github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-02-14 10:00:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update deps to 1.30 (#546)

Browse Source 
Signed-off-by: Jian Qiu <jqiu@redhat.com>
This commit is contained in:
Jian Qiu
2024-07-02 22:04:15 +08:00
committed by GitHub
parent 5dd2123342
commit 2582ad922d
1026 changed files with 58974 additions and 59738 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/cloudevents-integration.yml vendored
View File

@@ -11,7 +11,7 @@ on:
- release-*
env:
GO_VERSION: '1.21'
GO_VERSION: '1.22'
GO_REQUIRED_MIN_VERSION: ''
permissions:

2
.github/workflows/e2e.yml vendored
View File

@@ -13,7 +13,7 @@ on:
- release-*
env:
GO_VERSION: '1.21'
GO_VERSION: '1.22'
GO_REQUIRED_MIN_VERSION: ''
USE_EXISTING_CLUSTER: false # set to true to use an existing kind cluster for debugging with act

2
.github/workflows/post.yml vendored
View File

@@ -13,7 +13,7 @@ on:
env:
# Common versions
GO_VERSION: '1.21'
GO_VERSION: '1.22'
GO_REQUIRED_MIN_VERSION: ''
permissions:

2
.github/workflows/pre.yml vendored
View File

@@ -13,7 +13,7 @@ on:
- release-*
env:
GO_VERSION: '1.21'
GO_VERSION: '1.22'
GO_REQUIRED_MIN_VERSION: ''
permissions:

2
.github/workflows/releaseimage.yml vendored
View File

@@ -6,7 +6,7 @@ on:
- 'v*.*.*'
env:
# Common versions
GO_VERSION: '1.21'
GO_VERSION: '1.22'
GO_REQUIRED_MIN_VERSION: ''
GOPATH: '/home/runner/work/ocm/ocm/go'
GITHUB_REF: ${{ github.ref }}

12
Makefile
View File

@@ -12,6 +12,11 @@ include $(addprefix ./vendor/github.com/openshift/build-machinery-go/make/, \
lib/tmp.mk\
)
# Include the integration/e2e setup makefile.
include ./test/integration-test.mk
include ./test/e2e-test.mk
include ./test/olm-test.mk
OPERATOR_SDK?=$(PERMANENT_TMP_GOPATH)/bin/operator-sdk
OPERATOR_SDK_VERSION?=v1.32.0
operatorsdk_gen_dir:=$(dir $(OPERATOR_SDK))
@@ -62,6 +67,8 @@ copy-crd:
update: copy-crd update-csv
test-unit: ensure-kubebuilder-tools
update-csv: ensure-operator-sdk
# update the replaces to released version in csv
$(SED_CMD) -i 's/cluster-manager\.v[0-9]\+\.[0-9]\+\.[0-9]\+/cluster-manager\.v$(RELEASED_CSV_VERSION)/g' deploy/cluster-manager/config/manifests/bases/cluster-manager.clusterserviceversion.yaml
@@ -109,8 +116,3 @@ ifeq "" "$(wildcard $(OPERATOR_SDK))"
else
$(info Using existing operator-sdk from "$(OPERATOR_SDK)")
endif
# Include the integration/e2e setup makefile.
include ./test/integration-test.mk
include ./test/e2e-test.mk
include ./test/olm-test.mk

2
build/Dockerfile.addon
View File

@@ -1,4 +1,4 @@
FROM golang:1.21-bullseye AS builder
FROM golang:1.22-bullseye AS builder
ARG OS=linux
ARG ARCH=amd64
WORKDIR /go/src/open-cluster-management.io/ocm

2
build/Dockerfile.placement
View File

@@ -1,4 +1,4 @@
FROM golang:1.21-bullseye AS builder
FROM golang:1.22-bullseye AS builder
ARG OS=linux
ARG ARCH=amd64
WORKDIR /go/src/open-cluster-management.io/ocm

2
build/Dockerfile.registration
View File

@@ -1,4 +1,4 @@
FROM golang:1.21-bullseye AS builder
FROM golang:1.22-bullseye AS builder
ARG OS=linux
ARG ARCH=amd64
WORKDIR /go/src/open-cluster-management.io/ocm

2
build/Dockerfile.registration-operator
View File

@@ -1,4 +1,4 @@
FROM golang:1.21-bullseye AS builder
FROM golang:1.22-bullseye AS builder
ARG OS=linux
ARG ARCH=amd64
WORKDIR /go/src/open-cluster-management.io/ocm

2
build/Dockerfile.work
View File

@@ -1,4 +1,4 @@
FROM golang:1.21-bullseye AS builder
FROM golang:1.22-bullseye AS builder
ARG OS=linux
ARG ARCH=amd64
WORKDIR /go/src/open-cluster-management.io/ocm

352
deploy/cluster-manager/config/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml
View File

@@ -15,21 +15,25 @@ spec:
- name: v1
schema:
openAPIV3Schema:
description: ClusterManager configures the controllers on the hub that govern
registration and work distribution for attached Klusterlets. In Default
mode, ClusterManager will only be deployed in open-cluster-management-hub
namespace. In Hosted mode, ClusterManager will be deployed in the namespace
with the same name as cluster manager.
description: |-
ClusterManager configures the controllers on the hub that govern registration and work distribution for attached Klusterlets.
In Default mode, ClusterManager will only be deployed in open-cluster-management-hub namespace.
In Hosted mode, ClusterManager will be deployed in the namespace with the same name as cluster manager.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -45,16 +49,16 @@ spec:
of addon manager
properties:
featureGates:
description: 'FeatureGates represents the list of feature gates
for addon manager If it is set empty, default feature gates
will be used. If it is set, featuregate/Foo is an example of
one item in FeatureGates: 1. If featuregate/Foo does not exist,
registration-operator will discard it 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for addon manager\nIf it is set empty, default feature gates
will be used.\nIf it is set, featuregate/Foo is an example of
one item in FeatureGates:\n 1. If featuregate/Foo does not
exist, registration-operator will discard it\n 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -62,11 +66,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -84,7 +87,8 @@ spec:
deployOption:
default:
mode: Default
description: DeployOption contains the options of deploying a cluster-manager
description: |-
DeployOption contains the options of deploying a cluster-manager
Default mode is used if DeployOption is not set.
properties:
hosted:
@@ -96,9 +100,10 @@ spec:
customized webhook-server configuration of registration.
properties:
address:
description: Address represents the address of a webhook-server.
It could be in IP format or fqdn format. The Address
must be reachable by apiserver of the hub cluster.
description: |-
Address represents the address of a webhook-server.
It could be in IP format or fqdn format.
The Address must be reachable by apiserver of the hub cluster.
pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
type: string
port:
@@ -116,9 +121,10 @@ spec:
webhook-server configuration of work.
properties:
address:
description: Address represents the address of a webhook-server.
It could be in IP format or fqdn format. The Address
must be reachable by apiserver of the hub cluster.
description: |-
Address represents the address of a webhook-server.
It could be in IP format or fqdn format.
The Address must be reachable by apiserver of the hub cluster.
pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
type: string
port:
@@ -134,14 +140,13 @@ spec:
type: object
mode:
default: Default
description: 'Mode can be Default or Hosted. In Default mode,
the Hub is installed as a whole and all parts of Hub are deployed
in the same cluster. In Hosted mode, only crd and configurations
are installed on one cluster(defined as hub-cluster). Controllers
run in another cluster (defined as management-cluster) and connect
to the hub with the kubeconfig in secret of "external-hub-kubeconfig"(a
kubeconfig of hub-cluster with cluster-admin permission). Note:
Do not modify the Mode field once it''s applied.'
description: |-
Mode can be Default or Hosted.
In Default mode, the Hub is installed as a whole and all parts of Hub are deployed in the same cluster.
In Hosted mode, only crd and configurations are installed on one cluster(defined as hub-cluster). Controllers run in another
cluster (defined as management-cluster) and connect to the hub with the kubeconfig in secret of "external-hub-kubeconfig"(a kubeconfig
of hub-cluster with cluster-admin permission).
Note: Do not modify the Mode field once it's applied.
enum:
- Default
- Hosted
@@ -160,45 +165,44 @@ spec:
on. The default is an empty list.
type: object
tolerations:
description: Tolerations are attached by pods to tolerate any
taint that matches the triple <key,value,effect> using the matching
operator <operator>. The default is an empty list.
description: |-
Tolerations are attached by pods to tolerate any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
The default is an empty list.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -213,26 +217,25 @@ spec:
of registration
properties:
autoApproveUsers:
description: AutoApproveUser represents a list of users that can
auto approve CSR and accept client. If the credential of the
bootstrap-hub-kubeconfig matches to the users, the cluster created
by the bootstrap-hub-kubeconfig will be auto-registered into
the hub cluster. This takes effect only when ManagedClusterAutoApproval
feature gate is enabled.
description: |-
AutoApproveUser represents a list of users that can auto approve CSR and accept client. If the credential of the
bootstrap-hub-kubeconfig matches to the users, the cluster created by the bootstrap-hub-kubeconfig will
be auto-registered into the hub cluster. This takes effect only when ManagedClusterAutoApproval feature gate
is enabled.
items:
type: string
type: array
featureGates:
description: 'FeatureGates represents the list of feature gates
for registration If it is set empty, default feature gates will
be used. If it is set, featuregate/Foo is an example of one
item in FeatureGates: 1. If featuregate/Foo does not exist,
registration-operator will discard it 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for registration\nIf it is set empty, default feature gates
will be used.\nIf it is set, featuregate/Foo is an example of
one item in FeatureGates:\n 1. If featuregate/Foo does not
exist, registration-operator will discard it\n 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -240,11 +243,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -260,28 +262,33 @@ spec:
of registration controller/webhook installed on hub.
type: string
resourceRequirement:
description: ResourceRequirement specify QoS classes of deployments
managed by clustermanager. It applies to all the containers in the
deployments.
description: |-
ResourceRequirement specify QoS classes of deployments managed by clustermanager.
It applies to all the containers in the deployments.
properties:
resourceRequirements:
description: ResourceRequirements defines resource requests and
limits when Type is ResourceQosClassResourceRequirement
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
@@ -297,8 +304,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -307,11 +315,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
type:
@@ -328,16 +336,16 @@ spec:
description: WorkConfiguration contains the configuration of work
properties:
featureGates:
description: 'FeatureGates represents the list of feature gates
for work If it is set empty, default feature gates will be used.
If it is set, featuregate/Foo is an example of one item in FeatureGates:
1. If featuregate/Foo does not exist, registration-operator
will discard it 2. If featuregate/Foo exists and is false by
default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for work\nIf it is set empty, default feature gates will be
used.\nIf it is set, featuregate/Foo is an example of one item
in FeatureGates:\n 1. If featuregate/Foo does not exist, registration-operator
will discard it\n 2. If featuregate/Foo exists and is false
by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -345,11 +353,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -360,15 +367,17 @@ spec:
type: array
workDriver:
default: kube
description: "WorkDriver represents the type of work driver. Possible
values are \"kube\", \"mqtt\", or \"grpc\". If not provided,
the default value is \"kube\". If set to non-\"kube\" drivers,
the klusterlet need to use the same driver. and the driver configuration
must be provided in a secret named \"work-driver-config\" in
the namespace where the cluster manager is running, adhering
to the following structure: config.yaml: | <driver-config-in-yaml>
\n For detailed driver configuration, please refer to the sdk-go
documentation: https://github.com/open-cluster-management-io/sdk-go/blob/main/pkg/cloudevents/README.md#supported-protocols-and-drivers"
description: |-
WorkDriver represents the type of work driver. Possible values are "kube", "mqtt", or "grpc".
If not provided, the default value is "kube".
If set to non-"kube" drivers, the klusterlet need to use the same driver.
and the driver configuration must be provided in a secret named "work-driver-config"
in the namespace where the cluster manager is running, adhering to the following structure:
config.yaml: |
<driver-config-in-yaml>
For detailed driver configuration, please refer to the sdk-go documentation: https://github.com/open-cluster-management-io/sdk-go/blob/main/pkg/cloudevents/README.md#supported-protocols-and-drivers
enum:
- kube
- mqtt
@@ -386,50 +395,52 @@ spec:
govern the lifecycle of managed clusters.
properties:
conditions:
description: 'Conditions contain the different condition statuses
for this ClusterManager. Valid condition types are: Applied: Components
in hub are applied. Available: Components in hub are available and
ready to serve. Progressing: Components in hub are in a transitioning
state. Degraded: Components in hub do not match the desired configuration
and only provide degraded service.'
description: |-
Conditions contain the different condition statuses for this ClusterManager.
Valid condition types are:
Applied: Components in hub are applied.
Available: Components in hub are available and ready to serve.
Progressing: Components in hub are in a transitioning state.
Degraded: Components in hub do not match the desired configuration and only provide
degraded service.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -443,11 +454,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -463,9 +475,9 @@ spec:
description: Generations are used to determine when an item needs
to be reconciled or has changed in a way that needs a reaction.
items:
description: GenerationStatus keeps track of the generation for
a given resource so that decisions about forced updates can be
made. The definition matches the GenerationStatus defined in github.com/openshift/api/v1
description: |-
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
The definition matches the GenerationStatus defined in github.com/openshift/api/v1
properties:
group:
description: group is the group of the resource that you're

352
deploy/cluster-manager/olm-catalog/latest/manifests/operator.open-cluster-management.io_clustermanagers.yaml
View File

