname should be set only when the image registry
// is exposed externally. The first value is used in 'publicDockerImageRepository'
// field in ImageStreams. The value must be in "hostname[:port]" format.
// +optional
ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
// additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
// should be trusted during imagestream import, pod image pull, build image pull, and
// imageregistry pullthrough.
// The namespace for this config map is openshift-config.
// +optional
AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"`
// registrySources contains configuration that determines how the container runtime
// should treat individual registries when accessing images for builds+pods. (e.g.
// whether or not to allow insecure access). It does not contain configuration for the
// internal cluster registry.
// +optional
RegistrySources RegistrySources `json:"registrySources"`
}
type ImageStatus struct {
// internalRegistryHostname sets the hostname for the default internal image
// registry. The value must be in "hostname[:port]" format.
// This value is set by the image registry operator which controls the internal registry
// hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY
// environment variable but this setting overrides the environment variable.
// +optional
InternalRegistryHostname string `json:"internalRegistryHostname,omitempty"`
// externalRegistryHostnames provides the hostnames for the default external image
// registry. The external hostname should be set only when the image registry
// is exposed externally. The first value is used in 'publicDockerImageRepository'
// field in ImageStreams. The value must be in "hostname[:port]" format.
// +optional
ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ImageList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Image `json:"items"`
}
// RegistryLocation contains a location of the registry specified by the registry domain
// name. The domain name might include wildcards, like '*' or '??'.
type RegistryLocation struct {
// domainName specifies a domain name for the registry
// In case the registry use non-standard (80 or 443) port, the port should be included
// in the domain name as well.
DomainName string `json:"domainName"`
// insecure indicates whether the registry is secure (https) or insecure (http)
// By default (if not specified) the registry is assumed as secure.
// +optional
Insecure bool `json:"insecure,omitempty"`
}
// RegistrySources holds cluster-wide information about how to handle the registries config.
type RegistrySources struct {
// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
// +optional
InsecureRegistries []string `json:"insecureRegistries,omitempty"`
// blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
// +optional
BlockedRegistries []string `json:"blockedRegistries,omitempty"`
// allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
// +optional
AllowedRegistries []string `json:"allowedRegistries,omitempty"`
// containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
// domains in their pull specs. Registries will be searched in the order provided in the list.
// Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
// +optional
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:Format=hostname
// +listType=set
ContainerRuntimeSearchRegistries []string `json:"containerRuntimeSearchRegistries,omitempty"`
}

95
vendor/github.com/openshift/api/config/v1/types_image_content_policy.go generated vendored Normal file
View File

@@ -0,0 +1,95 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules.
// When multiple policies are defined, the outcome of the behavior is defined on each field.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ImageContentPolicy struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ImageContentPolicySpec `json:"spec"`
}
// ImageContentPolicySpec is the specification of the ImageContentPolicy CRD.
type ImageContentPolicySpec struct {
// repositoryDigestMirrors allows images referenced by image digests in pods to be
// pulled from alternative mirrored repository locations. The image pull specification
// provided to the pod will be compared to the source locations described in RepositoryDigestMirrors
// and the image may be pulled down from any of the mirrors in the list instead of the
// specified repository allowing administrators to choose a potentially faster mirror.
// To pull image from mirrors by tags, should set the "allowMirrorByTags".
//
// Each “source” repository is treated independently; configurations for different “source”
// repositories dont interact.
//
// If the "mirrors" is not specified, the image will continue to be pulled from the specified
// repository in the pull spec.
//
// When multiple policies are defined for the same “source” repository, the sets of defined
// mirrors will be merged together, preserving the relative order of the mirrors, if possible.
// For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
// mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict
// (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
// +optional
// +listType=map
// +listMapKey=source
RepositoryDigestMirrors []RepositoryDigestMirrors `json:"repositoryDigestMirrors"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ImageContentPolicyList lists the items in the ImageContentPolicy CRD.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ImageContentPolicyList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []ImageContentPolicy `json:"items"`
}
// RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type RepositoryDigestMirrors struct {
// source is the repository that users refer to, e.g. in image pull specifications.
// +required
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$`
Source string `json:"source"`
// allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests.
// Pulling images by tag can potentially yield different images, depending on which endpoint
// we pull from. Forcing digest-pulls for mirrors avoids that issue.
// +optional
AllowMirrorByTags bool `json:"allowMirrorByTags,omitempty"`
// mirrors is zero or more repositories that may also contain the same images.
// If the "mirrors" is not specified, the image will continue to be pulled from the specified
// repository in the pull spec. No mirror will be configured.
// The order of mirrors in this list is treated as the user's desired priority, while source
// is by default considered lower priority than all mirrors. Other cluster configuration,
// including (but not limited to) other repositoryDigestMirrors objects,
// may impact the exact order mirrors are contacted in, or some mirrors may be contacted
// in parallel, so this should be considered a preference rather than a guarantee of ordering.
// +optional
// +listType=set
Mirrors []Mirror `json:"mirrors,omitempty"`
}
// +kubebuilder:validation:Pattern=`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$`
type Mirror string

137
vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go generated vendored Normal file
View File

@@ -0,0 +1,137 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification.
// When multiple policies are defined, the outcome of the behavior is defined on each field.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ImageDigestMirrorSet struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ImageDigestMirrorSetSpec `json:"spec"`
// status contains the observed state of the resource.
// +optional
Status ImageDigestMirrorSetStatus `json:"status,omitempty"`
}
// ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD.
type ImageDigestMirrorSetSpec struct {
// imageDigestMirrors allows images referenced by image digests in pods to be
// pulled from alternative mirrored repository locations. The image pull specification
// provided to the pod will be compared to the source locations described in imageDigestMirrors
// and the image may be pulled down from any of the mirrors in the list instead of the
// specified repository allowing administrators to choose a potentially faster mirror.
// To use mirrors to pull images using tag specification, users should configure
// a list of mirrors using "ImageTagMirrorSet" CRD.
//
// If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects,
// only the objects which define the most specific namespace match will be used.
// For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as
// the "source", only the objects using quay.io/libpod/busybox are going to apply
// for pull specification quay.io/libpod/busybox.
// Each “source” repository is treated independently; configurations for different “source”
// repositories dont interact.
//
// If the "mirrors" is not specified, the image will continue to be pulled from the specified
// repository in the pull spec.
//
// When multiple policies are defined for the same “source” repository, the sets of defined
// mirrors will be merged together, preserving the relative order of the mirrors, if possible.
// For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
// mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict
// (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
// Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.
// +optional
// +listType=atomic
ImageDigestMirrors []ImageDigestMirrors `json:"imageDigestMirrors"`
}
type ImageDigestMirrorSetStatus struct{}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ImageDigestMirrorSetList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []ImageDigestMirrorSet `json:"items"`
}
// +kubebuilder:validation:Pattern=`^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$`
type ImageMirror string
// MirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.
// +kubebuilder:validation:Enum=NeverContactSource;AllowContactingSource
type MirrorSourcePolicy string
const (
// NeverContactSource prevents image pull from the specified repository in the pull spec if the image pull from the mirror list fails.
NeverContactSource MirrorSourcePolicy = "NeverContactSource"
// AllowContactingSource allows falling back to the specified repository in the pull spec if the image pull from the mirror list fails.
AllowContactingSource MirrorSourcePolicy = "AllowContactingSource"
)
// ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type ImageDigestMirrors struct {
// source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname
// e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.
// "source" uses one of the following formats:
// host[:port]
// host[:port]/namespace[/namespace…]
// host[:port]/namespace[/namespace…]/repo
// [*.]host
// for more information about the format, see the document about the location field:
// https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
// +required
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$`
Source string `json:"source"`
// mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.
// Images can be pulled from these mirrors only if they are referenced by their digests.
// The mirrored location is obtained by replacing the part of the input reference that
// matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,
// a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo
// repository to be used.
// The order of mirrors in this list is treated as the user's desired priority, while source
// is by default considered lower priority than all mirrors.
// If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be
// pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy"
// Other cluster configuration, including (but not limited to) other imageDigestMirrors objects,
// may impact the exact order mirrors are contacted in, or some mirrors may be contacted
// in parallel, so this should be considered a preference rather than a guarantee of ordering.
// "mirrors" uses one of the following formats:
// host[:port]
// host[:port]/namespace[/namespace…]
// host[:port]/namespace[/namespace…]/repo
// for more information about the format, see the document about the location field:
// https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
// +optional
// +listType=set
Mirrors []ImageMirror `json:"mirrors,omitempty"`
// mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.
// If unset, the image will continue to be pulled from the the repository in the pull spec.
// sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
// +optional
MirrorSourcePolicy MirrorSourcePolicy `json:"mirrorSourcePolicy,omitempty"`
}