@@ -15,21 +15,25 @@ spec:
- name: v1
schema:
openAPIV3Schema:
description: ClusterManager configures the controllers on the hub that govern
registration and work distribution for attached Klusterlets. In Default
mode, ClusterManager will only be deployed in open-cluster-management-hub
namespace. In Hosted mode, ClusterManager will be deployed in the namespace
with the same name as cluster manager.
description: |-
ClusterManager configures the controllers on the hub that govern registration and work distribution for attached Klusterlets.
In Default mode, ClusterManager will only be deployed in open-cluster-management-hub namespace.
In Hosted mode, ClusterManager will be deployed in the namespace with the same name as cluster manager.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -45,16 +49,16 @@ spec:
of addon manager
properties:
featureGates:
description: 'FeatureGates represents the list of feature gates
for addon manager If it is set empty, default feature gates
will be used. If it is set, featuregate/Foo is an example of
one item in FeatureGates: 1. If featuregate/Foo does not exist,
registration-operator will discard it 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for addon manager\nIf it is set empty, default feature gates
will be used.\nIf it is set, featuregate/Foo is an example of
one item in FeatureGates:\n 1. If featuregate/Foo does not
exist, registration-operator will discard it\n 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -62,11 +66,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -84,7 +87,8 @@ spec:
deployOption:
default:
mode: Default
description: DeployOption contains the options of deploying a cluster-manager
description: |-
DeployOption contains the options of deploying a cluster-manager
Default mode is used if DeployOption is not set.
properties:
hosted:
@@ -96,9 +100,10 @@ spec:
customized webhook-server configuration of registration.
properties:
address:
description: Address represents the address of a webhook-server.
It could be in IP format or fqdn format. The Address
must be reachable by apiserver of the hub cluster.
description: |-
Address represents the address of a webhook-server.
It could be in IP format or fqdn format.
The Address must be reachable by apiserver of the hub cluster.
pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
type: string
port:
@@ -116,9 +121,10 @@ spec:
webhook-server configuration of work.
properties:
address:
description: Address represents the address of a webhook-server.
It could be in IP format or fqdn format. The Address
must be reachable by apiserver of the hub cluster.
description: |-
Address represents the address of a webhook-server.
It could be in IP format or fqdn format.
The Address must be reachable by apiserver of the hub cluster.
pattern: ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
type: string
port:
@@ -134,14 +140,13 @@ spec:
type: object
mode:
default: Default
description: 'Mode can be Default or Hosted. In Default mode,
the Hub is installed as a whole and all parts of Hub are deployed
in the same cluster. In Hosted mode, only crd and configurations
are installed on one cluster(defined as hub-cluster). Controllers
run in another cluster (defined as management-cluster) and connect
to the hub with the kubeconfig in secret of "external-hub-kubeconfig"(a
kubeconfig of hub-cluster with cluster-admin permission). Note:
Do not modify the Mode field once it''s applied.'
description: |-
Mode can be Default or Hosted.
In Default mode, the Hub is installed as a whole and all parts of Hub are deployed in the same cluster.
In Hosted mode, only crd and configurations are installed on one cluster(defined as hub-cluster). Controllers run in another
cluster (defined as management-cluster) and connect to the hub with the kubeconfig in secret of "external-hub-kubeconfig"(a kubeconfig
of hub-cluster with cluster-admin permission).
Note: Do not modify the Mode field once it's applied.
enum:
- Default
- Hosted
@@ -160,45 +165,44 @@ spec:
on. The default is an empty list.
type: object
tolerations:
description: Tolerations are attached by pods to tolerate any
taint that matches the triple <key,value,effect> using the matching
operator <operator>. The default is an empty list.
description: |-
Tolerations are attached by pods to tolerate any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
The default is an empty list.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
@@ -213,26 +217,25 @@ spec:
of registration
properties:
autoApproveUsers:
description: AutoApproveUser represents a list of users that can
auto approve CSR and accept client. If the credential of the
bootstrap-hub-kubeconfig matches to the users, the cluster created
by the bootstrap-hub-kubeconfig will be auto-registered into
the hub cluster. This takes effect only when ManagedClusterAutoApproval
feature gate is enabled.
description: |-
AutoApproveUser represents a list of users that can auto approve CSR and accept client. If the credential of the
bootstrap-hub-kubeconfig matches to the users, the cluster created by the bootstrap-hub-kubeconfig will
be auto-registered into the hub cluster. This takes effect only when ManagedClusterAutoApproval feature gate
is enabled.
items:
type: string
type: array
featureGates:
description: 'FeatureGates represents the list of feature gates
for registration If it is set empty, default feature gates will
be used. If it is set, featuregate/Foo is an example of one
item in FeatureGates: 1. If featuregate/Foo does not exist,
registration-operator will discard it 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for registration\nIf it is set empty, default feature gates
will be used.\nIf it is set, featuregate/Foo is an example of
one item in FeatureGates:\n 1. If featuregate/Foo does not
exist, registration-operator will discard it\n 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -240,11 +243,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -260,28 +262,33 @@ spec:
of registration controller/webhook installed on hub.
type: string
resourceRequirement:
description: ResourceRequirement specify QoS classes of deployments
managed by clustermanager. It applies to all the containers in the
deployments.
description: |-
ResourceRequirement specify QoS classes of deployments managed by clustermanager.
It applies to all the containers in the deployments.
properties:
resourceRequirements:
description: ResourceRequirements defines resource requests and
limits when Type is ResourceQosClassResourceRequirement
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
@@ -297,8 +304,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -307,11 +315,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
type:
@@ -328,16 +336,16 @@ spec:
description: WorkConfiguration contains the configuration of work
properties:
featureGates:
description: 'FeatureGates represents the list of feature gates
for work If it is set empty, default feature gates will be used.
If it is set, featuregate/Foo is an example of one item in FeatureGates:
1. If featuregate/Foo does not exist, registration-operator
will discard it 2. If featuregate/Foo exists and is false by
default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for work\nIf it is set empty, default feature gates will be
used.\nIf it is set, featuregate/Foo is an example of one item
in FeatureGates:\n 1. If featuregate/Foo does not exist, registration-operator
will discard it\n 2. If featuregate/Foo exists and is false
by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -345,11 +353,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -360,15 +367,17 @@ spec:
type: array
workDriver:
default: kube
description: "WorkDriver represents the type of work driver. Possible
values are \"kube\", \"mqtt\", or \"grpc\". If not provided,
the default value is \"kube\". If set to non-\"kube\" drivers,
the klusterlet need to use the same driver. and the driver configuration
must be provided in a secret named \"work-driver-config\" in
the namespace where the cluster manager is running, adhering
to the following structure: config.yaml: | <driver-config-in-yaml>
\n For detailed driver configuration, please refer to the sdk-go
documentation: https://github.com/open-cluster-management-io/sdk-go/blob/main/pkg/cloudevents/README.md#supported-protocols-and-drivers"
description: |-
WorkDriver represents the type of work driver. Possible values are "kube", "mqtt", or "grpc".
If not provided, the default value is "kube".
If set to non-"kube" drivers, the klusterlet need to use the same driver.
and the driver configuration must be provided in a secret named "work-driver-config"
in the namespace where the cluster manager is running, adhering to the following structure:
config.yaml: |
<driver-config-in-yaml>
For detailed driver configuration, please refer to the sdk-go documentation: https://github.com/open-cluster-management-io/sdk-go/blob/main/pkg/cloudevents/README.md#supported-protocols-and-drivers
enum:
- kube
- mqtt
@@ -386,50 +395,52 @@ spec:
govern the lifecycle of managed clusters.
properties:
conditions:
description: 'Conditions contain the different condition statuses
for this ClusterManager. Valid condition types are: Applied: Components
in hub are applied. Available: Components in hub are available and
ready to serve. Progressing: Components in hub are in a transitioning
state. Degraded: Components in hub do not match the desired configuration
and only provide degraded service.'
description: |-
Conditions contain the different condition statuses for this ClusterManager.
Valid condition types are:
Applied: Components in hub are applied.
Available: Components in hub are available and ready to serve.
Progressing: Components in hub are in a transitioning state.
Degraded: Components in hub do not match the desired configuration and only provide
degraded service.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -443,11 +454,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -463,9 +475,9 @@ spec:
description: Generations are used to determine when an item needs
to be reconciled or has changed in a way that needs a reaction.
items:
description: GenerationStatus keeps track of the generation for
a given resource so that decisions about forced updates can be
made. The definition matches the GenerationStatus defined in github.com/openshift/api/v1
description: |-
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
The definition matches the GenerationStatus defined in github.com/openshift/api/v1
properties:
group:
description: group is the group of the resource that you're

441
deploy/klusterlet/config/crds/0000_00_operator.open-cluster-management.io_klusterlets.crd.yaml
View File

@@ -15,22 +15,27 @@ spec:
- name: v1
schema:
openAPIV3Schema:
description: Klusterlet represents controllers to install the resources for
a managed cluster. When configured, the Klusterlet requires a secret named
bootstrap-hub-kubeconfig in the agent namespace to allow API requests to
the hub for the registration protocol. In Hosted mode, the Klusterlet requires
an additional secret named external-managed-kubeconfig in the agent namespace
to allow API requests to the managed cluster for resources installation.
description: |-
Klusterlet represents controllers to install the resources for a managed cluster.
When configured, the Klusterlet requires a secret named bootstrap-hub-kubeconfig in the
agent namespace to allow API requests to the hub for the registration protocol.
In Hosted mode, the Klusterlet requires an additional secret named external-managed-kubeconfig
in the agent namespace to allow API requests to the managed cluster for resources installation.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -39,9 +44,9 @@ spec:
agent.
properties:
clusterName:
description: ClusterName is the name of the managed cluster to be
created on hub. The Klusterlet agent generates a random name if
it is not set, or discovers the appropriate cluster name on OpenShift.
description: |-
ClusterName is the name of the managed cluster to be created on hub.
The Klusterlet agent generates a random name if it is not set, or discovers the appropriate cluster name on OpenShift.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
@@ -49,32 +54,29 @@ spec:
description: DeployOption contains the options of deploying a klusterlet
properties:
mode:
description: 'Mode can be Default, Hosted, Singleton or SingletonHosted.
It is Default mode if not specified In Default mode, all klusterlet
related resources are deployed on the managed cluster. In Hosted
mode, only crd and configurations are installed on the spoke/managed
cluster. Controllers run in another cluster (defined as management-cluster)
and connect to the mangaged cluster with the kubeconfig in secret
of "external-managed-kubeconfig"(a kubeconfig of managed-cluster
with cluster-admin permission). In Singleton mode, registration/work
agent is started as a single deployment. In SingletonHosted
mode, agent is started as a single deployment in hosted mode.
Note: Do not modify the Mode field once it''s applied.'
description: |-
Mode can be Default, Hosted, Singleton or SingletonHosted. It is Default mode if not specified
In Default mode, all klusterlet related resources are deployed on the managed cluster.
In Hosted mode, only crd and configurations are installed on the spoke/managed cluster. Controllers run in another
cluster (defined as management-cluster) and connect to the mangaged cluster with the kubeconfig in secret of
"external-managed-kubeconfig"(a kubeconfig of managed-cluster with cluster-admin permission).
In Singleton mode, registration/work agent is started as a single deployment.
In SingletonHosted mode, agent is started as a single deployment in hosted mode.
Note: Do not modify the Mode field once it's applied.
type: string
type: object
externalServerURLs:
description: ExternalServerURLs represents a list of apiserver urls
and ca bundles that is accessible externally If it is set empty,
managed cluster has no externally accessible url that hub cluster
can visit.
description: |-
ExternalServerURLs represents a list of apiserver urls and ca bundles that is accessible externally
If it is set empty, managed cluster has no externally accessible url that hub cluster can visit.
items:
description: ServerURL represents the apiserver url and ca bundle
that is accessible externally
properties:
caBundle:
description: CABundle is the ca bundle to connect to apiserver
of the managed cluster. System certs are used if it is not
set.
description: |-
CABundle is the ca bundle to connect to apiserver of the managed cluster.
System certs are used if it is not set.
format: byte
type: string
url:
@@ -84,9 +86,9 @@ spec:
type: object
type: array
hubApiServerHostAlias:
description: HubApiServerHostAlias contains the host alias for hub
api server. registration-agent and work-agent will use it to communicate
with hub api server.
description: |-
HubApiServerHostAlias contains the host alias for hub api server.
registration-agent and work-agent will use it to communicate with hub api server.
properties:
hostname:
description: Hostname for the above IP address.
@@ -101,20 +103,20 @@ spec:
- ip
type: object
imagePullSpec:
description: ImagePullSpec represents the desired image configuration
of agent, it takes effect only when singleton mode is set. quay.io/open-cluster-management.io/registration-operator:latest
will be used if unspecified
description: |-
ImagePullSpec represents the desired image configuration of agent, it takes effect only when
singleton mode is set. quay.io/open-cluster-management.io/registration-operator:latest will
be used if unspecified
type: string
namespace:
description: Namespace is the namespace to deploy the agent on the
managed cluster. The namespace must have a prefix of "open-cluster-management-",
and if it is not set, the namespace of "open-cluster-management-agent"
is used to deploy agent. In addition, the add-ons are deployed to
the namespace of "{Namespace}-addon". In the Hosted mode, this namespace
still exists on the managed cluster to contain necessary resources,
like service accounts, roles and rolebindings, while the agent is
deployed to the namespace with the same name as klusterlet on the
management cluster.
description: |-
Namespace is the namespace to deploy the agent on the managed cluster.
The namespace must have a prefix of "open-cluster-management-", and if it is not set,
the namespace of "open-cluster-management-agent" is used to deploy agent.
In addition, the add-ons are deployed to the namespace of "{Namespace}-addon".
In the Hosted mode, this namespace still exists on the managed cluster to contain
necessary resources, like service accounts, roles and rolebindings, while the agent
is deployed to the namespace with the same name as klusterlet on the management cluster.
maxLength: 57
pattern: ^open-cluster-management-[-a-z0-9]*[a-z0-9]$
type: string
@@ -129,82 +131,81 @@ spec:
on. The default is an empty list.
type: object
tolerations:
description: Tolerations are attached by pods to tolerate any
taint that matches the triple <key,value,effect> using the matching
operator <operator>. The default is an empty list.
description: |-
Tolerations are attached by pods to tolerate any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
The default is an empty list.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
priorityClassName:
description: PriorityClassName is the name of the PriorityClass that
will be used by the deployed klusterlet agent. It will be ignored
when the PriorityClass/v1 API is not available on the managed cluster.
description: |-
PriorityClassName is the name of the PriorityClass that will be used by the
deployed klusterlet agent. It will be ignored when the PriorityClass/v1 API
is not available on the managed cluster.
type: string
registrationConfiguration:
description: RegistrationConfiguration contains the configuration
of registration
properties:
bootstrapKubeConfigs:
description: "BootstrapKubeConfigs defines the ordered list of
bootstrap kubeconfigs. The order decides which bootstrap kubeconfig
to use first when rebootstrap. \n When the agent loses the connection
to the current hub over HubConnectionTimeoutSeconds, or the
managedcluster CR is set `hubAcceptsClient=false` on the hub,
the controller marks the related bootstrap kubeconfig as \"failed\".
\n A failed bootstrapkubeconfig won't be used for the duration
specified by SkipFailedBootstrapKubeConfigSeconds. But if the
user updates the content of a failed bootstrapkubeconfig, the
\"failed\" mark will be cleared."
description: |-
BootstrapKubeConfigs defines the ordered list of bootstrap kubeconfigs. The order decides which bootstrap kubeconfig to use first when rebootstrap.
When the agent loses the connection to the current hub over HubConnectionTimeoutSeconds, or the managedcluster CR
is set `hubAcceptsClient=false` on the hub, the controller marks the related bootstrap kubeconfig as "failed".
A failed bootstrapkubeconfig won't be used for the duration specified by SkipFailedBootstrapKubeConfigSeconds.
But if the user updates the content of a failed bootstrapkubeconfig, the "failed" mark will be cleared.
properties:
localSecretsConfig:
description: LocalSecretsConfig include a list of secrets
that contains the kubeconfigs for ordered bootstrap kubeconifigs.
The secrets must be in the same namespace where the agent
controller runs.
description: |-
LocalSecretsConfig include a list of secrets that contains the kubeconfigs for ordered bootstrap kubeconifigs.
The secrets must be in the same namespace where the agent controller runs.
properties:
hubConnectionTimeoutSeconds:
default: 600
description: HubConnectionTimeoutSeconds is used to set
the timeout of connecting to the hub cluster. When agent
loses the connection to the hub over the timeout seconds,
the agent do a rebootstrap. By default is 10 mins.
description: |-
HubConnectionTimeoutSeconds is used to set the timeout of connecting to the hub cluster.
When agent loses the connection to the hub over the timeout seconds, the agent do a rebootstrap.
By default is 10 mins.
format: int32
minimum: 180
type: integer
@@ -222,41 +223,39 @@ spec:
type: object
type:
default: None
description: Type specifies the type of priority bootstrap
kubeconfigs. By default, it is set to None, representing
no priority bootstrap kubeconfigs are set.
description: |-
Type specifies the type of priority bootstrap kubeconfigs.
By default, it is set to None, representing no priority bootstrap kubeconfigs are set.
enum:
- None
- LocalSecrets
type: string
type: object
clientCertExpirationSeconds:
description: clientCertExpirationSeconds represents the seconds
of a client certificate to expire. If it is not set or 0, the
default duration seconds will be set by the hub cluster. If
the value is larger than the max signing duration seconds set
on the hub cluster, the max signing duration seconds will be
set.
description: |-
clientCertExpirationSeconds represents the seconds of a client certificate to expire. If it is not set or 0, the default
duration seconds will be set by the hub cluster. If the value is larger than the max signing duration seconds set on
the hub cluster, the max signing duration seconds will be set.
format: int32
type: integer
clusterAnnotations:
additionalProperties:
type: string
description: ClusterAnnotations is annotations with the reserve
prefix "agent.open-cluster-management.io" set on ManagedCluster
when creating only, other actors can update it afterwards.
description: |-
ClusterAnnotations is annotations with the reserve prefix "agent.open-cluster-management.io" set on
ManagedCluster when creating only, other actors can update it afterwards.
type: object
featureGates:
description: 'FeatureGates represents the list of feature gates
for registration If it is set empty, default feature gates will
be used. If it is set, featuregate/Foo is an example of one
item in FeatureGates: 1. If featuregate/Foo does not exist,
registration-operator will discard it 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for registration\nIf it is set empty, default feature gates
will be used.\nIf it is set, featuregate/Foo is an example of
one item in FeatureGates:\n 1. If featuregate/Foo does not
exist, registration-operator will discard it\n 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -264,11 +263,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -279,46 +277,52 @@ spec:
type: array
kubeAPIBurst:
default: 100
description: 'KubeAPIBurst indicates the maximum burst of the
throttle while talking with apiserver of hub cluster from the
spoke cluster. If it is set empty, use the default value: 100'
description: |-
KubeAPIBurst indicates the maximum burst of the throttle while talking with apiserver of hub cluster from the spoke cluster.
If it is set empty, use the default value: 100
format: int32
type: integer
kubeAPIQPS:
default: 50
description: 'KubeAPIQPS indicates the maximum QPS while talking
with apiserver of hub cluster from the spoke cluster. If it
is set empty, use the default value: 50'
description: |-
KubeAPIQPS indicates the maximum QPS while talking with apiserver of hub cluster from the spoke cluster.
If it is set empty, use the default value: 50
format: int32
type: integer
type: object
registrationImagePullSpec:
description: RegistrationImagePullSpec represents the desired image
configuration of registration agent. quay.io/open-cluster-management.io/registration:latest
will be used if unspecified.
description: |-
RegistrationImagePullSpec represents the desired image configuration of registration agent.
quay.io/open-cluster-management.io/registration:latest will be used if unspecified.
type: string
resourceRequirement:
description: ResourceRequirement specify QoS classes of deployments
managed by klusterlet. It applies to all the containers in the deployments.
description: |-
ResourceRequirement specify QoS classes of deployments managed by klusterlet.
It applies to all the containers in the deployments.
properties:
resourceRequirements:
description: ResourceRequirements defines resource requests and
limits when Type is ResourceQosClassResourceRequirement
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
@@ -334,8 +338,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -344,11 +349,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
type:
@@ -363,24 +368,23 @@ spec:
description: WorkConfiguration contains the configuration of work
properties:
appliedManifestWorkEvictionGracePeriod:
description: AppliedManifestWorkEvictionGracePeriod is the eviction
grace period the work agent will wait before evicting the AppliedManifestWorks,
whose corresponding ManifestWorks are missing on the hub cluster,
from the managed cluster. If not present, the default value
of the work agent will be used.
description: |-
AppliedManifestWorkEvictionGracePeriod is the eviction grace period the work agent will wait before
evicting the AppliedManifestWorks, whose corresponding ManifestWorks are missing on the hub cluster, from
the managed cluster. If not present, the default value of the work agent will be used.
pattern: ^([0-9]+(s|m|h))+$
type: string
featureGates:
description: 'FeatureGates represents the list of feature gates
for work If it is set empty, default feature gates will be used.
If it is set, featuregate/Foo is an example of one item in FeatureGates:
1. If featuregate/Foo does not exist, registration-operator
will discard it 2. If featuregate/Foo exists and is false by
default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for work\nIf it is set empty, default feature gates will be
used.\nIf it is set, featuregate/Foo is an example of one item
in FeatureGates:\n 1. If featuregate/Foo does not exist, registration-operator
will discard it\n 2. If featuregate/Foo exists and is false
by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -388,11 +392,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -403,74 +406,75 @@ spec:
type: array
kubeAPIBurst:
default: 100
description: 'KubeAPIBurst indicates the maximum burst of the
throttle while talking with apiserver of hub cluster from the
spoke cluster. If it is set empty, use the default value: 100'
description: |-
KubeAPIBurst indicates the maximum burst of the throttle while talking with apiserver of hub cluster from the spoke cluster.
If it is set empty, use the default value: 100
format: int32
type: integer
kubeAPIQPS:
default: 50
description: 'KubeAPIQPS indicates the maximum QPS while talking
with apiserver of hub cluster from the spoke cluster. If it
is set empty, use the default value: 50'
description: |-
KubeAPIQPS indicates the maximum QPS while talking with apiserver of hub cluster from the spoke cluster.
If it is set empty, use the default value: 50
format: int32
type: integer
type: object
workImagePullSpec:
description: WorkImagePullSpec represents the desired image configuration
of work agent. quay.io/open-cluster-management.io/work:latest will
be used if unspecified.
description: |-
WorkImagePullSpec represents the desired image configuration of work agent.
quay.io/open-cluster-management.io/work:latest will be used if unspecified.
type: string
type: object
status:
description: Status represents the current status of Klusterlet agent.
properties:
conditions:
description: 'Conditions contain the different condition statuses
for this Klusterlet. Valid condition types are: Applied: Components
have been applied in the managed cluster. Available: Components
in the managed cluster are available and ready to serve. Progressing:
Components in the managed cluster are in a transitioning state.
Degraded: Components in the managed cluster do not match the desired
configuration and only provide degraded service.'
description: |-
Conditions contain the different condition statuses for this Klusterlet.
Valid condition types are:
Applied: Components have been applied in the managed cluster.
Available: Components in the managed cluster are available and ready to serve.
Progressing: Components in the managed cluster are in a transitioning state.
Degraded: Components in the managed cluster do not match the desired configuration and only provide
degraded service.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -484,11 +488,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -504,9 +509,9 @@ spec:
description: Generations are used to determine when an item needs
to be reconciled or has changed in a way that needs a reaction.
items:
description: GenerationStatus keeps track of the generation for
a given resource so that decisions about forced updates can be
made. The definition matches the GenerationStatus defined in github.com/openshift/api/v1
description: |-
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
The definition matches the GenerationStatus defined in github.com/openshift/api/v1
properties:
group:
description: group is the group of the resource that you're

441
deploy/klusterlet/olm-catalog/latest/manifests/operator.open-cluster-management.io_klusterlets.yaml
View File

@@ -15,22 +15,27 @@ spec:
- name: v1
schema:
openAPIV3Schema:
description: Klusterlet represents controllers to install the resources for
a managed cluster. When configured, the Klusterlet requires a secret named
bootstrap-hub-kubeconfig in the agent namespace to allow API requests to
the hub for the registration protocol. In Hosted mode, the Klusterlet requires
an additional secret named external-managed-kubeconfig in the agent namespace
to allow API requests to the managed cluster for resources installation.
description: |-
Klusterlet represents controllers to install the resources for a managed cluster.
When configured, the Klusterlet requires a secret named bootstrap-hub-kubeconfig in the
agent namespace to allow API requests to the hub for the registration protocol.
In Hosted mode, the Klusterlet requires an additional secret named external-managed-kubeconfig
in the agent namespace to allow API requests to the managed cluster for resources installation.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -39,9 +44,9 @@ spec:
agent.
properties:
clusterName:
description: ClusterName is the name of the managed cluster to be
created on hub. The Klusterlet agent generates a random name if
it is not set, or discovers the appropriate cluster name on OpenShift.
description: |-
ClusterName is the name of the managed cluster to be created on hub.
The Klusterlet agent generates a random name if it is not set, or discovers the appropriate cluster name on OpenShift.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
@@ -49,32 +54,29 @@ spec:
description: DeployOption contains the options of deploying a klusterlet
properties:
mode:
description: 'Mode can be Default, Hosted, Singleton or SingletonHosted.
It is Default mode if not specified In Default mode, all klusterlet
related resources are deployed on the managed cluster. In Hosted
mode, only crd and configurations are installed on the spoke/managed
cluster. Controllers run in another cluster (defined as management-cluster)
and connect to the mangaged cluster with the kubeconfig in secret
of "external-managed-kubeconfig"(a kubeconfig of managed-cluster
with cluster-admin permission). In Singleton mode, registration/work
agent is started as a single deployment. In SingletonHosted
mode, agent is started as a single deployment in hosted mode.
Note: Do not modify the Mode field once it''s applied.'
description: |-
Mode can be Default, Hosted, Singleton or SingletonHosted. It is Default mode if not specified
In Default mode, all klusterlet related resources are deployed on the managed cluster.
In Hosted mode, only crd and configurations are installed on the spoke/managed cluster. Controllers run in another
cluster (defined as management-cluster) and connect to the mangaged cluster with the kubeconfig in secret of
"external-managed-kubeconfig"(a kubeconfig of managed-cluster with cluster-admin permission).
In Singleton mode, registration/work agent is started as a single deployment.
In SingletonHosted mode, agent is started as a single deployment in hosted mode.
Note: Do not modify the Mode field once it's applied.
type: string
type: object
externalServerURLs:
description: ExternalServerURLs represents a list of apiserver urls
and ca bundles that is accessible externally If it is set empty,
managed cluster has no externally accessible url that hub cluster
can visit.
description: |-
ExternalServerURLs represents a list of apiserver urls and ca bundles that is accessible externally
If it is set empty, managed cluster has no externally accessible url that hub cluster can visit.
items:
description: ServerURL represents the apiserver url and ca bundle
that is accessible externally
properties:
caBundle:
description: CABundle is the ca bundle to connect to apiserver
of the managed cluster. System certs are used if it is not
set.
description: |-
CABundle is the ca bundle to connect to apiserver of the managed cluster.
System certs are used if it is not set.
format: byte
type: string
url:
@@ -84,9 +86,9 @@ spec:
type: object
type: array
hubApiServerHostAlias:
description: HubApiServerHostAlias contains the host alias for hub
api server. registration-agent and work-agent will use it to communicate
with hub api server.
description: |-
HubApiServerHostAlias contains the host alias for hub api server.
registration-agent and work-agent will use it to communicate with hub api server.
properties:
hostname:
description: Hostname for the above IP address.
@@ -101,20 +103,20 @@ spec:
- ip
type: object
imagePullSpec:
description: ImagePullSpec represents the desired image configuration
of agent, it takes effect only when singleton mode is set. quay.io/open-cluster-management.io/registration-operator:latest
will be used if unspecified
description: |-
ImagePullSpec represents the desired image configuration of agent, it takes effect only when
singleton mode is set. quay.io/open-cluster-management.io/registration-operator:latest will
be used if unspecified
type: string
namespace:
description: Namespace is the namespace to deploy the agent on the
managed cluster. The namespace must have a prefix of "open-cluster-management-",
and if it is not set, the namespace of "open-cluster-management-agent"
is used to deploy agent. In addition, the add-ons are deployed to
the namespace of "{Namespace}-addon". In the Hosted mode, this namespace
still exists on the managed cluster to contain necessary resources,
like service accounts, roles and rolebindings, while the agent is
deployed to the namespace with the same name as klusterlet on the
management cluster.
description: |-
Namespace is the namespace to deploy the agent on the managed cluster.
The namespace must have a prefix of "open-cluster-management-", and if it is not set,
the namespace of "open-cluster-management-agent" is used to deploy agent.
In addition, the add-ons are deployed to the namespace of "{Namespace}-addon".
In the Hosted mode, this namespace still exists on the managed cluster to contain
necessary resources, like service accounts, roles and rolebindings, while the agent
is deployed to the namespace with the same name as klusterlet on the management cluster.
maxLength: 57
pattern: ^open-cluster-management-[-a-z0-9]*[a-z0-9]$
type: string
@@ -129,82 +131,81 @@ spec:
on. The default is an empty list.
type: object
tolerations:
description: Tolerations are attached by pods to tolerate any
taint that matches the triple <key,value,effect> using the matching
operator <operator>. The default is an empty list.
description: |-
Tolerations are attached by pods to tolerate any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
The default is an empty list.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
priorityClassName:
description: PriorityClassName is the name of the PriorityClass that
will be used by the deployed klusterlet agent. It will be ignored
when the PriorityClass/v1 API is not available on the managed cluster.
description: |-
PriorityClassName is the name of the PriorityClass that will be used by the
deployed klusterlet agent. It will be ignored when the PriorityClass/v1 API
is not available on the managed cluster.
type: string
registrationConfiguration:
description: RegistrationConfiguration contains the configuration
of registration
properties:
bootstrapKubeConfigs:
description: "BootstrapKubeConfigs defines the ordered list of
bootstrap kubeconfigs. The order decides which bootstrap kubeconfig
to use first when rebootstrap. \n When the agent loses the connection
to the current hub over HubConnectionTimeoutSeconds, or the
managedcluster CR is set `hubAcceptsClient=false` on the hub,
the controller marks the related bootstrap kubeconfig as \"failed\".
\n A failed bootstrapkubeconfig won't be used for the duration
specified by SkipFailedBootstrapKubeConfigSeconds. But if the
user updates the content of a failed bootstrapkubeconfig, the
\"failed\" mark will be cleared."
description: |-
BootstrapKubeConfigs defines the ordered list of bootstrap kubeconfigs. The order decides which bootstrap kubeconfig to use first when rebootstrap.
When the agent loses the connection to the current hub over HubConnectionTimeoutSeconds, or the managedcluster CR
is set `hubAcceptsClient=false` on the hub, the controller marks the related bootstrap kubeconfig as "failed".
A failed bootstrapkubeconfig won't be used for the duration specified by SkipFailedBootstrapKubeConfigSeconds.
But if the user updates the content of a failed bootstrapkubeconfig, the "failed" mark will be cleared.
properties:
localSecretsConfig:
description: LocalSecretsConfig include a list of secrets
that contains the kubeconfigs for ordered bootstrap kubeconifigs.
The secrets must be in the same namespace where the agent
controller runs.
description: |-
LocalSecretsConfig include a list of secrets that contains the kubeconfigs for ordered bootstrap kubeconifigs.
The secrets must be in the same namespace where the agent controller runs.
properties:
hubConnectionTimeoutSeconds:
default: 600
description: HubConnectionTimeoutSeconds is used to set
the timeout of connecting to the hub cluster. When agent
loses the connection to the hub over the timeout seconds,
the agent do a rebootstrap. By default is 10 mins.
description: |-
HubConnectionTimeoutSeconds is used to set the timeout of connecting to the hub cluster.
When agent loses the connection to the hub over the timeout seconds, the agent do a rebootstrap.
By default is 10 mins.
format: int32
minimum: 180
type: integer
@@ -222,41 +223,39 @@ spec:
type: object
type:
default: None
description: Type specifies the type of priority bootstrap
kubeconfigs. By default, it is set to None, representing
no priority bootstrap kubeconfigs are set.
description: |-
Type specifies the type of priority bootstrap kubeconfigs.
By default, it is set to None, representing no priority bootstrap kubeconfigs are set.
enum:
- None
- LocalSecrets
type: string
type: object
clientCertExpirationSeconds:
description: clientCertExpirationSeconds represents the seconds
of a client certificate to expire. If it is not set or 0, the
default duration seconds will be set by the hub cluster. If
the value is larger than the max signing duration seconds set
on the hub cluster, the max signing duration seconds will be
set.
description: |-
clientCertExpirationSeconds represents the seconds of a client certificate to expire. If it is not set or 0, the default
duration seconds will be set by the hub cluster. If the value is larger than the max signing duration seconds set on
the hub cluster, the max signing duration seconds will be set.
format: int32
type: integer
clusterAnnotations:
additionalProperties:
type: string
description: ClusterAnnotations is annotations with the reserve
prefix "agent.open-cluster-management.io" set on ManagedCluster
when creating only, other actors can update it afterwards.
description: |-
ClusterAnnotations is annotations with the reserve prefix "agent.open-cluster-management.io" set on
ManagedCluster when creating only, other actors can update it afterwards.
type: object
featureGates:
description: 'FeatureGates represents the list of feature gates
for registration If it is set empty, default feature gates will
be used. If it is set, featuregate/Foo is an example of one
item in FeatureGates: 1. If featuregate/Foo does not exist,
registration-operator will discard it 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for registration\nIf it is set empty, default feature gates
will be used.\nIf it is set, featuregate/Foo is an example of
one item in FeatureGates:\n 1. If featuregate/Foo does not
exist, registration-operator will discard it\n 2. If featuregate/Foo
exists and is false by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -264,11 +263,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -279,46 +277,52 @@ spec:
type: array
kubeAPIBurst:
default: 100
description: 'KubeAPIBurst indicates the maximum burst of the
throttle while talking with apiserver of hub cluster from the
spoke cluster. If it is set empty, use the default value: 100'
description: |-
KubeAPIBurst indicates the maximum burst of the throttle while talking with apiserver of hub cluster from the spoke cluster.
If it is set empty, use the default value: 100
format: int32
type: integer
kubeAPIQPS:
default: 50
description: 'KubeAPIQPS indicates the maximum QPS while talking
with apiserver of hub cluster from the spoke cluster. If it
is set empty, use the default value: 50'
description: |-
KubeAPIQPS indicates the maximum QPS while talking with apiserver of hub cluster from the spoke cluster.
If it is set empty, use the default value: 50
format: int32
type: integer
type: object
registrationImagePullSpec:
description: RegistrationImagePullSpec represents the desired image
configuration of registration agent. quay.io/open-cluster-management.io/registration:latest
will be used if unspecified.
description: |-
RegistrationImagePullSpec represents the desired image configuration of registration agent.
quay.io/open-cluster-management.io/registration:latest will be used if unspecified.
type: string
resourceRequirement:
description: ResourceRequirement specify QoS classes of deployments
managed by klusterlet. It applies to all the containers in the deployments.
description: |-
ResourceRequirement specify QoS classes of deployments managed by klusterlet.
It applies to all the containers in the deployments.
properties:
resourceRequirements:
description: ResourceRequirements defines resource requests and
limits when Type is ResourceQosClassResourceRequirement
properties:
claims:
description: "Claims lists the names of resources, defined
in spec.resourceClaims, that are used by this container.
\n This is an alpha field and requires enabling the DynamicResourceAllocation
feature gate. \n This field is immutable. It can only be
set for containers."
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in PodSpec.ResourceClaims.
properties:
name:
description: Name must match the name of one entry in
pod.spec.resourceClaims of the Pod where this field
is used. It makes that resource available inside a
container.
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
@@ -334,8 +338,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
description: |-
Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
requests:
additionalProperties:
@@ -344,11 +349,11 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. Requests cannot exceed
Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
description: |-
Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
type: object
type: object
type:
@@ -363,24 +368,23 @@ spec:
description: WorkConfiguration contains the configuration of work
properties:
appliedManifestWorkEvictionGracePeriod:
description: AppliedManifestWorkEvictionGracePeriod is the eviction
grace period the work agent will wait before evicting the AppliedManifestWorks,
whose corresponding ManifestWorks are missing on the hub cluster,
from the managed cluster. If not present, the default value
of the work agent will be used.
description: |-
AppliedManifestWorkEvictionGracePeriod is the eviction grace period the work agent will wait before
evicting the AppliedManifestWorks, whose corresponding ManifestWorks are missing on the hub cluster, from
the managed cluster. If not present, the default value of the work agent will be used.
pattern: ^([0-9]+(s|m|h))+$
type: string
featureGates:
description: 'FeatureGates represents the list of feature gates
for work If it is set empty, default feature gates will be used.
If it is set, featuregate/Foo is an example of one item in FeatureGates:
1. If featuregate/Foo does not exist, registration-operator
will discard it 2. If featuregate/Foo exists and is false by
default. It is now possible to set featuregate/Foo=[false|true]
3. If featuregate/Foo exists and is true by default. If a cluster-admin
upgrading from 1 to 2 wants to continue having featuregate/Foo=false,
he can set featuregate/Foo=false before upgrading. Let''s say
the cluster-admin wants featuregate/Foo=false.'
description: "FeatureGates represents the list of feature gates
for work\nIf it is set empty, default feature gates will be
used.\nIf it is set, featuregate/Foo is an example of one item
in FeatureGates:\n 1. If featuregate/Foo does not exist, registration-operator
will discard it\n 2. If featuregate/Foo exists and is false
by default. It is now possible to set featuregate/Foo=[false|true]\n
\ 3. If featuregate/Foo exists and is true by default. If a
cluster-admin upgrading from 1 to 2 wants to continue having
featuregate/Foo=false,\n \the can set featuregate/Foo=false
before upgrading. Let's say the cluster-admin wants featuregate/Foo=false."
items:
properties:
feature:
@@ -388,11 +392,10 @@ spec:
type: string
mode:
default: Disable
description: Mode is either Enable, Disable, "" where ""
is Disable by default. In Enable mode, a valid feature
gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo`
will be set to "--featuregate/Foo=false".
description: |-
Mode is either Enable, Disable, "" where "" is Disable by default.
In Enable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=true".
In Disable mode, a valid feature gate `featuregate/Foo` will be set to "--featuregate/Foo=false".
enum:
- Enable
- Disable
@@ -403,74 +406,75 @@ spec:
type: array
kubeAPIBurst:
default: 100
description: 'KubeAPIBurst indicates the maximum burst of the
throttle while talking with apiserver of hub cluster from the
spoke cluster. If it is set empty, use the default value: 100'
description: |-
KubeAPIBurst indicates the maximum burst of the throttle while talking with apiserver of hub cluster from the spoke cluster.
If it is set empty, use the default value: 100
format: int32
type: integer
kubeAPIQPS:
default: 50
description: 'KubeAPIQPS indicates the maximum QPS while talking
with apiserver of hub cluster from the spoke cluster. If it
is set empty, use the default value: 50'
description: |-
KubeAPIQPS indicates the maximum QPS while talking with apiserver of hub cluster from the spoke cluster.
If it is set empty, use the default value: 50
format: int32
type: integer
type: object
workImagePullSpec:
description: WorkImagePullSpec represents the desired image configuration
of work agent. quay.io/open-cluster-management.io/work:latest will
be used if unspecified.
description: |-
WorkImagePullSpec represents the desired image configuration of work agent.
quay.io/open-cluster-management.io/work:latest will be used if unspecified.
type: string
type: object
status:
description: Status represents the current status of Klusterlet agent.
properties:
conditions:
description: 'Conditions contain the different condition statuses
for this Klusterlet. Valid condition types are: Applied: Components
have been applied in the managed cluster. Available: Components
in the managed cluster are available and ready to serve. Progressing:
Components in the managed cluster are in a transitioning state.
Degraded: Components in the managed cluster do not match the desired
configuration and only provide degraded service.'
description: |-
Conditions contain the different condition statuses for this Klusterlet.
Valid condition types are:
Applied: Components have been applied in the managed cluster.
Available: Components in the managed cluster are available and ready to serve.
Progressing: Components in the managed cluster are in a transitioning state.
Degraded: Components in the managed cluster do not match the desired configuration and only provide
degraded service.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -484,11 +488,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -504,9 +509,9 @@ spec:
description: Generations are used to determine when an item needs
to be reconciled or has changed in a way that needs a reaction.
items:
description: GenerationStatus keeps track of the generation for
a given resource so that decisions about forced updates can be
made. The definition matches the GenerationStatus defined in github.com/openshift/api/v1
description: |-
GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
The definition matches the GenerationStatus defined in github.com/openshift/api/v1
properties:
group:
description: group is the group of the resource that you're