124
vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go generated vendored Normal file
View File

@@ -0,0 +1,124 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification.
// When multiple policies are defined, the outcome of the behavior is defined on each field.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ImageTagMirrorSet struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ImageTagMirrorSetSpec `json:"spec"`
// status contains the observed state of the resource.
// +optional
Status ImageTagMirrorSetStatus `json:"status,omitempty"`
}
// ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD.
type ImageTagMirrorSetSpec struct {
// imageTagMirrors allows images referenced by image tags in pods to be
// pulled from alternative mirrored repository locations. The image pull specification
// provided to the pod will be compared to the source locations described in imageTagMirrors
// and the image may be pulled down from any of the mirrors in the list instead of the
// specified repository allowing administrators to choose a potentially faster mirror.
// To use mirrors to pull images using digest specification only, users should configure
// a list of mirrors using "ImageDigestMirrorSet" CRD.
//
// If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects,
// only the objects which define the most specific namespace match will be used.
// For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as
// the "source", only the objects using quay.io/libpod/busybox are going to apply
// for pull specification quay.io/libpod/busybox.
// Each “source” repository is treated independently; configurations for different “source”
// repositories dont interact.
//
// If the "mirrors" is not specified, the image will continue to be pulled from the specified
// repository in the pull spec.
//
// When multiple policies are defined for the same “source” repository, the sets of defined
// mirrors will be merged together, preserving the relative order of the mirrors, if possible.
// For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the
// mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict
// (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.
// Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.
// +optional
// +listType=atomic
ImageTagMirrors []ImageTagMirrors `json:"imageTagMirrors"`
}
type ImageTagMirrorSetStatus struct{}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ImageTagMirrorSetList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []ImageTagMirrorSet `json:"items"`
}
// ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type ImageTagMirrors struct {
// source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname
// e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry.
// "source" uses one of the following formats:
// host[:port]
// host[:port]/namespace[/namespace…]
// host[:port]/namespace[/namespace…]/repo
// [*.]host
// for more information about the format, see the document about the location field:
// https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
// +required
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$`
Source string `json:"source"`
// mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified.
// Images can be pulled from these mirrors only if they are referenced by their tags.
// The mirrored location is obtained by replacing the part of the input reference that
// matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference,
// a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo
// repository to be used.
// Pulling images by tag can potentially yield different images, depending on which endpoint we pull from.
// Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue.
// The order of mirrors in this list is treated as the user's desired priority, while source
// is by default considered lower priority than all mirrors.
// If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be
// pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy".
// Other cluster configuration, including (but not limited to) other imageTagMirrors objects,
// may impact the exact order mirrors are contacted in, or some mirrors may be contacted
// in parallel, so this should be considered a preference rather than a guarantee of ordering.
// "mirrors" uses one of the following formats:
// host[:port]
// host[:port]/namespace[/namespace…]
// host[:port]/namespace[/namespace…]/repo
// for more information about the format, see the document about the location field:
// https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
// +optional
// +listType=set
Mirrors []ImageMirror `json:"mirrors,omitempty"`
// mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors.
// If unset, the image will continue to be pulled from the repository in the pull spec.
// sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
// +optional
MirrorSourcePolicy MirrorSourcePolicy `json:"mirrorSourcePolicy,omitempty"`
}

1342
vendor/github.com/openshift/api/config/v1/types_infrastructure.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

334
vendor/github.com/openshift/api/config/v1/types_ingress.go generated vendored Normal file
View File