46
go.mod
View File

@@ -1,6 +1,6 @@
module open-cluster-management.io/ocm
go 1.21
go 1.22.0
require (
github.com/cloudevents/sdk-go/v2 v2.15.3-0.20240329120647-e6a74efbacbf
@@ -12,9 +12,9 @@ require (
github.com/mochi-mqtt/server/v2 v2.4.6
github.com/onsi/ginkgo/v2 v2.17.1
github.com/onsi/gomega v1.32.0
github.com/openshift/api v0.0.0-20231218131639-7a5aa77cc72d
github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8
github.com/openshift/library-go v0.0.0-20240116081341-964bcb3f545c
github.com/openshift/api v0.0.0-20240527133614-ba11c1587003
github.com/openshift/build-machinery-go v0.0.0-20240419090851-af9c868bcf52
github.com/openshift/library-go v0.0.0-20240621150525-4bb4238aef81
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.18.0
github.com/spf13/cobra v1.8.0
@@ -25,19 +25,19 @@ require (
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
golang.org/x/net v0.23.0
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.29.4
k8s.io/apiextensions-apiserver v0.29.3
k8s.io/apimachinery v0.29.4
k8s.io/apiserver v0.29.3
k8s.io/client-go v0.29.4
k8s.io/component-base v0.29.3
k8s.io/api v0.30.2
k8s.io/apiextensions-apiserver v0.30.2
k8s.io/apimachinery v0.30.2
k8s.io/apiserver v0.30.2
k8s.io/client-go v0.30.2
k8s.io/component-base v0.30.2
k8s.io/klog/v2 v2.120.1
k8s.io/kube-aggregator v0.29.3
k8s.io/kube-aggregator v0.30.1
k8s.io/utils v0.0.0-20240310230437-4693a0247e57
open-cluster-management.io/addon-framework v0.10.0
open-cluster-management.io/api v0.14.0
open-cluster-management.io/sdk-go v0.14.0
sigs.k8s.io/controller-runtime v0.17.3
open-cluster-management.io/addon-framework v0.10.1-0.20240701065245-fa77e9b77a3b
open-cluster-management.io/api v0.14.1-0.20240627145512-bd6f2229b53c
open-cluster-management.io/sdk-go v0.14.1-0.20240628095929-9ffb1b19e566
sigs.k8s.io/controller-runtime v0.18.4
sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96
)
@@ -62,7 +62,7 @@ require (
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/eclipse/paho.golang v0.11.0 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch/v5 v5.8.0 // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/fatih/structs v1.1.0 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
@@ -77,7 +77,7 @@ require (
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/cel-go v0.17.7 // indirect
github.com/google/cel-go v0.17.8 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
@@ -93,12 +93,10 @@ require (
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/openshift/client-go v0.0.0-20231218140158-47f6d749b9d9 // indirect
github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 // indirect
github.com/pkg/profile v1.3.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
@@ -134,7 +132,7 @@ require (
golang.org/x/term v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.17.0 // indirect
golang.org/x/tools v0.18.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
@@ -146,9 +144,9 @@ require (
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
helm.sh/helm/v3 v3.14.2 // indirect
k8s.io/kms v0.29.3 // indirect
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect
k8s.io/kms v0.30.2 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect

88
go.sum
View File

@@ -80,8 +80,8 @@ github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU
github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro=
github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
@@ -124,8 +124,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
github.com/google/cel-go v0.17.7 h1:6ebJFzu1xO2n7TLtN+UBqShGBhlD85bhvglh5DpcfqQ=
github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto=
github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -220,16 +220,16 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w=
github.com/opencontainers/runc v1.1.3/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
github.com/openshift/api v0.0.0-20231218131639-7a5aa77cc72d h1:aVjDasSo08KUIltX++Mcl6ptN0ooxh3dRttHBFGVVI0=
github.com/openshift/api v0.0.0-20231218131639-7a5aa77cc72d/go.mod h1:RLaNkRn87bQeH3MpTWXCxlSb62qVGBxfQY344jBfVsg=
github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8 h1:cu3YUMVGsKIyFyJGO3F6BZKGYQZpCKxAv9cBPgQAca8=
github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
github.com/openshift/client-go v0.0.0-20231218140158-47f6d749b9d9 h1:kjgW3luAkf9NWu+8u+jqNNbexDG+CY82/INw8hGbG14=
github.com/openshift/client-go v0.0.0-20231218140158-47f6d749b9d9/go.mod h1:kKmxYRXTMutfF7XzGppFdbLhNGX1brXkRsZx5ID8c7U=
github.com/openshift/library-go v0.0.0-20240116081341-964bcb3f545c h1:gLylEQQryG+A6nqWYIwE1wUzn1eFUmthjADvflMWKnM=
github.com/openshift/library-go v0.0.0-20240116081341-964bcb3f545c/go.mod h1:82B0gt8XawdXWRtKMrm3jSMTeRsiOSYKCi4F0fvPjG0=
github.com/opencontainers/runc v1.1.10 h1:EaL5WeO9lv9wmS6SASjszOeQdSctvpbu0DdBQBizE40=
github.com/opencontainers/runc v1.1.10/go.mod h1:+/R6+KmDlh+hOO8NkjmgkG9Qzvypzk0yXxAPYYR65+M=
github.com/openshift/api v0.0.0-20240527133614-ba11c1587003 h1:ewhIvyXCcvH6m3U02bMFtd/DfsmOSbOCuVzon+zGu7g=
github.com/openshift/api v0.0.0-20240527133614-ba11c1587003/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM=
github.com/openshift/build-machinery-go v0.0.0-20240419090851-af9c868bcf52 h1:bqBwrXG7sbJUqP1Og1bR8FvVh7qb7CrMgy9saKmOZFs=
github.com/openshift/build-machinery-go v0.0.0-20240419090851-af9c868bcf52/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 h1:JtLhaGpSEconE+1IKmIgCOof/Len5ceG6H1pk43yv5U=
github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87/go.mod h1:3IPD4U0qyovZS4EFady2kqY32m8lGcbs/Wx+yprg9z8=
github.com/openshift/library-go v0.0.0-20240621150525-4bb4238aef81 h1:cAo++YCkjrClksMEAPqK9SLMCroqlbGxNTluxeKGIGc=
github.com/openshift/library-go v0.0.0-20240621150525-4bb4238aef81/go.mod h1:PdASVamWinll2BPxiUpXajTwZxV8A1pQbWEsCN1od7I=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/profile v1.3.0 h1:OQIvuDgm00gWVWGTf4m4mCt6W1/0YqU7Ntg0mySWgaI=
@@ -401,8 +401,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=
golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -443,38 +443,38 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA=
helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424=
k8s.io/api v0.29.4 h1:WEnF/XdxuCxdG3ayHNRR8yH3cI1B/llkWBma6bq4R3w=
k8s.io/api v0.29.4/go.mod h1:DetSv0t4FBTcEpfA84NJV3g9a7+rSzlUHk5ADAYHUv0=
k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI=
k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc=
k8s.io/apimachinery v0.29.4 h1:RaFdJiDmuKs/8cm1M6Dh1Kvyh59YQFDcFuFTSmXes6Q=
k8s.io/apimachinery v0.29.4/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
k8s.io/apiserver v0.29.3 h1:xR7ELlJ/BZSr2n4CnD3lfA4gzFivh0wwfNfz9L0WZcE=
k8s.io/apiserver v0.29.3/go.mod h1:hrvXlwfRulbMbBgmWRQlFru2b/JySDpmzvQwwk4GUOs=
k8s.io/client-go v0.29.4 h1:79ytIedxVfyXV8rpH3jCBW0u+un0fxHDwX5F9K8dPR8=
k8s.io/client-go v0.29.4/go.mod h1:kC1thZQ4zQWYwldsfI088BbK6RkxK+aF5ebV8y9Q4tk=
k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo=
k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio=
k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=
k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI=
k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE=
k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw=
k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw=
k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8=
k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII=
k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE=
k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kms v0.29.3 h1:ReljsAUhYlm2spdT4yXmY+9a8x8dc/OT4mXvwQPPteQ=
k8s.io/kms v0.29.3/go.mod h1:TBGbJKpRUMk59neTMDMddjIDL+D4HuFUbpuiuzmOPg0=
k8s.io/kube-aggregator v0.29.3 h1:5KvTyFN8sQq2imq8tMAHWEKoE64Zg9WSMaGX78KV6ps=
k8s.io/kube-aggregator v0.29.3/go.mod h1:xGJqV/SJJ1fbwTGfQLAZfwgqX1EMoaqfotDTkDrqqSk=
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
k8s.io/kms v0.30.2 h1:VSZILO/tkzrz5Tu2j+yFQZ2Dc5JerQZX2GqhFJbQrfw=
k8s.io/kms v0.30.2/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4=
k8s.io/kube-aggregator v0.30.1 h1:ymR2BsxDacTKwzKTuNhGZttuk009c+oZbSeD+IPX5q4=
k8s.io/kube-aggregator v0.30.1/go.mod h1:SFbqWsM6ea8dHd3mPLsZFzJHbjBOS5ykIgJh4znZ5iQ=
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
open-cluster-management.io/addon-framework v0.10.0 h1:bwI1XujcbkDoqlCFG1mKuwXNzoED4im/9/9BVu4xpRo=
open-cluster-management.io/addon-framework v0.10.0/go.mod h1:HayKCznnlyW+0dUJQGj5sNR6i3tvylSySD3YnvZkBtY=
open-cluster-management.io/api v0.14.0 h1:yjhnNeO/QudiIoEi0i/yUYmP3iElAfUgtj4pHMV+4uM=
open-cluster-management.io/api v0.14.0/go.mod h1:ltijKJhDifrPH0csvCUmFt5lzaERv+BBfh6X3l83rT0=
open-cluster-management.io/sdk-go v0.14.0 h1:wdnk9/qANruUKorggrMee7lavwvdP5Toks8WA6nVHlo=
open-cluster-management.io/sdk-go v0.14.0/go.mod h1:muWzHWsgK8IsopltwTnsBjf4DN9IcC9rF0G2uEq/Pjw=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 h1:TgtAeesdhpm2SGwkQasmbeqDo8th5wOBA5h/AjTKA4I=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0/go.mod h1:VHVDI/KrK4fjnV61bE2g3sA7tiETLn8sooImelsCx3Y=
sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk=
sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY=
open-cluster-management.io/addon-framework v0.10.1-0.20240701065245-fa77e9b77a3b h1:5vtr57PKfsdg02n8fCcLN1vHfhL1LM6jnrp2KF8C77k=
open-cluster-management.io/addon-framework v0.10.1-0.20240701065245-fa77e9b77a3b/go.mod h1:C1VETu/CIQKYfMiVAgNzPEUHjCpL9P1Z/KsGhHa4kl4=
open-cluster-management.io/api v0.14.1-0.20240627145512-bd6f2229b53c h1:gYfgkX/U6fv2d3Ly8D6N1GM9zokORupLSgCxx791zZw=
open-cluster-management.io/api v0.14.1-0.20240627145512-bd6f2229b53c/go.mod h1:9erZEWEn4bEqh0nIX2wA7f/s3KCuFycQdBrPrRzi0QM=
open-cluster-management.io/sdk-go v0.14.1-0.20240628095929-9ffb1b19e566 h1:8dgPiM3byX/rtOrFJIsea2haV4hSFTND65Tlj1EdK18=
open-cluster-management.io/sdk-go v0.14.1-0.20240628095929-9ffb1b19e566/go.mod h1:xFmN3Db5nN68oLGnstmIRv4us8HJCdXFnBNMXVp0jWY=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4=
sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw=
sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 h1:PFWFSkpArPNJxFX4ZKWAk9NSeRoZaXschn+ULa4xVek=

488
manifests/cluster-manager/hub/0000_00_addon.open-cluster-management.io_clustermanagementaddons.crd.yaml
View File

@@ -25,22 +25,27 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterManagementAddOn represents the registration of an add-on
to the cluster manager. This resource allows you to discover which add-ons
are available for the cluster manager and provides metadata information
about the add-ons. The ClusterManagementAddOn name is used for the namespace-scoped
ManagedClusterAddOn resource. ClusterManagementAddOn is a cluster-scoped
resource.
description: |-
ClusterManagementAddOn represents the registration of an add-on to the cluster manager.
This resource allows you to discover which add-ons are available for the cluster manager
and provides metadata information about the add-ons. The ClusterManagementAddOn name is used
for the namespace-scoped ManagedClusterAddOn resource.
ClusterManagementAddOn is a cluster-scoped resource.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -49,22 +54,21 @@ spec:
the cluster management add-on.
properties:
addOnConfiguration:
description: 'Deprecated: Use supportedConfigs filed instead addOnConfiguration
is a reference to configuration information for the add-on. In scenario
where a multiple add-ons share the same add-on CRD, multiple ClusterManagementAddOn
resources need to be created and reference the same AddOnConfiguration.'
description: |-
Deprecated: Use supportedConfigs filed instead
addOnConfiguration is a reference to configuration information for the add-on.
In scenario where a multiple add-ons share the same add-on CRD, multiple ClusterManagementAddOn
resources need to be created and reference the same AddOnConfiguration.
properties:
crName:
description: crName is the name of the CR used to configure instances
of the managed add-on. This field should be configured if add-on
CR have a consistent name across the all of the ManagedCluster
instaces.
description: |-
crName is the name of the CR used to configure instances of the managed add-on.
This field should be configured if add-on CR have a consistent name across the all of the ManagedCluster instaces.
type: string
crdName:
description: crdName is the name of the CRD used to configure
instances of the managed add-on. This field should be configured
if the add-on have a CRD that controls the configuration of
the add-on.
description: |-
crdName is the name of the CRD used to configure instances of the managed add-on.
This field should be configured if the add-on have a CRD that controls the configuration of the add-on.
type: string
lastObservedGeneration:
description: lastObservedGeneration is the observed generation
@@ -88,22 +92,22 @@ spec:
installStrategy:
default:
type: Manual
description: InstallStrategy represents that related ManagedClusterAddOns
should be installed on certain clusters.
description: |-
InstallStrategy represents that related ManagedClusterAddOns should be installed
on certain clusters.
properties:
placements:
description: Placements is a list of placement references honored
when install strategy type is Placements. All clusters selected
by these placements will install the addon If one cluster belongs
to multiple placements, it will only apply the strategy defined
later in the order. That is to say, The latter strategy overrides
the previous one.
description: |-
Placements is a list of placement references honored when install strategy type is
Placements. All clusters selected by these placements will install the addon
If one cluster belongs to multiple placements, it will only apply the strategy defined
later in the order. That is to say, The latter strategy overrides the previous one.
items:
properties:
configs:
description: Configs is the configuration of managedClusterAddon
during installation. User can override the configuration
by updating the managedClusterAddon directly.
description: |-
Configs is the configuration of managedClusterAddon during installation.
User can override the configuration by updating the managedClusterAddon directly.
items:
properties:
group:
@@ -115,9 +119,9 @@ spec:
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration.
If this field is not set, the configuration is in
the cluster scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
resource:
description: resource of the add-on configuration.
@@ -139,9 +143,9 @@ spec:
rolloutStrategy:
default:
type: All
description: The rollout strategy to apply addon configurations
change. The rollout strategy only watches the addon configurations
defined in ClusterManagementAddOn.
description: |-
The rollout strategy to apply addon configurations change.
The rollout strategy only watches the addon configurations defined in ClusterManagementAddOn.
properties:
all:
description: All defines required fields for RolloutStrategy
@@ -152,52 +156,41 @@ spec:
- type: integer
- type: string
default: 0
description: MaxFailures is a percentage or number
of clusters in the current rollout that can fail
before proceeding to the next rollout. Fail means
the cluster has a failed status or timeout status
description: |-
MaxFailures is a percentage or number of clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster has a failed status or timeout status
(does not reach successful status after ProgressDeadline).
Once the MaxFailures is breached, the rollout
will stop. MaxFailures is only considered for
rollout types Progressive and ProgressivePerGroup.
For Progressive, this is considered over the total
number of clusters. For ProgressivePerGroup, this
is considered according to the size of the current
group. For both Progressive and ProgressivePerGroup,
the MaxFailures does not apply for MandatoryDecisionGroups,
which tolerate no failures. Default is that no
failures are tolerated.
Once the MaxFailures is breached, the rollout will stop.
MaxFailures is only considered for rollout types Progressive and ProgressivePerGroup. For
Progressive, this is considered over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current group. For both Progressive and
ProgressivePerGroup, the MaxFailures does not apply for MandatoryDecisionGroups, which tolerate
no failures.
Default is that no failures are tolerated.
pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
x-kubernetes-int-or-string: true
minSuccessTime:
default: "0"
description: MinSuccessTime is a "soak" time. In
other words, the minimum amount of time the workload
applier controller will wait from the start of
each rollout before proceeding (assuming a successful
state has been reached and MaxFailures wasn't
breached). MinSuccessTime is only considered for
rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier
proceeds immediately after a successful state
is reached. MinSuccessTime must be defined in
[0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
, 360s
description: |-
MinSuccessTime is a "soak" time. In other words, the minimum amount of time the workload
applier controller will wait from the start of each rollout before proceeding (assuming a
successful state has been reached and MaxFailures wasn't breached).
MinSuccessTime is only considered for rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier proceeds immediately after a successful
state is reached.
MinSuccessTime must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
type: string
progressDeadline:
default: None
description: ProgressDeadline defines how long workload
applier controller will wait for the workload
to reach a successful state in the cluster. If
the workload does not reach a successful state
after ProgressDeadline, will stop waiting and
workload will be treated as "timeout" and be counted
into MaxFailures. Once the MaxFailures is breached,
the rollout will stop. ProgressDeadline default
value is "None", meaning the workload applier
will wait for a successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
format examples; 2h , 90m , 360s
description: |-
ProgressDeadline defines how long workload applier controller will wait for the workload to
reach a successful state in the cluster.
If the workload does not reach a successful state after ProgressDeadline, will stop waiting
and workload will be treated as "timeout" and be counted into MaxFailures. Once the MaxFailures
is breached, the rollout will stop.
ProgressDeadline default value is "None", meaning the workload applier will wait for a
successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
pattern: ^(([0-9])+[h|m|s])|None$
type: string
type: object
@@ -206,26 +199,26 @@ spec:
RolloutStrategy type Progressive
properties:
mandatoryDecisionGroups:
description: List of the decision groups names or
indexes to apply the workload first and fail if
workload did not reach successful state. GroupName
or GroupIndex must match with the decisionGroups
defined in the placement's decisionStrategy
description: |-
List of the decision groups names or indexes to apply the workload first and fail if workload
did not reach successful state.
GroupName or GroupIndex must match with the decisionGroups defined in the placement's
decisionStrategy
items:
description: MandatoryDecisionGroup set the decision
group name or group index. GroupName is considered
first to select the decisionGroups then GroupIndex.
description: |-
MandatoryDecisionGroup set the decision group name or group index.
GroupName is considered first to select the decisionGroups then GroupIndex.
properties:
groupIndex:
description: GroupIndex of the decision group
should match the placementDecisions label
value with label key cluster.open-cluster-management.io/decision-group-index
description: |-
GroupIndex of the decision group should match the placementDecisions label value with label key
cluster.open-cluster-management.io/decision-group-index
format: int32
type: integer
groupName:
description: GroupName of the decision group
should match the placementDecisions label
value with label key cluster.open-cluster-management.io/decision-group-name
description: |-
GroupName of the decision group should match the placementDecisions label value with label key
cluster.open-cluster-management.io/decision-group-name
type: string
type: object
type: array
@@ -233,10 +226,9 @@ spec:
anyOf:
- type: integer
- type: string
description: MaxConcurrency is the max number of
clusters to deploy workload concurrently. The
default value for MaxConcurrency is determined
from the clustersPerDecisionGroup defined in the
description: |-
MaxConcurrency is the max number of clusters to deploy workload concurrently. The default value
for MaxConcurrency is determined from the clustersPerDecisionGroup defined in the
placement->DecisionStrategy.
pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
x-kubernetes-int-or-string: true
@@ -245,52 +237,41 @@ spec:
- type: integer
- type: string
default: 0
description: MaxFailures is a percentage or number
of clusters in the current rollout that can fail
before proceeding to the next rollout. Fail means
the cluster has a failed status or timeout status
description: |-
MaxFailures is a percentage or number of clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster has a failed status or timeout status
(does not reach successful status after ProgressDeadline).
Once the MaxFailures is breached, the rollout
will stop. MaxFailures is only considered for
rollout types Progressive and ProgressivePerGroup.
For Progressive, this is considered over the total
number of clusters. For ProgressivePerGroup, this
is considered according to the size of the current
group. For both Progressive and ProgressivePerGroup,
the MaxFailures does not apply for MandatoryDecisionGroups,
which tolerate no failures. Default is that no
failures are tolerated.
Once the MaxFailures is breached, the rollout will stop.
MaxFailures is only considered for rollout types Progressive and ProgressivePerGroup. For
Progressive, this is considered over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current group. For both Progressive and
ProgressivePerGroup, the MaxFailures does not apply for MandatoryDecisionGroups, which tolerate
no failures.
Default is that no failures are tolerated.
pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
x-kubernetes-int-or-string: true
minSuccessTime:
default: "0"
description: MinSuccessTime is a "soak" time. In
other words, the minimum amount of time the workload
applier controller will wait from the start of
each rollout before proceeding (assuming a successful
state has been reached and MaxFailures wasn't
breached). MinSuccessTime is only considered for
rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier
proceeds immediately after a successful state
is reached. MinSuccessTime must be defined in
[0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
, 360s
description: |-
MinSuccessTime is a "soak" time. In other words, the minimum amount of time the workload
applier controller will wait from the start of each rollout before proceeding (assuming a
successful state has been reached and MaxFailures wasn't breached).
MinSuccessTime is only considered for rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier proceeds immediately after a successful
state is reached.
MinSuccessTime must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
type: string
progressDeadline:
default: None
description: ProgressDeadline defines how long workload
applier controller will wait for the workload
to reach a successful state in the cluster. If
the workload does not reach a successful state
after ProgressDeadline, will stop waiting and
workload will be treated as "timeout" and be counted
into MaxFailures. Once the MaxFailures is breached,
the rollout will stop. ProgressDeadline default
value is "None", meaning the workload applier
will wait for a successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
format examples; 2h , 90m , 360s
description: |-
ProgressDeadline defines how long workload applier controller will wait for the workload to
reach a successful state in the cluster.
If the workload does not reach a successful state after ProgressDeadline, will stop waiting
and workload will be treated as "timeout" and be counted into MaxFailures. Once the MaxFailures
is breached, the rollout will stop.
ProgressDeadline default value is "None", meaning the workload applier will wait for a
successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
pattern: ^(([0-9])+[h|m|s])|None$
type: string
type: object
@@ -299,26 +280,26 @@ spec:
for RolloutStrategy type ProgressivePerGroup
properties:
mandatoryDecisionGroups:
description: List of the decision groups names or
indexes to apply the workload first and fail if
workload did not reach successful state. GroupName
or GroupIndex must match with the decisionGroups
defined in the placement's decisionStrategy
description: |-
List of the decision groups names or indexes to apply the workload first and fail if workload
did not reach successful state.
GroupName or GroupIndex must match with the decisionGroups defined in the placement's
decisionStrategy
items:
description: MandatoryDecisionGroup set the decision
group name or group index. GroupName is considered
first to select the decisionGroups then GroupIndex.
description: |-
MandatoryDecisionGroup set the decision group name or group index.
GroupName is considered first to select the decisionGroups then GroupIndex.
properties:
groupIndex:
description: GroupIndex of the decision group
should match the placementDecisions label
value with label key cluster.open-cluster-management.io/decision-group-index
description: |-
GroupIndex of the decision group should match the placementDecisions label value with label key
cluster.open-cluster-management.io/decision-group-index
format: int32
type: integer
groupName:
description: GroupName of the decision group
should match the placementDecisions label
value with label key cluster.open-cluster-management.io/decision-group-name
description: |-
GroupName of the decision group should match the placementDecisions label value with label key
cluster.open-cluster-management.io/decision-group-name
type: string
type: object
type: array
@@ -327,52 +308,41 @@ spec:
- type: integer
- type: string
default: 0
description: MaxFailures is a percentage or number
of clusters in the current rollout that can fail
before proceeding to the next rollout. Fail means
the cluster has a failed status or timeout status
description: |-
MaxFailures is a percentage or number of clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster has a failed status or timeout status
(does not reach successful status after ProgressDeadline).
Once the MaxFailures is breached, the rollout
will stop. MaxFailures is only considered for
rollout types Progressive and ProgressivePerGroup.
For Progressive, this is considered over the total
number of clusters. For ProgressivePerGroup, this
is considered according to the size of the current
group. For both Progressive and ProgressivePerGroup,
the MaxFailures does not apply for MandatoryDecisionGroups,
which tolerate no failures. Default is that no
failures are tolerated.
Once the MaxFailures is breached, the rollout will stop.
MaxFailures is only considered for rollout types Progressive and ProgressivePerGroup. For
Progressive, this is considered over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current group. For both Progressive and
ProgressivePerGroup, the MaxFailures does not apply for MandatoryDecisionGroups, which tolerate
no failures.
Default is that no failures are tolerated.
pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
x-kubernetes-int-or-string: true
minSuccessTime:
default: "0"
description: MinSuccessTime is a "soak" time. In
other words, the minimum amount of time the workload
applier controller will wait from the start of
each rollout before proceeding (assuming a successful
state has been reached and MaxFailures wasn't
breached). MinSuccessTime is only considered for
rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier
proceeds immediately after a successful state
is reached. MinSuccessTime must be defined in
[0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m
, 360s
description: |-
MinSuccessTime is a "soak" time. In other words, the minimum amount of time the workload
applier controller will wait from the start of each rollout before proceeding (assuming a
successful state has been reached and MaxFailures wasn't breached).
MinSuccessTime is only considered for rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier proceeds immediately after a successful
state is reached.
MinSuccessTime must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
type: string
progressDeadline:
default: None
description: ProgressDeadline defines how long workload
applier controller will wait for the workload
to reach a successful state in the cluster. If
the workload does not reach a successful state
after ProgressDeadline, will stop waiting and
workload will be treated as "timeout" and be counted
into MaxFailures. Once the MaxFailures is breached,
the rollout will stop. ProgressDeadline default
value is "None", meaning the workload applier
will wait for a successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s]
format examples; 2h , 90m , 360s
description: |-
ProgressDeadline defines how long workload applier controller will wait for the workload to
reach a successful state in the cluster.
If the workload does not reach a successful state after ProgressDeadline, will stop waiting
and workload will be treated as "timeout" and be counted into MaxFailures. Once the MaxFailures
is breached, the rollout will stop.
ProgressDeadline default value is "None", meaning the workload applier will wait for a
successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
pattern: ^(([0-9])+[h|m|s])|None$
type: string
type: object
@@ -395,35 +365,37 @@ spec:
x-kubernetes-list-type: map
type:
default: Manual
description: 'Type is the type of the install strategy, it can
be: - Manual: no automatic install - Placements: install to
clusters selected by placements.'
description: |-
Type is the type of the install strategy, it can be:
- Manual: no automatic install
- Placements: install to clusters selected by placements.
enum:
- Manual
- Placements
type: string
type: object
supportedConfigs:
description: supportedConfigs is a list of configuration types supported
by add-on. An empty list means the add-on does not require configurations.
description: |-
supportedConfigs is a list of configuration types supported by add-on.
An empty list means the add-on does not require configurations.
The default is an empty list
items:
description: ConfigMeta represents a collection of metadata information
for add-on configuration.
properties:
defaultConfig:
description: defaultConfig represents the namespace and name
of the default add-on configuration. In scenario where all
add-ons have a same configuration.
description: |-
defaultConfig represents the namespace and name of the default add-on configuration.
In scenario where all add-ons have a same configuration.
properties:
name:
description: name of the add-on configuration.
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration. If this
field is not set, the configuration is in the cluster
scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
required:
- name
@@ -453,9 +425,9 @@ spec:
description: defaultconfigReferences is a list of current add-on default
configuration references.
items:
description: DefaultConfigReference is a reference to the current
add-on configuration. This resource is used to record the configuration
resource for the current add-on.
description: |-
DefaultConfigReference is a reference to the current add-on configuration.
This resource is used to record the configuration resource for the current add-on.
properties:
desiredConfig:
description: desiredConfig record the desired config spec hash.
@@ -465,9 +437,9 @@ spec:
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration. If this
field is not set, the configuration is in the cluster
scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
specHash:
description: spec hash for an add-on configuration.
@@ -497,46 +469,45 @@ spec:
monitored components for the operator.
items:
description: "Condition contains details for one aspect of
the current state of this API Resource. --- This struct
the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
.status.conditions. For example, \n type FooStatus struct{
// Represents the observations of a foo's current state.
// Known .status.conditions.type are: \"Available\", \"Progressing\",
and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
}"
.status.conditions. For example,\n\n\n\ttype FooStatus
struct{\n\t // Represents the observations of a foo's
current state.\n\t // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+listType=map\n\t // +listMapKey=type\n\t Conditions
[]metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should
be when the underlying condition changed. If that is
not known, then using the time when the API field changed
is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance,
if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the
current state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define expected
values and meanings for this field, and whether the
values are considered a guaranteed API. The value should
be a CamelCase string. This field may not be empty.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -550,12 +521,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across
resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability
to deconflict is important. The regex it matches is
(dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -571,9 +542,9 @@ spec:
description: configReferences is a list of current add-on configuration
references.
items:
description: InstallConfigReference is a reference to the
current add-on configuration. This resource is used to record
the configuration resource for the current add-on.
description: |-
InstallConfigReference is a reference to the current add-on configuration.
This resource is used to record the configuration resource for the current add-on.
properties:
desiredConfig:
description: desiredConfig record the desired config name
@@ -584,9 +555,9 @@ spec:
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration.
If this field is not set, the configuration is in
the cluster scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
specHash:
description: spec hash for an add-on configuration.
@@ -599,18 +570,18 @@ spec:
description: group of the add-on configuration.
type: string
lastAppliedConfig:
description: lastAppliedConfig records the config spec
hash when the all the corresponding ManagedClusterAddOn
are applied successfully.
description: |-
lastAppliedConfig records the config spec hash when the all the corresponding
ManagedClusterAddOn are applied successfully.
properties:
name:
description: name of the add-on configuration.
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration.
If this field is not set, the configuration is in
the cluster scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
specHash:
description: spec hash for an add-on configuration.
@@ -619,22 +590,21 @@ spec:
- name
type: object
lastKnownGoodConfig:
description: lastKnownGoodConfig records the last known
good config spec hash. For fresh install or rollout
with type UpdateAll or RollingUpdate, the lastKnownGoodConfig
is the same as lastAppliedConfig. For rollout with type
RollingUpdateWithCanary, the lastKnownGoodConfig is
the last successfully applied config spec hash of the
canary placement.
description: |-
lastKnownGoodConfig records the last known good config spec hash.
For fresh install or rollout with type UpdateAll or RollingUpdate, the
lastKnownGoodConfig is the same as lastAppliedConfig.
For rollout with type RollingUpdateWithCanary, the lastKnownGoodConfig
is the last successfully applied config spec hash of the canary placement.
properties:
name:
description: name of the add-on configuration.
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration.
If this field is not set, the configuration is in
the cluster scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
specHash:
description: spec hash for an add-on configuration.