@@ -0,0 +1,334 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Ingress holds cluster-wide information about ingress, including the default ingress domain
// used for routes. The canonical name is `cluster`.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Ingress struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec IngressSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status IngressStatus `json:"status"`
}
type IngressSpec struct {
// domain is used to generate a default host name for a route when the
// route's host name is empty. The generated host name will follow this
// pattern: "<route-name>.<route-namespace>.<domain>".
//
// It is also used as the default wildcard domain suffix for ingress. The
// default ingresscontroller domain will follow this pattern: "*.<domain>".
//
// Once set, changing domain is not currently supported.
Domain string `json:"domain"`
// appsDomain is an optional domain to use instead of the one specified
// in the domain field when a Route is created without specifying an explicit
// host. If appsDomain is nonempty, this value is used to generate default
// host values for Route. Unlike domain, appsDomain may be modified after
// installation.
// This assumes a new ingresscontroller has been setup with a wildcard
// certificate.
// +optional
AppsDomain string `json:"appsDomain,omitempty"`
// componentRoutes is an optional list of routes that are managed by OpenShift components
// that a cluster-admin is able to configure the hostname and serving certificate for.
// The namespace and name of each route in this list should match an existing entry in the
// status.componentRoutes list.
//
// To determine the set of configurable Routes, look at namespace and name of entries in the
// .status.componentRoutes list, where participating operators write the status of
// configurable routes.
// +optional
// +listType=map
// +listMapKey=namespace
// +listMapKey=name
ComponentRoutes []ComponentRouteSpec `json:"componentRoutes,omitempty"`
// requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes
// matching the domainPattern/s and namespaceSelector/s that are specified in the policy.
// Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route
// annotation, and affect route admission.
//
// A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation:
// "haproxy.router.openshift.io/hsts_header"
// E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains
//
// - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector,
// then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route
// is rejected.
// - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies
// determines the route's admission status.
// - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector,
// then it may use any HSTS Policy annotation.
//
// The HSTS policy configuration may be changed after routes have already been created. An update to a previously
// admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration.
// However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.
//
// Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.
// +optional
RequiredHSTSPolicies []RequiredHSTSPolicy `json:"requiredHSTSPolicies,omitempty"`
// loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure
// provider of the current cluster and are required for Ingress Controller to work on OpenShift.
// +optional
LoadBalancer LoadBalancer `json:"loadBalancer,omitempty"`
}
// IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider
// of the current cluster. Since these are used at spec-level for the underlying cluster, it
// is supposed that only one of the spec structs is set.
// +union
type IngressPlatformSpec struct {
// type is the underlying infrastructure provider for the cluster.
// Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
// "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS",
// "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms,
// and must handle unrecognized platforms as None if they do not support that platform.
//
// +unionDiscriminator
Type PlatformType `json:"type"`
// aws contains settings specific to the Amazon Web Services infrastructure provider.
// +optional
AWS *AWSIngressSpec `json:"aws,omitempty"`
}
type LoadBalancer struct {
// platform holds configuration specific to the underlying
// infrastructure provider for the ingress load balancers.
// When omitted, this means the user has no opinion and the platform is left
// to choose reasonable defaults. These defaults are subject to change over time.
// +optional
Platform IngressPlatformSpec `json:"platform,omitempty"`
}
// AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider.
// This only includes fields that can be modified in the cluster.
// +union
type AWSIngressSpec struct {
// type allows user to set a load balancer type.
// When this field is set the default ingresscontroller will get created using the specified LBType.
// If this field is not set then the default ingress controller of LBType Classic will be created.
// Valid values are:
//
// * "Classic": A Classic Load Balancer that makes routing decisions at either
// the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See
// the following for additional details:
//
// https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb
//
// * "NLB": A Network Load Balancer that makes routing decisions at the
// transport layer (TCP/SSL). See the following for additional details:
//
// https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb
// +unionDiscriminator
// +kubebuilder:validation:Enum:=NLB;Classic
// +kubebuilder:validation:Required
Type AWSLBType `json:"type,omitempty"`
}
type AWSLBType string
const (
// NLB is the Network Load Balancer Type of AWS. Using NLB one can set NLB load balancer type for the default ingress controller.
NLB AWSLBType = "NLB"
// Classic is the Classic Load Balancer Type of AWS. Using CLassic one can set Classic load balancer type for the default ingress controller.
Classic AWSLBType = "Classic"
)
// ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported.
// +kubebuilder:validation:Pattern="^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=512
type ConsumingUser string
// Hostname is an alias for hostname string validation.
//
// The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it
// allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric
// characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256.
// ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$
//
// The right operand of the | is a new pattern that mimics the current API route admission validation on hostname,
// except that it allows hostnames longer than the maximum length:
// ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$
//
// Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname
// was saved via validation by the incorrect left operand of the | operator.
//
// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$`
type Hostname string
type IngressStatus struct {
// componentRoutes is where participating operators place the current route status for routes whose
// hostnames and serving certificates can be customized by the cluster-admin.
// +optional
// +listType=map
// +listMapKey=namespace
// +listMapKey=name
ComponentRoutes []ComponentRouteStatus `json:"componentRoutes,omitempty"`
// defaultPlacement is set at installation time to control which
// nodes will host the ingress router pods by default. The options are
// control-plane nodes or worker nodes.
//
// This field works by dictating how the Cluster Ingress Operator will
// consider unset replicas and nodePlacement fields in IngressController
// resources when creating the corresponding Deployments.
//
// See the documentation for the IngressController replicas and nodePlacement
// fields for more information.
//
// When omitted, the default value is Workers
//
// +kubebuilder:validation:Enum:="ControlPlane";"Workers";""
// +optional
DefaultPlacement DefaultPlacement `json:"defaultPlacement"`
}
// ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.
type ComponentRouteSpec struct {
// namespace is the namespace of the route to customize.
//
// The namespace and name of this componentRoute must match a corresponding
// entry in the list of status.componentRoutes if the route is to be customized.
// +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Required
// +required
Namespace string `json:"namespace"`
// name is the logical name of the route to customize.
//
// The namespace and name of this componentRoute must match a corresponding
// entry in the list of status.componentRoutes if the route is to be customized.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
// hostname is the hostname that should be used by the route.
// +kubebuilder:validation:Required
// +required
Hostname Hostname `json:"hostname"`
// servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace.
// The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name.
// If the custom hostname uses the default routing suffix of the cluster,
// the Secret specification for a serving certificate will not be needed.
// +optional
ServingCertKeyPairSecret SecretNameReference `json:"servingCertKeyPairSecret"`
}
// ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.
type ComponentRouteStatus struct {
// namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace
// ensures that no two components will conflict and the same component can be installed multiple times.
//
// The namespace and name of this componentRoute must match a corresponding
// entry in the list of spec.componentRoutes if the route is to be customized.
// +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=63
// +kubebuilder:validation:Required
// +required
Namespace string `json:"namespace"`
// name is the logical name of the route to customize. It does not have to be the actual name of a route resource
// but it cannot be renamed.
//
// The namespace and name of this componentRoute must match a corresponding
// entry in the list of spec.componentRoutes if the route is to be customized.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=256
// +kubebuilder:validation:Required
// +required
Name string `json:"name"`
// defaultHostname is the hostname of this route prior to customization.
// +kubebuilder:validation:Required
// +required
DefaultHostname Hostname `json:"defaultHostname"`
// consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.
// +kubebuilder:validation:MaxItems=5
// +optional
ConsumingUsers []ConsumingUser `json:"consumingUsers,omitempty"`
// currentHostnames is the list of current names used by the route. Typically, this list should consist of a single
// hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.
// +kubebuilder:validation:MinItems=1
// +optional
CurrentHostnames []Hostname `json:"currentHostnames,omitempty"`
// conditions are used to communicate the state of the componentRoutes entry.
//
// Supported conditions include Available, Degraded and Progressing.
//
// If available is true, the content served by the route can be accessed by users. This includes cases
// where a default may continue to serve content while the customized route specified by the cluster-admin
// is being configured.
//
// If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry.
// The currentHostnames field may or may not be in effect.
//
// If Progressing is true, that means the component is taking some action related to the componentRoutes entry.
// +optional
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition `json:"conditions,omitempty"`
// relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:Required
// +required
RelatedObjects []ObjectReference `json:"relatedObjects"`
}
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +openshift:compatibility-gen:level=1
type IngressList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Ingress `json:"items"`
}
// DefaultPlacement defines the default placement of ingress router pods.
type DefaultPlacement string
const (
// "Workers" is for having router pods placed on worker nodes by default.
DefaultPlacementWorkers DefaultPlacement = "Workers"
// "ControlPlane" is for having router pods placed on control-plane nodes by default.
DefaultPlacementControlPlane DefaultPlacement = "ControlPlane"
)

183
vendor/github.com/openshift/api/config/v1/types_network.go generated vendored Normal file
View File

@@ -0,0 +1,183 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
// Please view network.spec for an explanation on what applies when configuring this resource.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Network struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration.
// As a general rule, this SHOULD NOT be read directly. Instead, you should
// consume the NetworkStatus, as it indicates the currently deployed configuration.
// Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
// +kubebuilder:validation:Required
// +required
Spec NetworkSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status NetworkStatus `json:"status"`
}
// NetworkSpec is the desired network configuration.
// As a general rule, this SHOULD NOT be read directly. Instead, you should
// consume the NetworkStatus, as it indicates the currently deployed configuration.
// Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
type NetworkSpec struct {
// IP address pool to use for pod IPs.
// This field is immutable after installation.
ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"`
// IP address pool for services.
// Currently, we only support a single entry here.
// This field is immutable after installation.
ServiceNetwork []string `json:"serviceNetwork"`
// NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN).
// This should match a value that the cluster-network-operator understands,
// or else no networking will be installed.
// Currently supported values are:
// - OpenShiftSDN
// This field is immutable after installation.
NetworkType string `json:"networkType"`
// externalIP defines configuration for controllers that
// affect Service.ExternalIP. If nil, then ExternalIP is
// not allowed to be set.
// +optional
ExternalIP *ExternalIPConfig `json:"externalIP,omitempty"`
// The port range allowed for Services of type NodePort.
// If not specified, the default of 30000-32767 will be used.
// Such Services without a NodePort specified will have one
// automatically allocated from this range.
// This parameter can be updated after the cluster is
// installed.
// +kubebuilder:validation:Pattern=`^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$`
ServiceNodePortRange string `json:"serviceNodePortRange,omitempty"`
}
// NetworkStatus is the current network configuration.
type NetworkStatus struct {
// IP address pool to use for pod IPs.
ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork,omitempty"`
// IP address pool for services.
// Currently, we only support a single entry here.
ServiceNetwork []string `json:"serviceNetwork,omitempty"`
// NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
NetworkType string `json:"networkType,omitempty"`
// ClusterNetworkMTU is the MTU for inter-pod networking.
ClusterNetworkMTU int `json:"clusterNetworkMTU,omitempty"`
// Migration contains the cluster network migration configuration.
Migration *NetworkMigration `json:"migration,omitempty"`
}
// ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
// are allocated.
type ClusterNetworkEntry struct {
// The complete block for pod IPs.
CIDR string `json:"cidr"`
// The size (prefix) of block to allocate to each node. If this
// field is not used by the plugin, it can be left unset.
// +kubebuilder:validation:Minimum=0
// +optional
HostPrefix uint32 `json:"hostPrefix,omitempty"`
}
// ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field
// of a Service resource.
type ExternalIPConfig struct {
// policy is a set of restrictions applied to the ExternalIP field.
// If nil or empty, then ExternalIP is not allowed to be set.
// +optional
Policy *ExternalIPPolicy `json:"policy,omitempty"`
// autoAssignCIDRs is a list of CIDRs from which to automatically assign
// Service.ExternalIP. These are assigned when the service is of type
// LoadBalancer. In general, this is only useful for bare-metal clusters.
// In Openshift 3.x, this was misleadingly called "IngressIPs".
// Automatically assigned External IPs are not affected by any
// ExternalIPPolicy rules.
// Currently, only one entry may be provided.
// +optional
AutoAssignCIDRs []string `json:"autoAssignCIDRs,omitempty"`
}
// ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP
// field in a Service. If the zero struct is supplied, then none are permitted.
// The policy controller always allows automatically assigned external IPs.
type ExternalIPPolicy struct {
// allowedCIDRs is the list of allowed CIDRs.
AllowedCIDRs []string `json:"allowedCIDRs,omitempty"`
// rejectedCIDRs is the list of disallowed CIDRs. These take precedence
// over allowedCIDRs.
// +optional
RejectedCIDRs []string `json:"rejectedCIDRs,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type NetworkList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Network `json:"items"`
}
// NetworkMigration represents the cluster network configuration.
type NetworkMigration struct {
// NetworkType is the target plugin that is to be deployed.
// Currently supported values are: OpenShiftSDN, OVNKubernetes
// +kubebuilder:validation:Enum={"OpenShiftSDN","OVNKubernetes"}
// +optional
NetworkType string `json:"networkType,omitempty"`
// MTU contains the MTU migration configuration.
// +optional
MTU *MTUMigration `json:"mtu,omitempty"`
}
// MTUMigration contains infomation about MTU migration.
type MTUMigration struct {
// Network contains MTU migration configuration for the default network.
// +optional
Network *MTUMigrationValues `json:"network,omitempty"`
// Machine contains MTU migration configuration for the machine's uplink.
// +optional
Machine *MTUMigrationValues `json:"machine,omitempty"`
}
// MTUMigrationValues contains the values for a MTU migration.
type MTUMigrationValues struct {
// To is the MTU to migrate to.
// +kubebuilder:validation:Minimum=0
To *uint32 `json:"to"`
// From is the MTU to migrate from.
// +kubebuilder:validation:Minimum=0
// +optional
From *uint32 `json:"from,omitempty"`
}

114
vendor/github.com/openshift/api/config/v1/types_node.go generated vendored Normal file
View File

@@ -0,0 +1,114 @@
package v1
import (
"time"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Node holds cluster-wide information about node specific features.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
// +kubebuilder:resource:path=nodes,scope=Cluster
// +kubebuilder:subresource:status
type Node struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec NodeSpec `json:"spec"`
// status holds observed values.
// +optional
Status NodeStatus `json:"status"`
}
type NodeSpec struct {
// CgroupMode determines the cgroups version on the node
// +optional
CgroupMode CgroupMode `json:"cgroupMode,omitempty"`
// WorkerLatencyProfile determins the how fast the kubelet is updating
// the status and corresponding reaction of the cluster
// +optional
WorkerLatencyProfile WorkerLatencyProfileType `json:"workerLatencyProfile,omitempty"`
}
type NodeStatus struct{}
// +kubebuilder:validation:Enum=v1;v2;""
type CgroupMode string
const (
CgroupModeEmpty CgroupMode = "" // Empty string indicates to honor user set value on the system that should not be overridden by OpenShift
CgroupModeV1 CgroupMode = "v1"
CgroupModeV2 CgroupMode = "v2"
CgroupModeDefault CgroupMode = CgroupModeV1
)
// +kubebuilder:validation:Enum=Default;MediumUpdateAverageReaction;LowUpdateSlowReaction
type WorkerLatencyProfileType string
const (
// Medium Kubelet Update Frequency (heart-beat) and Average Reaction Time to unresponsive Node
MediumUpdateAverageReaction WorkerLatencyProfileType = "MediumUpdateAverageReaction"
// Low Kubelet Update Frequency (heart-beat) and Slow Reaction Time to unresponsive Node
LowUpdateSlowReaction WorkerLatencyProfileType = "LowUpdateSlowReaction"
// Default values of relavent Kubelet, Kube Controller Manager and Kube API Server
DefaultUpdateDefaultReaction WorkerLatencyProfileType = "Default"
)
const (
// DefaultNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type
DefaultNodeStatusUpdateFrequency = 10 * time.Second
// DefaultNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type
DefaultNodeMonitorGracePeriod = 40 * time.Second
// DefaultNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type
DefaultNotReadyTolerationSeconds = 300
// DefaultUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type
DefaultUnreachableTolerationSeconds = 300
// MediumNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of MediumUpdateAverageReaction WorkerLatencyProfile type
MediumNodeStatusUpdateFrequency = 20 * time.Second
// MediumNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of MediumUpdateAverageReaction WorkerLatencyProfile type
MediumNodeMonitorGracePeriod = 2 * time.Minute
// MediumNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of MediumUpdateAverageReaction WorkerLatencyProfile type
MediumNotReadyTolerationSeconds = 60
// MediumUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of MediumUpdateAverageReaction WorkerLatencyProfile type
MediumUnreachableTolerationSeconds = 60
// LowNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of LowUpdateSlowReaction WorkerLatencyProfile type
LowNodeStatusUpdateFrequency = 1 * time.Minute
// LowNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of LowUpdateSlowReaction WorkerLatencyProfile type
LowNodeMonitorGracePeriod = 5 * time.Minute
// LowNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of LowUpdateSlowReaction WorkerLatencyProfile type
LowNotReadyTolerationSeconds = 60
// LowUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of LowUpdateSlowReaction WorkerLatencyProfile type
LowUnreachableTolerationSeconds = 60
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type NodeList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Node `json:"items"`
}

592
vendor/github.com/openshift/api/config/v1/types_oauth.go generated vendored Normal file
View File