198
manifests/cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclusters.crd.yaml
View File

@@ -34,29 +34,39 @@ spec:
name: v1
schema:
openAPIV3Schema:
description: "ManagedCluster represents the desired state and current status
description: |-
ManagedCluster represents the desired state and current status
of a managed cluster. ManagedCluster is a cluster-scoped resource. The name
is the cluster UID. \n The cluster join process is a double opt-in process.
See the following join process steps: \n 1. The agent on the managed cluster
creates a CSR on the hub with the cluster UID and agent name. 2. The agent
on the managed cluster creates a ManagedCluster on the hub. 3. The cluster
admin on the hub cluster approves the CSR for the UID and agent name of
the ManagedCluster. 4. The cluster admin sets the spec.acceptClient of the
ManagedCluster to true. 5. The cluster admin on the managed cluster creates
a credential of the kubeconfig for the hub cluster. \n After the hub cluster
creates the cluster namespace, the klusterlet agent on the ManagedCluster
pushes the credential to the hub cluster to use against the kube-apiserver
of the ManagedCluster."
is the cluster UID.
The cluster join process is a double opt-in process. See the following join process steps:
1. The agent on the managed cluster creates a CSR on the hub with the cluster UID and agent name.
2. The agent on the managed cluster creates a ManagedCluster on the hub.
3. The cluster admin on the hub cluster approves the CSR for the UID and agent name of the ManagedCluster.
4. The cluster admin sets the spec.acceptClient of the ManagedCluster to true.
5. The cluster admin on the managed cluster creates a credential of the kubeconfig for the hub cluster.
After the hub cluster creates the cluster namespace, the klusterlet agent on the ManagedCluster pushes
the credential to the hub cluster to use against the kube-apiserver of the ManagedCluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -65,38 +75,37 @@ spec:
the managed cluster.
properties:
hubAcceptsClient:
description: hubAcceptsClient represents that hub accepts the joining
of Klusterlet agent on the managed cluster with the hub. The default
value is false, and can only be set true when the user on hub has
an RBAC rule to UPDATE on the virtual subresource of managedclusters/accept.
When the value is set true, a namespace whose name is the same as
the name of ManagedCluster is created on the hub. This namespace
represents the managed cluster, also role/rolebinding is created
on the namespace to grant the permision of access from the agent
on the managed cluster. When the value is set to false, the namespace
representing the managed cluster is deleted.
description: |-
hubAcceptsClient represents that hub accepts the joining of Klusterlet agent on
the managed cluster with the hub. The default value is false, and can only be set
true when the user on hub has an RBAC rule to UPDATE on the virtual subresource
of managedclusters/accept.
When the value is set true, a namespace whose name is the same as the name of ManagedCluster
is created on the hub. This namespace represents the managed cluster, also role/rolebinding is created on
the namespace to grant the permision of access from the agent on the managed cluster.
When the value is set to false, the namespace representing the managed cluster is
deleted.
type: boolean
leaseDurationSeconds:
default: 60
description: LeaseDurationSeconds is used to coordinate the lease
update time of Klusterlet agents on the managed cluster. If its
value is zero, the Klusterlet agent will update its lease every
60 seconds by default
description: |-
LeaseDurationSeconds is used to coordinate the lease update time of Klusterlet agents on the managed cluster.
If its value is zero, the Klusterlet agent will update its lease every 60 seconds by default
format: int32
type: integer
managedClusterClientConfigs:
description: ManagedClusterClientConfigs represents a list of the
apiserver address of the managed cluster. If it is empty, the managed
cluster has no accessible address for the hub to connect with it.
description: |-
ManagedClusterClientConfigs represents a list of the apiserver address of the managed cluster.
If it is empty, the managed cluster has no accessible address for the hub to connect with it.
items:
description: ClientConfig represents the apiserver address of the
managed cluster. TODO include credential to connect to managed
cluster kube-apiserver
description: |-
ClientConfig represents the apiserver address of the managed cluster.
TODO include credential to connect to managed cluster kube-apiserver
properties:
caBundle:
description: CABundle is the ca bundle to connect to apiserver
of the managed cluster. System certs are used if it is not
set.
description: |-
CABundle is the ca bundle to connect to apiserver of the managed cluster.
System certs are used if it is not set.
format: byte
type: string
url:
@@ -106,27 +115,28 @@ spec:
type: object
type: array
taints:
description: Taints is a property of managed cluster that allow the
cluster to be repelled when scheduling. Taints, including 'ManagedClusterUnavailable'
and 'ManagedClusterUnreachable', can not be added/removed by agent
running on the managed cluster; while it's fine to add/remove other
taints from either hub cluser or managed cluster.
description: |-
Taints is a property of managed cluster that allow the cluster to be repelled when scheduling.
Taints, including 'ManagedClusterUnavailable' and 'ManagedClusterUnreachable', can not be added/removed by agent
running on the managed cluster; while it's fine to add/remove other taints from either hub cluser or managed cluster.
items:
description: The managed cluster this Taint is attached to has the
"effect" on any placement that does not tolerate the Taint.
description: |-
The managed cluster this Taint is attached to has the "effect" on
any placement that does not tolerate the Taint.
properties:
effect:
description: Effect indicates the effect of the taint on placements
that do not tolerate the taint. Valid effects are NoSelect,
PreferNoSelect and NoSelectIfNew.
description: |-
Effect indicates the effect of the taint on placements that do not tolerate the taint.
Valid effects are NoSelect, PreferNoSelect and NoSelectIfNew.
enum:
- NoSelect
- PreferNoSelect
- NoSelectIfNew
type: string
key:
description: Key is the taint key applied to a cluster. e.g.
bar or foo.example.com/bar. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
Key is the taint key applied to a cluster. e.g. bar or foo.example.com/bar.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -167,24 +177,25 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Capacity represents the total resource capacity from
all nodeStatuses on the managed cluster.
description: |-
Capacity represents the total resource capacity from all nodeStatuses
on the managed cluster.
type: object
clusterClaims:
description: ClusterClaims represents cluster information that a managed
cluster claims, for example a unique cluster identifier (id.k8s.io)
and kubernetes version (kubeversion.open-cluster-management.io).
They are written from the managed cluster. The set of claims is
not uniform across a fleet, some claims can be vendor or version
specific and may not be included from all managed clusters.
description: |-
ClusterClaims represents cluster information that a managed cluster claims,
for example a unique cluster identifier (id.k8s.io) and kubernetes version
(kubeversion.open-cluster-management.io). They are written from the managed
cluster. The set of claims is not uniform across a fleet, some claims can be
vendor or version specific and may not be included from all managed clusters.
items:
description: ManagedClusterClaim represents a ClusterClaim collected
from a managed cluster.
properties:
name:
description: Name is the name of a ClusterClaim resource on
managed cluster. It's a well known or customized name to identify
the claim.
description: |-
Name is the name of a ClusterClaim resource on managed cluster. It's a well known
or customized name to identify the claim.
maxLength: 253
minLength: 1
type: string
@@ -200,42 +211,42 @@ spec:
for this managed cluster.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -249,11 +260,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

144
manifests/cluster-manager/hub/0000_00_clusters.open-cluster-management.io_managedclustersets.crd.yaml
View File

@@ -25,28 +25,35 @@ spec:
name: v1beta2
schema:
openAPIV3Schema:
description: "ManagedClusterSet defines a group of ManagedClusters that you
can run workloads on. You can define a workload to be deployed on a ManagedClusterSet.
See the following options for the workload: - The workload can run on any
ManagedCluster in the ManagedClusterSet - The workload cannot run on any
ManagedCluster outside the ManagedClusterSet - The service exposed by the
workload can be shared in any ManagedCluster in the ManagedClusterSet \n
To assign a ManagedCluster to a certain ManagedClusterSet, add a label with
the name cluster.open-cluster-management.io/clusterset on the ManagedCluster
to refer to the ManagedClusterSet. You are not allowed to add or remove
this label on a ManagedCluster unless you have an RBAC rule to CREATE on
a virtual subresource of managedclustersets/join. To update this label,
you must have the permission on both the old and new ManagedClusterSet."
description: |-
ManagedClusterSet defines a group of ManagedClusters that you can run
workloads on. You can define a workload to be deployed on a ManagedClusterSet. See the following options for the workload:
- The workload can run on any ManagedCluster in the ManagedClusterSet
- The workload cannot run on any ManagedCluster outside the ManagedClusterSet
- The service exposed by the workload can be shared in any ManagedCluster in the ManagedClusterSet
To assign a ManagedCluster to a certain ManagedClusterSet, add a label with the name cluster.open-cluster-management.io/clusterset
on the ManagedCluster to refer to the ManagedClusterSet. You are not
allowed to add or remove this label on a ManagedCluster unless you have an
RBAC rule to CREATE on a virtual subresource of managedclustersets/join.
To update this label, you must have the permission on both
the old and new ManagedClusterSet.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -69,51 +76,51 @@ spec:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
selectorType:
default: ExclusiveClusterSetLabel
description: SelectorType could only be "ExclusiveClusterSetLabel"
or "LabelSelector" "ExclusiveClusterSetLabel" means to use label
"cluster.open-cluster-management.io/clusterset:<ManagedClusterSet
Name>"" to select target clusters. "LabelSelector" means use
labelSelector to select target managedClusters
description: |-
SelectorType could only be "ExclusiveClusterSetLabel" or "LabelSelector"
"ExclusiveClusterSetLabel" means to use label "cluster.open-cluster-management.io/clusterset:<ManagedClusterSet Name>"" to select target clusters.
"LabelSelector" means use labelSelector to select target managedClusters
enum:
- ExclusiveClusterSetLabel
- LabelSelector
@@ -128,42 +135,42 @@ spec:
for this ManagedClusterSet.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -177,11 +184,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

532
manifests/cluster-manager/hub/0000_00_work.open-cluster-management.io_manifestworkreplicasets.crd.yaml
View File