@@ -0,0 +1,592 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// OAuth Server and Identity Provider Config
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`.
// It is used to configure the integrated OAuth server.
// This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type OAuth struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec OAuthSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status OAuthStatus `json:"status"`
}
// OAuthSpec contains desired cluster auth configuration
type OAuthSpec struct {
// identityProviders is an ordered list of ways for a user to identify themselves.
// When this list is empty, no identities are provisioned for users.
// +optional
// +listType=atomic
IdentityProviders []IdentityProvider `json:"identityProviders,omitempty"`
// tokenConfig contains options for authorization and access tokens
TokenConfig TokenConfig `json:"tokenConfig"`
// templates allow you to customize pages like the login page.
// +optional
Templates OAuthTemplates `json:"templates"`
}
// OAuthStatus shows current known state of OAuth server in the cluster
type OAuthStatus struct {
// TODO Fill in with status of identityProviders and templates (and maybe tokenConfig)
}
// TokenConfig holds the necessary configuration options for authorization and access tokens
type TokenConfig struct {
// accessTokenMaxAgeSeconds defines the maximum age of access tokens
AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds,omitempty"`
// accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.
// +optional
AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"`
// accessTokenInactivityTimeout defines the token inactivity timeout
// for tokens granted by any client.
// The value represents the maximum amount of time that can occur between
// consecutive uses of the token. Tokens become invalid if they are not
// used within this temporal window. The user will need to acquire a new
// token to regain access once a token times out. Takes valid time
// duration string such as "5m", "1.5h" or "2h45m". The minimum allowed
// value for duration is 300s (5 minutes). If the timeout is configured
// per client, then that value takes precedence. If the timeout value is
// not specified and the client does not override the value, then tokens
// are valid until their lifetime.
//
// WARNING: existing tokens' timeout will not be affected (lowered) by changing this value
// +optional
AccessTokenInactivityTimeout *metav1.Duration `json:"accessTokenInactivityTimeout,omitempty"`
}
const (
// LoginTemplateKey is the key of the login template in a secret
LoginTemplateKey = "login.html"
// ProviderSelectionTemplateKey is the key for the provider selection template in a secret
ProviderSelectionTemplateKey = "providers.html"
// ErrorsTemplateKey is the key for the errors template in a secret
ErrorsTemplateKey = "errors.html"
// BindPasswordKey is the key for the LDAP bind password in a secret
BindPasswordKey = "bindPassword"
// ClientSecretKey is the key for the oauth client secret data in a secret
ClientSecretKey = "clientSecret"
// HTPasswdDataKey is the key for the htpasswd file data in a secret
HTPasswdDataKey = "htpasswd"
)
// OAuthTemplates allow for customization of pages like the login page
type OAuthTemplates struct {
// login is the name of a secret that specifies a go template to use to render the login page.
// The key "login.html" is used to locate the template data.
// If specified and the secret or expected key is not found, the default login page is used.
// If the specified template is not valid, the default login page is used.
// If unspecified, the default login page is used.
// The namespace for this secret is openshift-config.
// +optional
Login SecretNameReference `json:"login"`
// providerSelection is the name of a secret that specifies a go template to use to render
// the provider selection page.
// The key "providers.html" is used to locate the template data.
// If specified and the secret or expected key is not found, the default provider selection page is used.
// If the specified template is not valid, the default provider selection page is used.
// If unspecified, the default provider selection page is used.
// The namespace for this secret is openshift-config.
// +optional
ProviderSelection SecretNameReference `json:"providerSelection"`
// error is the name of a secret that specifies a go template to use to render error pages
// during the authentication or grant flow.
// The key "errors.html" is used to locate the template data.
// If specified and the secret or expected key is not found, the default error page is used.
// If the specified template is not valid, the default error page is used.
// If unspecified, the default error page is used.
// The namespace for this secret is openshift-config.
// +optional
Error SecretNameReference `json:"error"`
}
// IdentityProvider provides identities for users authenticating using credentials
type IdentityProvider struct {
// name is used to qualify the identities returned by this provider.
// - It MUST be unique and not shared by any other identity provider used
// - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":"
// Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName
Name string `json:"name"`
// mappingMethod determines how identities from this provider are mapped to users
// Defaults to "claim"
// +optional
MappingMethod MappingMethodType `json:"mappingMethod,omitempty"`
IdentityProviderConfig `json:",inline"`
}
// MappingMethodType specifies how new identities should be mapped to users when they log in
type MappingMethodType string
const (
// MappingMethodClaim provisions a user with the identitys preferred user name. Fails if a user
// with that user name is already mapped to another identity.
// Default.
MappingMethodClaim MappingMethodType = "claim"
// MappingMethodLookup looks up existing users already mapped to an identity but does not
// automatically provision users or identities. Requires identities and users be set up
// manually or using an external process.
MappingMethodLookup MappingMethodType = "lookup"
// MappingMethodAdd provisions a user with the identitys preferred user name. If a user with
// that user name already exists, the identity is mapped to the existing user, adding to any
// existing identity mappings for the user.
MappingMethodAdd MappingMethodType = "add"
)
type IdentityProviderType string
const (
// IdentityProviderTypeBasicAuth provides identities for users authenticating with HTTP Basic Auth
IdentityProviderTypeBasicAuth IdentityProviderType = "BasicAuth"
// IdentityProviderTypeGitHub provides identities for users authenticating using GitHub credentials
IdentityProviderTypeGitHub IdentityProviderType = "GitHub"
// IdentityProviderTypeGitLab provides identities for users authenticating using GitLab credentials
IdentityProviderTypeGitLab IdentityProviderType = "GitLab"
// IdentityProviderTypeGoogle provides identities for users authenticating using Google credentials
IdentityProviderTypeGoogle IdentityProviderType = "Google"
// IdentityProviderTypeHTPasswd provides identities from an HTPasswd file
IdentityProviderTypeHTPasswd IdentityProviderType = "HTPasswd"
// IdentityProviderTypeKeystone provides identitities for users authenticating using keystone password credentials
IdentityProviderTypeKeystone IdentityProviderType = "Keystone"
// IdentityProviderTypeLDAP provides identities for users authenticating using LDAP credentials
IdentityProviderTypeLDAP IdentityProviderType = "LDAP"
// IdentityProviderTypeOpenID provides identities for users authenticating using OpenID credentials
IdentityProviderTypeOpenID IdentityProviderType = "OpenID"
// IdentityProviderTypeRequestHeader provides identities for users authenticating using request header credentials
IdentityProviderTypeRequestHeader IdentityProviderType = "RequestHeader"
)
// IdentityProviderConfig contains configuration for using a specific identity provider
type IdentityProviderConfig struct {
// type identifies the identity provider type for this entry.
Type IdentityProviderType `json:"type"`
// Provider-specific configuration
// The json tag MUST match the `Type` specified above, case-insensitively
// e.g. For `Type: "LDAP"`, the `ldap` configuration should be provided
// basicAuth contains configuration options for the BasicAuth IdP
// +optional
BasicAuth *BasicAuthIdentityProvider `json:"basicAuth,omitempty"`
// github enables user authentication using GitHub credentials
// +optional
GitHub *GitHubIdentityProvider `json:"github,omitempty"`
// gitlab enables user authentication using GitLab credentials
// +optional
GitLab *GitLabIdentityProvider `json:"gitlab,omitempty"`
// google enables user authentication using Google credentials
// +optional
Google *GoogleIdentityProvider `json:"google,omitempty"`
// htpasswd enables user authentication using an HTPasswd file to validate credentials
// +optional
HTPasswd *HTPasswdIdentityProvider `json:"htpasswd,omitempty"`
// keystone enables user authentication using keystone password credentials
// +optional
Keystone *KeystoneIdentityProvider `json:"keystone,omitempty"`
// ldap enables user authentication using LDAP credentials
// +optional
LDAP *LDAPIdentityProvider `json:"ldap,omitempty"`
// openID enables user authentication using OpenID credentials
// +optional
OpenID *OpenIDIdentityProvider `json:"openID,omitempty"`
// requestHeader enables user authentication using request header credentials
// +optional
RequestHeader *RequestHeaderIdentityProvider `json:"requestHeader,omitempty"`
}
// BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials
type BasicAuthIdentityProvider struct {
// OAuthRemoteConnectionInfo contains information about how to connect to the external basic auth server
OAuthRemoteConnectionInfo `json:",inline"`
}
// OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection
type OAuthRemoteConnectionInfo struct {
// url is the remote URL to connect to
URL string `json:"url"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
// tlsClientCert is an optional reference to a secret by name that contains the
// PEM-encoded TLS client certificate to present when connecting to the server.
// The key "tls.crt" is used to locate the data.
// If specified and the secret or expected key is not found, the identity provider is not honored.
// If the specified certificate data is not valid, the identity provider is not honored.
// The namespace for this secret is openshift-config.
// +optional
TLSClientCert SecretNameReference `json:"tlsClientCert"`
// tlsClientKey is an optional reference to a secret by name that contains the
// PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
// The key "tls.key" is used to locate the data.
// If specified and the secret or expected key is not found, the identity provider is not honored.
// If the specified certificate data is not valid, the identity provider is not honored.
// The namespace for this secret is openshift-config.
// +optional
TLSClientKey SecretNameReference `json:"tlsClientKey"`
}
// HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials
type HTPasswdIdentityProvider struct {
// fileData is a required reference to a secret by name containing the data to use as the htpasswd file.
// The key "htpasswd" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// If the specified htpasswd data is not valid, the identity provider is not honored.
// The namespace for this secret is openshift-config.
FileData SecretNameReference `json:"fileData"`
}
// LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials
type LDAPIdentityProvider struct {
// url is an RFC 2255 URL which specifies the LDAP search parameters to use.
// The syntax of the URL is:
// ldap://host:port/basedn?attribute?scope?filter
URL string `json:"url"`
// bindDN is an optional DN to bind with during the search phase.
// +optional
BindDN string `json:"bindDN"`
// bindPassword is an optional reference to a secret by name
// containing a password to bind with during the search phase.
// The key "bindPassword" is used to locate the data.
// If specified and the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
// +optional
BindPassword SecretNameReference `json:"bindPassword"`
// insecure, if true, indicates the connection should not use TLS
// WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always
// attempt to connect using TLS, even when `insecure` is set to `true`
// When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to
// a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.
Insecure bool `json:"insecure"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
// attributes maps LDAP attributes to identities
Attributes LDAPAttributeMapping `json:"attributes"`
}
// LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields
type LDAPAttributeMapping struct {
// id is the list of attributes whose values should be used as the user ID. Required.
// First non-empty attribute is used. At least one attribute is required. If none of the listed
// attribute have a value, authentication fails.
// LDAP standard identity attribute is "dn"
ID []string `json:"id"`
// preferredUsername is the list of attributes whose values should be used as the preferred username.
// LDAP standard login attribute is "uid"
// +optional
PreferredUsername []string `json:"preferredUsername,omitempty"`
// name is the list of attributes whose values should be used as the display name. Optional.
// If unspecified, no display name is set for the identity
// LDAP standard display name attribute is "cn"
// +optional
Name []string `json:"name,omitempty"`
// email is the list of attributes whose values should be used as the email address. Optional.
// If unspecified, no email is set for the identity
// +optional
Email []string `json:"email,omitempty"`
}
// KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials
type KeystoneIdentityProvider struct {
// OAuthRemoteConnectionInfo contains information about how to connect to the keystone server
OAuthRemoteConnectionInfo `json:",inline"`
// domainName is required for keystone v3
DomainName string `json:"domainName"`
// TODO if we ever add support for 3.11 to 4.0 upgrades, add this configuration
// useUsernameIdentity indicates that users should be authenticated by username, not keystone ID
// DEPRECATED - only use this option for legacy systems to ensure backwards compatibility
// +optional
// UseUsernameIdentity bool `json:"useUsernameIdentity"`
}
// RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials
type RequestHeaderIdentityProvider struct {
// loginURL is a URL to redirect unauthenticated /authorize requests to
// Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here
// ${url} is replaced with the current URL, escaped to be safe in a query parameter
// https://www.example.com/sso-login?then=${url}
// ${query} is replaced with the current query string
// https://www.example.com/auth-proxy/oauth/authorize?${query}
// Required when login is set to true.
LoginURL string `json:"loginURL"`
// challengeURL is a URL to redirect unauthenticated /authorize requests to
// Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be
// redirected here.
// ${url} is replaced with the current URL, escaped to be safe in a query parameter
// https://www.example.com/sso-login?then=${url}
// ${query} is replaced with the current query string
// https://www.example.com/auth-proxy/oauth/authorize?${query}
// Required when challenge is set to true.
ChallengeURL string `json:"challengeURL"`
// ca is a required reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// Specifically, it allows verification of incoming requests to prevent header spoofing.
// The key "ca.crt" is used to locate the data.
// If the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// The namespace for this config map is openshift-config.
ClientCA ConfigMapNameReference `json:"ca"`
// clientCommonNames is an optional list of common names to require a match from. If empty, any
// client certificate validated against the clientCA bundle is considered authoritative.
// +optional
ClientCommonNames []string `json:"clientCommonNames,omitempty"`
// headers is the set of headers to check for identity information
Headers []string `json:"headers"`
// preferredUsernameHeaders is the set of headers to check for the preferred username
PreferredUsernameHeaders []string `json:"preferredUsernameHeaders"`
// nameHeaders is the set of headers to check for the display name
NameHeaders []string `json:"nameHeaders"`
// emailHeaders is the set of headers to check for the email address
EmailHeaders []string `json:"emailHeaders"`
}
// GitHubIdentityProvider provides identities for users authenticating using GitHub credentials
type GitHubIdentityProvider struct {
// clientID is the oauth client ID
ClientID string `json:"clientID"`
// clientSecret is a required reference to the secret by name containing the oauth client secret.
// The key "clientSecret" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
ClientSecret SecretNameReference `json:"clientSecret"`
// organizations optionally restricts which organizations are allowed to log in
// +optional
Organizations []string `json:"organizations,omitempty"`
// teams optionally restricts which teams are allowed to log in. Format is <org>/<team>.
// +optional
Teams []string `json:"teams,omitempty"`
// hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of
// GitHub Enterprise.
// It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.
// +optional
Hostname string `json:"hostname"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// This can only be configured when hostname is set to a non-empty value.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
}
// GitLabIdentityProvider provides identities for users authenticating using GitLab credentials
type GitLabIdentityProvider struct {
// clientID is the oauth client ID
ClientID string `json:"clientID"`
// clientSecret is a required reference to the secret by name containing the oauth client secret.
// The key "clientSecret" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
ClientSecret SecretNameReference `json:"clientSecret"`
// url is the oauth server base URL
URL string `json:"url"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
}
// GoogleIdentityProvider provides identities for users authenticating using Google credentials
type GoogleIdentityProvider struct {
// clientID is the oauth client ID
ClientID string `json:"clientID"`
// clientSecret is a required reference to the secret by name containing the oauth client secret.
// The key "clientSecret" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
ClientSecret SecretNameReference `json:"clientSecret"`
// hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to
// +optional
HostedDomain string `json:"hostedDomain"`
}
// OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials
type OpenIDIdentityProvider struct {
// clientID is the oauth client ID
ClientID string `json:"clientID"`
// clientSecret is a required reference to the secret by name containing the oauth client secret.
// The key "clientSecret" is used to locate the data.
// If the secret or expected key is not found, the identity provider is not honored.
// The namespace for this secret is openshift-config.
ClientSecret SecretNameReference `json:"clientSecret"`
// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
// The key "ca.crt" is used to locate the data.
// If specified and the config map or expected key is not found, the identity provider is not honored.
// If the specified ca data is not valid, the identity provider is not honored.
// If empty, the default system roots are used.
// The namespace for this config map is openshift-config.
// +optional
CA ConfigMapNameReference `json:"ca"`
// extraScopes are any scopes to request in addition to the standard "openid" scope.
// +optional
ExtraScopes []string `json:"extraScopes,omitempty"`
// extraAuthorizeParameters are any custom parameters to add to the authorize request.
// +optional
ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"`
// issuer is the URL that the OpenID Provider asserts as its Issuer Identifier.
// It must use the https scheme with no query or fragment component.
Issuer string `json:"issuer"`
// claims mappings
Claims OpenIDClaims `json:"claims"`
}
// UserIDClaim is the claim used to provide a stable identifier for OIDC identities.
// Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability
//
// "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can
// rely upon as a stable identifier for the End-User, since the sub Claim MUST be locally unique
// and never reassigned within the Issuer for a particular End-User, as described in Section 2.
// Therefore, the only guaranteed unique identifier for a given End-User is the combination of the
// iss Claim and the sub Claim."
const UserIDClaim = "sub"
// OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo
// responses
// +kubebuilder:validation:MinLength=1
type OpenIDClaim string
// OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider
type OpenIDClaims struct {
// preferredUsername is the list of claims whose values should be used as the preferred username.
// If unspecified, the preferred username is determined from the value of the sub claim
// +listType=atomic
// +optional
PreferredUsername []string `json:"preferredUsername,omitempty"`
// name is the list of claims whose values should be used as the display name. Optional.
// If unspecified, no display name is set for the identity
// +listType=atomic
// +optional
Name []string `json:"name,omitempty"`
// email is the list of claims whose values should be used as the email address. Optional.
// If unspecified, no email is set for the identity
// +listType=atomic
// +optional
Email []string `json:"email,omitempty"`
// groups is the list of claims value of which should be used to synchronize groups
// from the OIDC provider to OpenShift for the user.
// If multiple claims are specified, the first one with a non-empty value is used.
// +listType=atomic
// +optional
Groups []OpenIDClaim `json:"groups,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type OAuthList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []OAuth `json:"items"`
}

91
vendor/github.com/openshift/api/config/v1/types_operatorhub.go generated vendored Normal file
View File

@@ -0,0 +1,91 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// OperatorHubSpec defines the desired state of OperatorHub
type OperatorHubSpec struct {
// disableAllDefaultSources allows you to disable all the default hub
// sources. If this is true, a specific entry in sources can be used to
// enable a default source. If this is false, a specific entry in
// sources can be used to disable or enable a default source.
// +optional
DisableAllDefaultSources bool `json:"disableAllDefaultSources,omitempty"`
// sources is the list of default hub sources and their configuration.
// If the list is empty, it implies that the default hub sources are
// enabled on the cluster unless disableAllDefaultSources is true.
// If disableAllDefaultSources is true and sources is not empty,
// the configuration present in sources will take precedence. The list of
// default hub sources and their current state will always be reflected in
// the status block.
// +optional
Sources []HubSource `json:"sources,omitempty"`
}
// OperatorHubStatus defines the observed state of OperatorHub. The current
// state of the default hub sources will always be reflected here.
type OperatorHubStatus struct {
// sources encapsulates the result of applying the configuration for each
// hub source
Sources []HubSourceStatus `json:"sources,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OperatorHub is the Schema for the operatorhubs API. It can be used to change
// the state of the default hub sources for OperatorHub on the cluster from
// enabled to disabled and vice versa.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +kubebuilder:subresource:status
// +genclient
// +genclient:nonNamespaced
// +openshift:compatibility-gen:level=1
type OperatorHub struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata"`
Spec OperatorHubSpec `json:"spec"`
Status OperatorHubStatus `json:"status"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// OperatorHubList contains a list of OperatorHub
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type OperatorHubList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []OperatorHub `json:"items"`
}
// HubSource is used to specify the hub source and its configuration
type HubSource struct {
// name is the name of one of the default hub sources
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:MinLength=1
// +kubebuilder:Required
Name string `json:"name"`
// disabled is used to disable a default hub source on cluster
// +kubebuilder:Required
Disabled bool `json:"disabled"`
}
// HubSourceStatus is used to reflect the current state of applying the
// configuration to a default source
type HubSourceStatus struct {
HubSource `json:",omitempty"`
// status indicates success or failure in applying the configuration
Status string `json:"status,omitempty"`
// message provides more information regarding failures
Message string `json:"message,omitempty"`
}

65
vendor/github.com/openshift/api/config/v1/types_project.go generated vendored Normal file
View File

@@ -0,0 +1,65 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Project holds cluster-wide information about Project. The canonical name is `cluster`
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Project struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec ProjectSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ProjectStatus `json:"status"`
}
// TemplateReference references a template in a specific namespace.
// The namespace must be specified at the point of use.
type TemplateReference struct {
// name is the metadata.name of the referenced project request template
Name string `json:"name"`
}
// ProjectSpec holds the project creation configuration.
type ProjectSpec struct {
// projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint
// +optional
ProjectRequestMessage string `json:"projectRequestMessage"`
// projectRequestTemplate is the template to use for creating projects in response to projectrequest.
// This must point to a template in 'openshift-config' namespace. It is optional.
// If it is not specified, a default template is used.
//
// +optional
ProjectRequestTemplate TemplateReference `json:"projectRequestTemplate"`
}
type ProjectStatus struct {
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ProjectList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Project `json:"items"`
}

105
vendor/github.com/openshift/api/config/v1/types_proxy.go generated vendored Normal file
View File

@@ -0,0 +1,105 @@
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Proxy struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec holds user-settable values for the proxy configuration
// +kubebuilder:validation:Required
// +required
Spec ProxySpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ProxyStatus `json:"status"`
}
// ProxySpec contains cluster proxy creation configuration.
type ProxySpec struct {
// httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.
// +optional
HTTPProxy string `json:"httpProxy,omitempty"`
// httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.
// +optional
HTTPSProxy string `json:"httpsProxy,omitempty"`
// noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used.
// Empty means unset and will not result in an env var.
// +optional
NoProxy string `json:"noProxy,omitempty"`
// readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
// +optional
ReadinessEndpoints []string `json:"readinessEndpoints,omitempty"`
// trustedCA is a reference to a ConfigMap containing a CA certificate bundle.
// The trustedCA field should only be consumed by a proxy validator. The
// validator is responsible for reading the certificate bundle from the required
// key "ca-bundle.crt", merging it with the system default trust bundle,
// and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle"
// in the "openshift-config-managed" namespace. Clients that expect to make
// proxy connections must use the trusted-ca-bundle for all HTTPS requests to
// the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as
// well.
//
// The namespace for the ConfigMap referenced by trustedCA is
// "openshift-config". Here is an example ConfigMap (in yaml):
//
// apiVersion: v1
// kind: ConfigMap
// metadata:
// name: user-ca-bundle
// namespace: openshift-config
// data:
// ca-bundle.crt: |
// -----BEGIN CERTIFICATE-----
// Custom CA certificate bundle.
// -----END CERTIFICATE-----
//
// +optional
TrustedCA ConfigMapNameReference `json:"trustedCA,omitempty"`
}
// ProxyStatus shows current known state of the cluster proxy.
type ProxyStatus struct {
// httpProxy is the URL of the proxy for HTTP requests.
// +optional
HTTPProxy string `json:"httpProxy,omitempty"`
// httpsProxy is the URL of the proxy for HTTPS requests.
// +optional
HTTPSProxy string `json:"httpsProxy,omitempty"`
// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
// +optional
NoProxy string `json:"noProxy,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type ProxyList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Proxy `json:"items"`
}

111
vendor/github.com/openshift/api/config/v1/types_scheduling.go generated vendored Normal file
View File

@@ -0,0 +1,111 @@
package v1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Scheduler holds cluster-wide config information to run the Kubernetes Scheduler
// and influence its placement decisions. The canonical name for this config is `cluster`.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type Scheduler struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec holds user settable values for configuration
// +kubebuilder:validation:Required
// +required
Spec SchedulerSpec `json:"spec"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status SchedulerStatus `json:"status"`
}
type SchedulerSpec struct {
// DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release.
// policy is a reference to a ConfigMap containing scheduler policy which has
// user specified predicates and priorities. If this ConfigMap is not available
// scheduler will default to use DefaultAlgorithmProvider.
// The namespace for this configmap is openshift-config.
// +optional
Policy ConfigMapNameReference `json:"policy,omitempty"`
// profile sets which scheduling profile should be set in order to configure scheduling
// decisions for new pods.
//
// Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring"
// Defaults to "LowNodeUtilization"
// +optional
Profile SchedulerProfile `json:"profile,omitempty"`
// defaultNodeSelector helps set the cluster-wide default node selector to
// restrict pod placement to specific nodes. This is applied to the pods
// created in all namespaces and creates an intersection with any existing
// nodeSelectors already set on a pod, additionally constraining that pod's selector.
// For example,
// defaultNodeSelector: "type=user-node,region=east" would set nodeSelector
// field in pod spec to "type=user-node,region=east" to all pods created
// in all namespaces. Namespaces having project-wide node selectors won't be
// impacted even if this field is set. This adds an annotation section to
// the namespace.
// For example, if a new namespace is created with
// node-selector='type=user-node,region=east',
// the annotation openshift.io/node-selector: type=user-node,region=east
// gets added to the project. When the openshift.io/node-selector annotation
// is set on the project the value is used in preference to the value we are setting
// for defaultNodeSelector field.
// For instance,
// openshift.io/node-selector: "type=user-node,region=west" means
// that the default of "type=user-node,region=east" set in defaultNodeSelector
// would not be applied.
// +optional
DefaultNodeSelector string `json:"defaultNodeSelector,omitempty"`
// MastersSchedulable allows masters nodes to be schedulable. When this flag is
// turned on, all the master nodes in the cluster will be made schedulable,
// so that workload pods can run on them. The default value for this field is false,
// meaning none of the master nodes are schedulable.
// Important Note: Once the workload pods start running on the master nodes,
// extreme care must be taken to ensure that cluster-critical control plane components
// are not impacted.
// Please turn on this field after doing due diligence.
// +optional
MastersSchedulable bool `json:"mastersSchedulable"`
}
// +kubebuilder:validation:Enum="";LowNodeUtilization;HighNodeUtilization;NoScoring
type SchedulerProfile string
var (
// LowNodeUtililization is the default, and defines a scheduling profile which prefers to
// spread pods evenly among nodes targeting low resource consumption on each node.
LowNodeUtilization SchedulerProfile = "LowNodeUtilization"
// HighNodeUtilization defines a scheduling profile which packs as many pods as possible onto
// as few nodes as possible targeting a small node count but high resource usage on each node.
HighNodeUtilization SchedulerProfile = "HighNodeUtilization"
// NoScoring defines a scheduling profile which tries to provide lower-latency scheduling
// at the expense of potentially less optimal pod placement decisions.
NoScoring SchedulerProfile = "NoScoring"
)
type SchedulerStatus struct {
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
type SchedulerList struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`
Items []Scheduler `json:"items"`
}