@@ -34,22 +34,26 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: ManifestWorkReplicaSet is the Schema for the ManifestWorkReplicaSet
API. This custom resource is able to apply ManifestWork using Placement
for 0..n ManagedCluster(in their namespaces). It will also remove the ManifestWork
custom resources when deleted. Lastly the specific ManifestWork custom resources
created per ManagedCluster namespace will be adjusted based on PlacementDecision
description: |-
ManifestWorkReplicaSet is the Schema for the ManifestWorkReplicaSet API. This custom resource is able to apply
ManifestWork using Placement for 0..n ManagedCluster(in their namespaces). It will also remove the ManifestWork custom resources
when deleted. Lastly the specific ManifestWork custom resources created per ManagedCluster namespace will be adjusted based on PlacementDecision
changes.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -62,21 +66,20 @@ spec:
be used to generate a per-cluster ManifestWork
properties:
deleteOption:
description: DeleteOption represents deletion strategy when the
manifestwork is deleted. Foreground deletion strategy is applied
to all the resource in this manifestwork if it is not set.
description: |-
DeleteOption represents deletion strategy when the manifestwork is deleted.
Foreground deletion strategy is applied to all the resource in this manifestwork if it is not set.
properties:
propagationPolicy:
default: Foreground
description: propagationPolicy can be Foreground, Orphan or
SelectivelyOrphan SelectivelyOrphan should be rarely used. It
is provided for cases where particular resources is transfering
ownership from one ManifestWork to another or another management
unit. Setting this value will allow a flow like 1. create
manifestwork/2 to manage foo 2. update manifestwork/1 to
selectively orphan foo 3. remove foo from manifestwork/1
without impacting continuity because manifestwork/2 adopts
it.
description: |-
propagationPolicy can be Foreground, Orphan or SelectivelyOrphan
SelectivelyOrphan should be rarely used. It is provided for cases where particular resources is transfering
ownership from one ManifestWork to another or another management unit.
Setting this value will allow a flow like
1. create manifestwork/2 to manage foo
2. update manifestwork/1 to selectively orphan foo
3. remove foo from manifestwork/1 without impacting continuity because manifestwork/2 adopts it.
enum:
- Foreground
- Orphan
@@ -87,26 +90,26 @@ spec:
following orphan deletion stratecy
properties:
orphaningRules:
description: orphaningRules defines a slice of orphaningrule.
Each orphaningrule identifies a single resource included
in this manifestwork
description: |-
orphaningRules defines a slice of orphaningrule.
Each orphaningrule identifies a single resource included in this manifestwork
items:
description: OrphaningRule identifies a single resource
included in this manifestwork to be orphaned
properties:
group:
description: Group is the API Group of the Kubernetes
resource, empty string indicates it is in core
group.
description: |-
Group is the API Group of the Kubernetes resource,
empty string indicates it is in core group.
type: string
name:
description: Name is the name of the Kubernetes
resource.
type: string
namespace:
description: Name is the namespace of the Kubernetes
resource, empty string indicates it is a cluster
scoped resource.
description: |-
Name is the namespace of the Kubernetes resource, empty string indicates
it is a cluster scoped resource.
type: string
resource:
description: Resource is the resource name of the
@@ -120,23 +123,22 @@ spec:
type: object
type: object
executor:
description: Executor is the configuration that makes the work
agent to perform some pre-request processing/checking. e.g.
the executor identity tells the work agent to check the executor
has sufficient permission to write the workloads to the local
managed cluster. Note that nil executor is still supported for
backward-compatibility which indicates that the work agent will
not perform any additional actions before applying resources.
description: |-
Executor is the configuration that makes the work agent to perform some pre-request processing/checking.
e.g. the executor identity tells the work agent to check the executor has sufficient permission to write
the workloads to the local managed cluster.
Note that nil executor is still supported for backward-compatibility which indicates that the work agent
will not perform any additional actions before applying resources.
properties:
subject:
description: Subject is the subject identity which the work
agent uses to talk to the local cluster when applying the
resources.
description: |-
Subject is the subject identity which the work agent uses to talk to the
local cluster when applying the resources.
properties:
serviceAccount:
description: ServiceAccount is for identifying which service
account to use by the work agent. Only required if the
type is "ServiceAccount".
description: |-
ServiceAccount is for identifying which service account to use by the work agent.
Only required if the type is "ServiceAccount".
properties:
name:
description: Name is the name of the service account.
@@ -156,8 +158,9 @@ spec:
- namespace
type: object
type:
description: 'Type is the type of the subject identity.
Supported types are: "ServiceAccount".'
description: |-
Type is the type of the subject identity.
Supported types are: "ServiceAccount".
enum:
- ServiceAccount
type: string
@@ -173,9 +176,9 @@ spec:
of a manifest defined in workload field.
properties:
feedbackRules:
description: FeedbackRules defines what resource status
field should be returned. If it is not set or empty, no
feedback rules will be honored.
description: |-
FeedbackRules defines what resource status field should be returned. If it is not set or empty,
no feedback rules will be honored.
items:
properties:
jsonPaths:
@@ -188,22 +191,19 @@ spec:
for this field
type: string
path:
description: Path represents the json path of
the field under status. The path must point
to a field with single value in the type of
integer, bool or string. If the path points
to a non-existing field, no value will be
returned. If the path points to a structure,
map or slice, no value will be returned and
the status conddition of StatusFeedBackSynced
will be set as false. Ref to https://kubernetes.io/docs/reference/kubectl/jsonpath/
on how to write a jsonPath.
description: |-
Path represents the json path of the field under status.
The path must point to a field with single value in the type of integer, bool or string.
If the path points to a non-existing field, no value will be returned.
If the path points to a structure, map or slice, no value will be returned and the status conddition
of StatusFeedBackSynced will be set as false.
Ref to https://kubernetes.io/docs/reference/kubectl/jsonpath/ on how to write a jsonPath.
type: string
version:
description: Version is the version of the Kubernetes
resource. If it is not specified, the resource
with the semantically latest version is used
to resolve the path.
description: |-
Version is the version of the Kubernetes resource.
If it is not specified, the resource with the semantically latest version is
used to resolve the path.
type: string
required:
- name
@@ -211,14 +211,13 @@ spec:
type: object
type: array
type:
description: Type defines the option of how status
can be returned. It can be jsonPaths or wellKnownStatus.
If the type is JSONPaths, user should specify the
jsonPaths field If the type is WellKnownStatus,
certain common fields of status defined by a rule
only for types in in k8s.io/api and open-cluster-management/api
will be reported, If these status fields do not
exist, no values will be reported.
description: |-
Type defines the option of how status can be returned.
It can be jsonPaths or wellKnownStatus.
If the type is JSONPaths, user should specify the jsonPaths field
If the type is WellKnownStatus, certain common fields of status defined by a rule only
for types in in k8s.io/api and open-cluster-management/api will be reported,
If these status fields do not exist, no values will be reported.
enum:
- WellKnownStatus
- JSONPaths
@@ -228,22 +227,22 @@ spec:
type: object
type: array
resourceIdentifier:
description: ResourceIdentifier represents the group, resource,
name and namespace of a resoure. iff this refers to a
resource not created by this manifest work, the related
rules will not be executed.
description: |-
ResourceIdentifier represents the group, resource, name and namespace of a resoure.
iff this refers to a resource not created by this manifest work, the related rules will not be executed.
properties:
group:
description: Group is the API Group of the Kubernetes
resource, empty string indicates it is in core group.
description: |-
Group is the API Group of the Kubernetes resource,
empty string indicates it is in core group.
type: string
name:
description: Name is the name of the Kubernetes resource.
type: string
namespace:
description: Name is the namespace of the Kubernetes
resource, empty string indicates it is a cluster scoped
resource.
description: |-
Name is the namespace of the Kubernetes resource, empty string indicates
it is a cluster scoped resource.
type: string
resource:
description: Resource is the resource name of the Kubernetes
@@ -254,19 +253,20 @@ spec:
- resource
type: object
updateStrategy:
description: UpdateStrategy defines the strategy to update
this manifest. UpdateStrategy is Update if it is not set.
description: |-
UpdateStrategy defines the strategy to update this manifest. UpdateStrategy is Update
if it is not set.
properties:
serverSideApply:
description: serverSideApply defines the configuration
for server side apply. It is honored only when type
of updateStrategy is ServerSideApply
description: |-
serverSideApply defines the configuration for server side apply. It is honored only when
type of updateStrategy is ServerSideApply
properties:
fieldManager:
default: work-agent
description: FieldManager is the manager to apply
the resource. It is work-agent by default, but
can be other name with work-agent as the prefix.
description: |-
FieldManager is the manager to apply the resource. It is work-agent by default, but can be other name with work-agent
as the prefix.
pattern: ^work-agent
type: string
force:
@@ -276,17 +276,15 @@ spec:
type: object
type:
default: Update
description: type defines the strategy to update this
manifest, default value is Update. Update type means
to update resource by an update call. CreateOnly type
means do not update resource based on current manifest.
ServerSideApply type means to update resource using
server side apply with work-controller as the field
manager. If there is conflict, the related Applied
condition of manifest will be in the status of False
with the reason of ApplyConflict. ReadOnly type means
the agent will only check the existence of the resource
based on its metadata.
description: |-
type defines the strategy to update this manifest, default value is Update.
Update type means to update resource by an update call.
CreateOnly type means do not update resource based on current manifest.
ServerSideApply type means to update resource using server side apply with work-controller as the field manager.
If there is conflict, the related Applied condition of manifest will be in the status of False with the
reason of ApplyConflict.
ReadOnly type means the agent will only check the existence of the resource based on its metadata,
statusFeedBackRules can still be used to get feedbackResults.
enum:
- Update
- CreateOnly
@@ -317,8 +315,8 @@ spec:
type: object
type: object
placementRefs:
description: PacementRefs is a list of the names of the Placement
resource, from which a PlacementDecision will be found and used
description: |-
PacementRefs is a list of the names of the Placement resource, from which a PlacementDecision will be found and used
to distribute the ManifestWork.
items:
description: localPlacementReference is the name of a Placement
@@ -345,49 +343,41 @@ spec:
- type: integer
- type: string
default: 0
description: MaxFailures is a percentage or number of
clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster
has a failed status or timeout status (does not reach
successful status after ProgressDeadline). Once the
MaxFailures is breached, the rollout will stop. MaxFailures
is only considered for rollout types Progressive and
ProgressivePerGroup. For Progressive, this is considered
over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current
group. For both Progressive and ProgressivePerGroup,
the MaxFailures does not apply for MandatoryDecisionGroups,
which tolerate no failures. Default is that no failures
are tolerated.
description: |-
MaxFailures is a percentage or number of clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster has a failed status or timeout status
(does not reach successful status after ProgressDeadline).
Once the MaxFailures is breached, the rollout will stop.
MaxFailures is only considered for rollout types Progressive and ProgressivePerGroup. For
Progressive, this is considered over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current group. For both Progressive and
ProgressivePerGroup, the MaxFailures does not apply for MandatoryDecisionGroups, which tolerate
no failures.
Default is that no failures are tolerated.
pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
x-kubernetes-int-or-string: true
minSuccessTime:
default: "0"
description: MinSuccessTime is a "soak" time. In other
words, the minimum amount of time the workload applier
controller will wait from the start of each rollout
before proceeding (assuming a successful state has
been reached and MaxFailures wasn't breached). MinSuccessTime
is only considered for rollout types Progressive and
ProgressivePerGroup. The default value is 0 meaning
the workload applier proceeds immediately after a
successful state is reached. MinSuccessTime must be
defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h
, 90m , 360s
description: |-
MinSuccessTime is a "soak" time. In other words, the minimum amount of time the workload
applier controller will wait from the start of each rollout before proceeding (assuming a
successful state has been reached and MaxFailures wasn't breached).
MinSuccessTime is only considered for rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier proceeds immediately after a successful
state is reached.
MinSuccessTime must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
type: string
progressDeadline:
default: None
description: ProgressDeadline defines how long workload
applier controller will wait for the workload to reach
a successful state in the cluster. If the workload
does not reach a successful state after ProgressDeadline,
will stop waiting and workload will be treated as
"timeout" and be counted into MaxFailures. Once the
MaxFailures is breached, the rollout will stop. ProgressDeadline
default value is "None", meaning the workload applier
will wait for a successful state indefinitely. ProgressDeadline
must be defined in [0-9h]|[0-9m]|[0-9s] format examples;
2h , 90m , 360s
description: |-
ProgressDeadline defines how long workload applier controller will wait for the workload to
reach a successful state in the cluster.
If the workload does not reach a successful state after ProgressDeadline, will stop waiting
and workload will be treated as "timeout" and be counted into MaxFailures. Once the MaxFailures
is breached, the rollout will stop.
ProgressDeadline default value is "None", meaning the workload applier will wait for a
successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
pattern: ^(([0-9])+[h|m|s])|None$
type: string
type: object
@@ -396,26 +386,26 @@ spec:
type Progressive
properties:
mandatoryDecisionGroups:
description: List of the decision groups names or indexes
to apply the workload first and fail if workload did
not reach successful state. GroupName or GroupIndex
must match with the decisionGroups defined in the
placement's decisionStrategy
description: |-
List of the decision groups names or indexes to apply the workload first and fail if workload
did not reach successful state.
GroupName or GroupIndex must match with the decisionGroups defined in the placement's
decisionStrategy
items:
description: MandatoryDecisionGroup set the decision
group name or group index. GroupName is considered
first to select the decisionGroups then GroupIndex.
description: |-
MandatoryDecisionGroup set the decision group name or group index.
GroupName is considered first to select the decisionGroups then GroupIndex.
properties:
groupIndex:
description: GroupIndex of the decision group
should match the placementDecisions label value
with label key cluster.open-cluster-management.io/decision-group-index
description: |-
GroupIndex of the decision group should match the placementDecisions label value with label key
cluster.open-cluster-management.io/decision-group-index
format: int32
type: integer
groupName:
description: GroupName of the decision group should
match the placementDecisions label value with
label key cluster.open-cluster-management.io/decision-group-name
description: |-
GroupName of the decision group should match the placementDecisions label value with label key
cluster.open-cluster-management.io/decision-group-name
type: string
type: object
type: array
@@ -423,10 +413,10 @@ spec:
anyOf:
- type: integer
- type: string
description: MaxConcurrency is the max number of clusters
to deploy workload concurrently. The default value
for MaxConcurrency is determined from the clustersPerDecisionGroup
defined in the placement->DecisionStrategy.
description: |-
MaxConcurrency is the max number of clusters to deploy workload concurrently. The default value
for MaxConcurrency is determined from the clustersPerDecisionGroup defined in the
placement->DecisionStrategy.
pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
x-kubernetes-int-or-string: true
maxFailures:
@@ -434,49 +424,41 @@ spec:
- type: integer
- type: string
default: 0
description: MaxFailures is a percentage or number of
clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster
has a failed status or timeout status (does not reach
successful status after ProgressDeadline). Once the
MaxFailures is breached, the rollout will stop. MaxFailures
is only considered for rollout types Progressive and
ProgressivePerGroup. For Progressive, this is considered
over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current
group. For both Progressive and ProgressivePerGroup,
the MaxFailures does not apply for MandatoryDecisionGroups,
which tolerate no failures. Default is that no failures
are tolerated.
description: |-
MaxFailures is a percentage or number of clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster has a failed status or timeout status
(does not reach successful status after ProgressDeadline).
Once the MaxFailures is breached, the rollout will stop.
MaxFailures is only considered for rollout types Progressive and ProgressivePerGroup. For
Progressive, this is considered over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current group. For both Progressive and
ProgressivePerGroup, the MaxFailures does not apply for MandatoryDecisionGroups, which tolerate
no failures.
Default is that no failures are tolerated.
pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
x-kubernetes-int-or-string: true
minSuccessTime:
default: "0"
description: MinSuccessTime is a "soak" time. In other
words, the minimum amount of time the workload applier
controller will wait from the start of each rollout
before proceeding (assuming a successful state has
been reached and MaxFailures wasn't breached). MinSuccessTime
is only considered for rollout types Progressive and
ProgressivePerGroup. The default value is 0 meaning
the workload applier proceeds immediately after a
successful state is reached. MinSuccessTime must be
defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h
, 90m , 360s
description: |-
MinSuccessTime is a "soak" time. In other words, the minimum amount of time the workload
applier controller will wait from the start of each rollout before proceeding (assuming a
successful state has been reached and MaxFailures wasn't breached).
MinSuccessTime is only considered for rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier proceeds immediately after a successful
state is reached.
MinSuccessTime must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
type: string
progressDeadline:
default: None
description: ProgressDeadline defines how long workload
applier controller will wait for the workload to reach
a successful state in the cluster. If the workload
does not reach a successful state after ProgressDeadline,
will stop waiting and workload will be treated as
"timeout" and be counted into MaxFailures. Once the
MaxFailures is breached, the rollout will stop. ProgressDeadline
default value is "None", meaning the workload applier
will wait for a successful state indefinitely. ProgressDeadline
must be defined in [0-9h]|[0-9m]|[0-9s] format examples;
2h , 90m , 360s
description: |-
ProgressDeadline defines how long workload applier controller will wait for the workload to
reach a successful state in the cluster.
If the workload does not reach a successful state after ProgressDeadline, will stop waiting
and workload will be treated as "timeout" and be counted into MaxFailures. Once the MaxFailures
is breached, the rollout will stop.
ProgressDeadline default value is "None", meaning the workload applier will wait for a
successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
pattern: ^(([0-9])+[h|m|s])|None$
type: string
type: object
@@ -485,26 +467,26 @@ spec:
for RolloutStrategy type ProgressivePerGroup
properties:
mandatoryDecisionGroups:
description: List of the decision groups names or indexes
to apply the workload first and fail if workload did
not reach successful state. GroupName or GroupIndex
must match with the decisionGroups defined in the
placement's decisionStrategy
description: |-
List of the decision groups names or indexes to apply the workload first and fail if workload
did not reach successful state.
GroupName or GroupIndex must match with the decisionGroups defined in the placement's
decisionStrategy
items:
description: MandatoryDecisionGroup set the decision
group name or group index. GroupName is considered
first to select the decisionGroups then GroupIndex.
description: |-
MandatoryDecisionGroup set the decision group name or group index.
GroupName is considered first to select the decisionGroups then GroupIndex.
properties:
groupIndex:
description: GroupIndex of the decision group
should match the placementDecisions label value
with label key cluster.open-cluster-management.io/decision-group-index
description: |-
GroupIndex of the decision group should match the placementDecisions label value with label key
cluster.open-cluster-management.io/decision-group-index
format: int32
type: integer
groupName:
description: GroupName of the decision group should
match the placementDecisions label value with
label key cluster.open-cluster-management.io/decision-group-name
description: |-
GroupName of the decision group should match the placementDecisions label value with label key
cluster.open-cluster-management.io/decision-group-name
type: string
type: object
type: array
@@ -513,49 +495,41 @@ spec:
- type: integer
- type: string
default: 0
description: MaxFailures is a percentage or number of
clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster
has a failed status or timeout status (does not reach
successful status after ProgressDeadline). Once the
MaxFailures is breached, the rollout will stop. MaxFailures
is only considered for rollout types Progressive and
ProgressivePerGroup. For Progressive, this is considered
over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current
group. For both Progressive and ProgressivePerGroup,
the MaxFailures does not apply for MandatoryDecisionGroups,
which tolerate no failures. Default is that no failures
are tolerated.
description: |-
MaxFailures is a percentage or number of clusters in the current rollout that can fail before
proceeding to the next rollout. Fail means the cluster has a failed status or timeout status
(does not reach successful status after ProgressDeadline).
Once the MaxFailures is breached, the rollout will stop.
MaxFailures is only considered for rollout types Progressive and ProgressivePerGroup. For
Progressive, this is considered over the total number of clusters. For ProgressivePerGroup,
this is considered according to the size of the current group. For both Progressive and
ProgressivePerGroup, the MaxFailures does not apply for MandatoryDecisionGroups, which tolerate
no failures.
Default is that no failures are tolerated.
pattern: ^((100|[0-9]{1,2})%|[0-9]+)$
x-kubernetes-int-or-string: true
minSuccessTime:
default: "0"
description: MinSuccessTime is a "soak" time. In other
words, the minimum amount of time the workload applier
controller will wait from the start of each rollout
before proceeding (assuming a successful state has
been reached and MaxFailures wasn't breached). MinSuccessTime
is only considered for rollout types Progressive and
ProgressivePerGroup. The default value is 0 meaning
the workload applier proceeds immediately after a
successful state is reached. MinSuccessTime must be
defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h
, 90m , 360s
description: |-
MinSuccessTime is a "soak" time. In other words, the minimum amount of time the workload
applier controller will wait from the start of each rollout before proceeding (assuming a
successful state has been reached and MaxFailures wasn't breached).
MinSuccessTime is only considered for rollout types Progressive and ProgressivePerGroup.
The default value is 0 meaning the workload applier proceeds immediately after a successful
state is reached.
MinSuccessTime must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
type: string
progressDeadline:
default: None
description: ProgressDeadline defines how long workload
applier controller will wait for the workload to reach
a successful state in the cluster. If the workload
does not reach a successful state after ProgressDeadline,
will stop waiting and workload will be treated as
"timeout" and be counted into MaxFailures. Once the
MaxFailures is breached, the rollout will stop. ProgressDeadline
default value is "None", meaning the workload applier
will wait for a successful state indefinitely. ProgressDeadline
must be defined in [0-9h]|[0-9m]|[0-9s] format examples;
2h , 90m , 360s
description: |-
ProgressDeadline defines how long workload applier controller will wait for the workload to
reach a successful state in the cluster.
If the workload does not reach a successful state after ProgressDeadline, will stop waiting
and workload will be treated as "timeout" and be counted into MaxFailures. Once the MaxFailures
is breached, the rollout will stop.
ProgressDeadline default value is "None", meaning the workload applier will wait for a
successful state indefinitely.
ProgressDeadline must be defined in [0-9h]|[0-9m]|[0-9s] format examples; 2h , 90m , 360s
pattern: ^(([0-9])+[h|m|s])|None$
type: string
type: object
@@ -580,48 +554,49 @@ spec:
resources
properties:
conditions:
description: 'Conditions contains the different condition statuses
for distrbution of ManifestWork resources Valid condition types
are: 1. AppliedManifestWorks represents ManifestWorks have been
distributed as per placement All, Partial, None, Problem 2. PlacementRefValid'
description: |-
Conditions contains the different condition statuses for distrbution of ManifestWork resources
Valid condition types are:
1. AppliedManifestWorks represents ManifestWorks have been distributed as per placement All, Partial, None, Problem
2. PlacementRefValid
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -635,11 +610,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -658,9 +634,9 @@ spec:
and clusterGroups selected by the placement refs.
properties:
availableDecisionGroups:
description: availableDecisionGroups shows number of decisionGroups
that have all clusters manifestWorks in available state regards
total number of decisionGroups. ex; 2/4 (2 out of 4)
description: |-
availableDecisionGroups shows number of decisionGroups that have all clusters manifestWorks in available state regards total number of decisionGroups.
ex; 2/4 (2 out of 4)
type: string
name:
description: PlacementRef Name

373
manifests/cluster-manager/hub/0000_00_work.open-cluster-management.io_manifestworks.crd.yaml
View File

@@ -15,21 +15,27 @@ spec:
- name: v1
schema:
openAPIV3Schema:
description: ManifestWork represents a manifests workload that hub wants to
deploy on the managed cluster. A manifest workload is defined as a set of
Kubernetes resources. ManifestWork must be created in the cluster namespace
on the hub, so that agent on the corresponding managed cluster can access
this resource and deploy on the managed cluster.
description: |-
ManifestWork represents a manifests workload that hub wants to deploy on the managed cluster.
A manifest workload is defined as a set of Kubernetes resources.
ManifestWork must be created in the cluster namespace on the hub, so that agent on the
corresponding managed cluster can access this resource and deploy on the managed
cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -38,20 +44,20 @@ spec:
on the managed cluster.
properties:
deleteOption:
description: DeleteOption represents deletion strategy when the manifestwork
is deleted. Foreground deletion strategy is applied to all the resource
in this manifestwork if it is not set.
description: |-
DeleteOption represents deletion strategy when the manifestwork is deleted.
Foreground deletion strategy is applied to all the resource in this manifestwork if it is not set.
properties:
propagationPolicy:
default: Foreground
description: propagationPolicy can be Foreground, Orphan or SelectivelyOrphan
SelectivelyOrphan should be rarely used. It is provided for
cases where particular resources is transfering ownership from
one ManifestWork to another or another management unit. Setting
this value will allow a flow like 1. create manifestwork/2 to
manage foo 2. update manifestwork/1 to selectively orphan foo
3. remove foo from manifestwork/1 without impacting continuity
because manifestwork/2 adopts it.
description: |-
propagationPolicy can be Foreground, Orphan or SelectivelyOrphan
SelectivelyOrphan should be rarely used. It is provided for cases where particular resources is transfering
ownership from one ManifestWork to another or another management unit.
Setting this value will allow a flow like
1. create manifestwork/2 to manage foo
2. update manifestwork/1 to selectively orphan foo
3. remove foo from manifestwork/1 without impacting continuity because manifestwork/2 adopts it.
enum:
- Foreground
- Orphan
@@ -62,24 +68,25 @@ spec:
following orphan deletion stratecy
properties:
orphaningRules:
description: orphaningRules defines a slice of orphaningrule.
Each orphaningrule identifies a single resource included
in this manifestwork
description: |-
orphaningRules defines a slice of orphaningrule.
Each orphaningrule identifies a single resource included in this manifestwork
items:
description: OrphaningRule identifies a single resource
included in this manifestwork to be orphaned
properties:
group:
description: Group is the API Group of the Kubernetes
resource, empty string indicates it is in core group.
description: |-
Group is the API Group of the Kubernetes resource,
empty string indicates it is in core group.
type: string
name:
description: Name is the name of the Kubernetes resource.
type: string
namespace:
description: Name is the namespace of the Kubernetes
resource, empty string indicates it is a cluster scoped
resource.
description: |-
Name is the namespace of the Kubernetes resource, empty string indicates
it is a cluster scoped resource.
type: string
resource:
description: Resource is the resource name of the Kubernetes
@@ -93,22 +100,22 @@ spec:
type: object
type: object
executor:
description: Executor is the configuration that makes the work agent
to perform some pre-request processing/checking. e.g. the executor
identity tells the work agent to check the executor has sufficient
permission to write the workloads to the local managed cluster.
Note that nil executor is still supported for backward-compatibility
which indicates that the work agent will not perform any additional
actions before applying resources.
description: |-
Executor is the configuration that makes the work agent to perform some pre-request processing/checking.
e.g. the executor identity tells the work agent to check the executor has sufficient permission to write
the workloads to the local managed cluster.
Note that nil executor is still supported for backward-compatibility which indicates that the work agent
will not perform any additional actions before applying resources.
properties:
subject:
description: Subject is the subject identity which the work agent
uses to talk to the local cluster when applying the resources.
description: |-
Subject is the subject identity which the work agent uses to talk to the
local cluster when applying the resources.
properties:
serviceAccount:
description: ServiceAccount is for identifying which service
account to use by the work agent. Only required if the type
is "ServiceAccount".
description: |-
ServiceAccount is for identifying which service account to use by the work agent.
Only required if the type is "ServiceAccount".
properties:
name:
description: Name is the name of the service account.
@@ -128,8 +135,9 @@ spec:
- namespace
type: object
type:
description: 'Type is the type of the subject identity. Supported
types are: "ServiceAccount".'
description: |-
Type is the type of the subject identity.
Supported types are: "ServiceAccount".
enum:
- ServiceAccount
type: string
@@ -145,9 +153,9 @@ spec:
of a manifest defined in workload field.
properties:
feedbackRules:
description: FeedbackRules defines what resource status field
should be returned. If it is not set or empty, no feedback
rules will be honored.
description: |-
FeedbackRules defines what resource status field should be returned. If it is not set or empty,
no feedback rules will be honored.
items:
properties:
jsonPaths:
@@ -160,22 +168,19 @@ spec:
this field
type: string
path:
description: Path represents the json path of the
field under status. The path must point to a field
with single value in the type of integer, bool
or string. If the path points to a non-existing
field, no value will be returned. If the path
points to a structure, map or slice, no value
will be returned and the status conddition of
StatusFeedBackSynced will be set as false. Ref
to https://kubernetes.io/docs/reference/kubectl/jsonpath/
on how to write a jsonPath.
description: |-
Path represents the json path of the field under status.
The path must point to a field with single value in the type of integer, bool or string.
If the path points to a non-existing field, no value will be returned.
If the path points to a structure, map or slice, no value will be returned and the status conddition
of StatusFeedBackSynced will be set as false.
Ref to https://kubernetes.io/docs/reference/kubectl/jsonpath/ on how to write a jsonPath.
type: string
version:
description: Version is the version of the Kubernetes
resource. If it is not specified, the resource
with the semantically latest version is used to
resolve the path.
description: |-
Version is the version of the Kubernetes resource.
If it is not specified, the resource with the semantically latest version is
used to resolve the path.
type: string
required:
- name
@@ -183,14 +188,13 @@ spec:
type: object
type: array
type:
description: Type defines the option of how status can
be returned. It can be jsonPaths or wellKnownStatus.
If the type is JSONPaths, user should specify the jsonPaths
field If the type is WellKnownStatus, certain common
fields of status defined by a rule only for types in
in k8s.io/api and open-cluster-management/api will be
reported, If these status fields do not exist, no values
will be reported.
description: |-
Type defines the option of how status can be returned.
It can be jsonPaths or wellKnownStatus.
If the type is JSONPaths, user should specify the jsonPaths field
If the type is WellKnownStatus, certain common fields of status defined by a rule only
for types in in k8s.io/api and open-cluster-management/api will be reported,
If these status fields do not exist, no values will be reported.
enum:
- WellKnownStatus
- JSONPaths
@@ -200,21 +204,22 @@ spec:
type: object
type: array
resourceIdentifier:
description: ResourceIdentifier represents the group, resource,
name and namespace of a resoure. iff this refers to a resource
not created by this manifest work, the related rules will
not be executed.
description: |-
ResourceIdentifier represents the group, resource, name and namespace of a resoure.
iff this refers to a resource not created by this manifest work, the related rules will not be executed.
properties:
group:
description: Group is the API Group of the Kubernetes resource,
description: |-
Group is the API Group of the Kubernetes resource,
empty string indicates it is in core group.
type: string
name:
description: Name is the name of the Kubernetes resource.
type: string
namespace:
description: Name is the namespace of the Kubernetes resource,
empty string indicates it is a cluster scoped resource.
description: |-
Name is the namespace of the Kubernetes resource, empty string indicates
it is a cluster scoped resource.
type: string
resource:
description: Resource is the resource name of the Kubernetes
@@ -225,19 +230,20 @@ spec:
- resource
type: object
updateStrategy:
description: UpdateStrategy defines the strategy to update this
manifest. UpdateStrategy is Update if it is not set.
description: |-
UpdateStrategy defines the strategy to update this manifest. UpdateStrategy is Update
if it is not set.
properties:
serverSideApply:
description: serverSideApply defines the configuration for
server side apply. It is honored only when type of updateStrategy
is ServerSideApply
description: |-
serverSideApply defines the configuration for server side apply. It is honored only when
type of updateStrategy is ServerSideApply
properties:
fieldManager:
default: work-agent
description: FieldManager is the manager to apply the
resource. It is work-agent by default, but can be
other name with work-agent as the prefix.
description: |-
FieldManager is the manager to apply the resource. It is work-agent by default, but can be other name with work-agent
as the prefix.
pattern: ^work-agent
type: string
force:
@@ -246,16 +252,15 @@ spec:
type: object
type:
default: Update
description: type defines the strategy to update this manifest,
default value is Update. Update type means to update resource
by an update call. CreateOnly type means do not update
resource based on current manifest. ServerSideApply type
means to update resource using server side apply with
work-controller as the field manager. If there is conflict,
the related Applied condition of manifest will be in the
status of False with the reason of ApplyConflict. ReadOnly
type means the agent will only check the existence of
the resource based on its metadata.
description: |-
type defines the strategy to update this manifest, default value is Update.
Update type means to update resource by an update call.
CreateOnly type means do not update resource based on current manifest.
ServerSideApply type means to update resource using server side apply with work-controller as the field manager.
If there is conflict, the related Applied condition of manifest will be in the status of False with the
reason of ApplyConflict.
ReadOnly type means the agent will only check the existence of the resource based on its metadata,
statusFeedBackRules can still be used to get feedbackResults.
enum:
- Update
- CreateOnly
@@ -289,52 +294,52 @@ spec:
description: Status represents the current status of work.
properties:
conditions:
description: 'Conditions contains the different condition statuses
for this work. Valid condition types are: 1. Applied represents
workload in ManifestWork is applied successfully on managed cluster.
2. Progressing represents workload in ManifestWork is being applied
on managed cluster. 3. Available represents workload in ManifestWork
exists on the managed cluster. 4. Degraded represents the current
state of workload does not match the desired state for a certain
period.'
description: |-
Conditions contains the different condition statuses for this work.
Valid condition types are:
1. Applied represents workload in ManifestWork is applied successfully on managed cluster.
2. Progressing represents workload in ManifestWork is being applied on managed cluster.
3. Available represents workload in ManifestWork exists on the managed cluster.
4. Degraded represents the current state of workload does not match the desired
state for a certain period.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -348,11 +353,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -365,71 +371,68 @@ spec:
type: object
type: array
resourceStatus:
description: ResourceStatus represents the status of each resource
in manifestwork deployed on a managed cluster. The Klusterlet agent
on managed cluster syncs the condition from the managed cluster
to the hub.
description: |-
ResourceStatus represents the status of each resource in manifestwork deployed on a
managed cluster. The Klusterlet agent on managed cluster syncs the condition from the managed cluster to the hub.
properties:
manifests:
description: 'Manifests represents the condition of manifests
deployed on managed cluster. Valid condition types are: 1. Progressing
represents the resource is being applied on managed cluster.
2. Applied represents the resource is applied successfully on
managed cluster. 3. Available represents the resource exists
on the managed cluster. 4. Degraded represents the current state
of resource does not match the desired state for a certain period.'
description: |-
Manifests represents the condition of manifests deployed on managed cluster.
Valid condition types are:
1. Progressing represents the resource is being applied on managed cluster.
2. Applied represents the resource is applied successfully on managed cluster.
3. Available represents the resource exists on the managed cluster.
4. Degraded represents the current state of resource does not match the desired
state for a certain period.
items:
description: ManifestCondition represents the conditions of
the resources deployed on a managed cluster.
description: |-
ManifestCondition represents the conditions of the resources deployed on a
managed cluster.
properties:
conditions:
description: Conditions represents the conditions of this
resource on a managed cluster.
items:
description: "Condition contains details for one aspect
of the current state of this API Resource. --- This
of the current state of this API Resource.\n---\nThis
struct is intended for direct use as an array at the
field path .status.conditions. For example, \n type
FooStatus struct{ // Represents the observations of
a foo's current state. // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"
// +patchMergeKey=type // +patchStrategy=merge // +listType=map
// +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
field path .status.conditions. For example,\n\n\n\ttype
FooStatus struct{\n\t // Represents the observations
of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t
\ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t
\ // +listType=map\n\t // +listMapKey=type\n\t
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the
condition transitioned from one status to another.
This should be when the underlying condition changed. If
that is not known, then using the time when the
API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty
string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance,
if .metadata.generation is currently 12, but the
.status.conditions[x].observedGeneration is 9, the
condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier
indicating the reason for the condition's last transition.
Producers of specific condition types may define
expected values and meanings for this field, and
whether the values are considered a guaranteed API.
The value should be a CamelCase string. This field
may not be empty.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -443,12 +446,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in
foo.example.com/CamelCase. --- Many .condition.type
values are consistent across resources like Available,
but because arbitrary conditions can be useful (see
.node.status.conditions), the ability to deconflict
is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -502,9 +505,9 @@ spec:
items:
properties:
fieldValue:
description: Value is the value of the status
field. The value of the status field can only
be integer, string or boolean.
description: |-
Value is the value of the status field.
The value of the status field can only be integer, string or boolean.
properties:
boolean:
description: Boolean is bool value when type
@@ -537,8 +540,8 @@ spec:
- type
type: object
name:
description: Name represents the alias name for
this field. It is the same as what is specified
description: |-
Name represents the alias name for this field. It is the same as what is specified
in StatuFeedbackRule in the spec.
type: string
required:

246
manifests/cluster-manager/hub/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml
View File

@@ -28,20 +28,25 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: ManagedClusterAddOn is the Custom Resource object which holds
the current state of an add-on. This object is used by add-on operators
to convey their state. This resource should be created in the ManagedCluster
namespace.
description: |-
ManagedClusterAddOn is the Custom Resource object which holds the current state
of an add-on. This object is used by add-on operators to convey their state.
This resource should be created in the ManagedCluster namespace.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -49,10 +54,11 @@ spec:
description: spec holds configuration that could apply to any operator.
properties:
configs:
description: configs is a list of add-on configurations. In scenario
where the current add-on has its own configurations. An empty list
means there are no default configurations for add-on. The default
is an empty list
description: |-
configs is a list of add-on configurations.
In scenario where the current add-on has its own configurations.
An empty list means there are no default configurations for add-on.
The default is an empty list
items:
properties:
group:
@@ -64,8 +70,9 @@ spec:
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration. If this
field is not set, the configuration is in the cluster scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
resource:
description: resource of the add-on configuration.
@@ -78,33 +85,33 @@ spec:
type: array
installNamespace:
default: open-cluster-management-agent-addon
description: installNamespace is the namespace on the managed cluster
to install the addon agent. If it is not set, open-cluster-management-agent-addon
namespace is used to install the addon agent.
description: |-
installNamespace is the namespace on the managed cluster to install the addon agent.
If it is not set, open-cluster-management-agent-addon namespace is used to install the addon agent.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
type: object
status:
description: status holds the information about the state of an operator. It
is consistent with status information across the Kubernetes ecosystem.
description: |-
status holds the information about the state of an operator. It is consistent with status information across
the Kubernetes ecosystem.
properties:
addOnConfiguration:
description: 'Deprecated: Use configReferences instead. addOnConfiguration
is a reference to configuration information for the add-on. This
resource is used to locate the configuration resource for the add-on.'
description: |-
Deprecated: Use configReferences instead.
addOnConfiguration is a reference to configuration information for the add-on.
This resource is used to locate the configuration resource for the add-on.
properties:
crName:
description: crName is the name of the CR used to configure instances
of the managed add-on. This field should be configured if add-on
CR have a consistent name across the all of the ManagedCluster
instaces.
description: |-
crName is the name of the CR used to configure instances of the managed add-on.
This field should be configured if add-on CR have a consistent name across the all of the ManagedCluster instaces.
type: string
crdName:
description: crdName is the name of the CRD used to configure
instances of the managed add-on. This field should be configured
if the add-on have a CRD that controls the configuration of
the add-on.
description: |-
crdName is the name of the CRD used to configure instances of the managed add-on.
This field should be configured if the add-on have a CRD that controls the configuration of the add-on.
type: string
lastObservedGeneration:
description: lastObservedGeneration is the observed generation
@@ -113,9 +120,9 @@ spec:
type: integer
type: object
addOnMeta:
description: addOnMeta is a reference to the metadata information
for the add-on. This should be same as the addOnMeta for the corresponding
ClusterManagementAddOn resource.
description: |-
addOnMeta is a reference to the metadata information for the add-on.
This should be same as the addOnMeta for the corresponding ClusterManagementAddOn resource.
properties:
description:
description: description represents the detailed description of
@@ -131,42 +138,42 @@ spec:
components for the operator.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -180,11 +187,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -197,13 +205,13 @@ spec:
type: object
type: array
configReferences:
description: configReferences is a list of current add-on configuration
references. This will be overridden by the clustermanagementaddon
configuration references.
description: |-
configReferences is a list of current add-on configuration references