262
vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go generated vendored Normal file
View File

@@ -0,0 +1,262 @@
package v1
// TLSSecurityProfile defines the schema for a TLS security profile. This object
// is used by operators to apply TLS security settings to operands.
// +union
type TLSSecurityProfile struct {
// type is one of Old, Intermediate, Modern or Custom. Custom provides
// the ability to specify individual TLS security profile parameters.
// Old, Intermediate and Modern are TLS security profiles based on:
//
// https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
//
// The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
// are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be
// reduced.
//
// Note that the Modern profile is currently not supported because it is not
// yet well adopted by common software libraries.
//
// +unionDiscriminator
// +optional
Type TLSProfileType `json:"type"`
// old is a TLS security profile based on:
//
// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
//
// and looks like this (yaml):
//
// ciphers:
// - TLS_AES_128_GCM_SHA256
// - TLS_AES_256_GCM_SHA384
// - TLS_CHACHA20_POLY1305_SHA256
// - ECDHE-ECDSA-AES128-GCM-SHA256
// - ECDHE-RSA-AES128-GCM-SHA256
// - ECDHE-ECDSA-AES256-GCM-SHA384
// - ECDHE-RSA-AES256-GCM-SHA384
// - ECDHE-ECDSA-CHACHA20-POLY1305
// - ECDHE-RSA-CHACHA20-POLY1305
// - DHE-RSA-AES128-GCM-SHA256
// - DHE-RSA-AES256-GCM-SHA384
// - DHE-RSA-CHACHA20-POLY1305
// - ECDHE-ECDSA-AES128-SHA256
// - ECDHE-RSA-AES128-SHA256
// - ECDHE-ECDSA-AES128-SHA
// - ECDHE-RSA-AES128-SHA
// - ECDHE-ECDSA-AES256-SHA384
// - ECDHE-RSA-AES256-SHA384
// - ECDHE-ECDSA-AES256-SHA
// - ECDHE-RSA-AES256-SHA
// - DHE-RSA-AES128-SHA256
// - DHE-RSA-AES256-SHA256
// - AES128-GCM-SHA256
// - AES256-GCM-SHA384
// - AES128-SHA256
// - AES256-SHA256
// - AES128-SHA
// - AES256-SHA
// - DES-CBC3-SHA
// minTLSVersion: TLSv1.0
//
// +optional
// +nullable
Old *OldTLSProfile `json:"old,omitempty"`
// intermediate is a TLS security profile based on:
//
// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
//
// and looks like this (yaml):
//
// ciphers:
// - TLS_AES_128_GCM_SHA256
// - TLS_AES_256_GCM_SHA384
// - TLS_CHACHA20_POLY1305_SHA256
// - ECDHE-ECDSA-AES128-GCM-SHA256
// - ECDHE-RSA-AES128-GCM-SHA256
// - ECDHE-ECDSA-AES256-GCM-SHA384
// - ECDHE-RSA-AES256-GCM-SHA384
// - ECDHE-ECDSA-CHACHA20-POLY1305
// - ECDHE-RSA-CHACHA20-POLY1305
// - DHE-RSA-AES128-GCM-SHA256
// - DHE-RSA-AES256-GCM-SHA384
// minTLSVersion: TLSv1.2
//
// +optional
// +nullable
Intermediate *IntermediateTLSProfile `json:"intermediate,omitempty"`
// modern is a TLS security profile based on:
//
// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
//
// and looks like this (yaml):
//
// ciphers:
// - TLS_AES_128_GCM_SHA256
// - TLS_AES_256_GCM_SHA384
// - TLS_CHACHA20_POLY1305_SHA256
// minTLSVersion: TLSv1.3
//
// NOTE: Currently unsupported.
//
// +optional
// +nullable
Modern *ModernTLSProfile `json:"modern,omitempty"`
// custom is a user-defined TLS security profile. Be extremely careful using a custom
// profile as invalid configurations can be catastrophic. An example custom profile
// looks like this:
//
// ciphers:
// - ECDHE-ECDSA-CHACHA20-POLY1305
// - ECDHE-RSA-CHACHA20-POLY1305
// - ECDHE-RSA-AES128-GCM-SHA256
// - ECDHE-ECDSA-AES128-GCM-SHA256
// minTLSVersion: TLSv1.1
//
// +optional
// +nullable
Custom *CustomTLSProfile `json:"custom,omitempty"`
}
// OldTLSProfile is a TLS security profile based on:
// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
type OldTLSProfile struct{}
// IntermediateTLSProfile is a TLS security profile based on:
// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
type IntermediateTLSProfile struct{}
// ModernTLSProfile is a TLS security profile based on:
// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
type ModernTLSProfile struct{}
// CustomTLSProfile is a user-defined TLS security profile. Be extremely careful
// using a custom TLS profile as invalid configurations can be catastrophic.
type CustomTLSProfile struct {
TLSProfileSpec `json:",inline"`
}
// TLSProfileType defines a TLS security profile type.
// +kubebuilder:validation:Enum=Old;Intermediate;Modern;Custom
type TLSProfileType string
const (
// Old is a TLS security profile based on:
// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
TLSProfileOldType TLSProfileType = "Old"
// Intermediate is a TLS security profile based on:
// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
TLSProfileIntermediateType TLSProfileType = "Intermediate"
// Modern is a TLS security profile based on:
// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
TLSProfileModernType TLSProfileType = "Modern"
// Custom is a TLS security profile that allows for user-defined parameters.
TLSProfileCustomType TLSProfileType = "Custom"
)
// TLSProfileSpec is the desired behavior of a TLSSecurityProfile.
type TLSProfileSpec struct {
// ciphers is used to specify the cipher algorithms that are negotiated
// during the TLS handshake. Operators may remove entries their operands
// do not support. For example, to use DES-CBC3-SHA (yaml):
//
// ciphers:
// - DES-CBC3-SHA
//
Ciphers []string `json:"ciphers"`
// minTLSVersion is used to specify the minimal version of the TLS protocol
// that is negotiated during the TLS handshake. For example, to use TLS
// versions 1.1, 1.2 and 1.3 (yaml):
//
// minTLSVersion: TLSv1.1
//
// NOTE: currently the highest minTLSVersion allowed is VersionTLS12
//
MinTLSVersion TLSProtocolVersion `json:"minTLSVersion"`
}
// TLSProtocolVersion is a way to specify the protocol version used for TLS connections.
// Protocol versions are based on the following most common TLS configurations:
//
// https://ssl-config.mozilla.org/
//
// Note that SSLv3.0 is not a supported protocol version due to well known
// vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
// +kubebuilder:validation:Enum=VersionTLS10;VersionTLS11;VersionTLS12;VersionTLS13
type TLSProtocolVersion string
const (
// VersionTLSv10 is version 1.0 of the TLS security protocol.
VersionTLS10 TLSProtocolVersion = "VersionTLS10"
// VersionTLSv11 is version 1.1 of the TLS security protocol.
VersionTLS11 TLSProtocolVersion = "VersionTLS11"
// VersionTLSv12 is version 1.2 of the TLS security protocol.
VersionTLS12 TLSProtocolVersion = "VersionTLS12"
// VersionTLSv13 is version 1.3 of the TLS security protocol.
VersionTLS13 TLSProtocolVersion = "VersionTLS13"
)
// TLSProfiles Contains a map of TLSProfileType names to TLSProfileSpec.
//
// NOTE: The caller needs to make sure to check that these constants are valid for their binary. Not all
// entries map to values for all binaries. In the case of ties, the kube-apiserver wins. Do not fail,
// just be sure to whitelist only and everything will be ok.
var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{
TLSProfileOldType: {
Ciphers: []string{
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES256-SHA256",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA256",
"AES256-SHA256",
"AES128-SHA",
"AES256-SHA",
"DES-CBC3-SHA",
},
MinTLSVersion: VersionTLS10,
},
TLSProfileIntermediateType: {
Ciphers: []string{
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
},
MinTLSVersion: VersionTLS12,
},
TLSProfileModernType: {
Ciphers: []string{
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
},
MinTLSVersion: VersionTLS13,
},
}

5299
vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2281
vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff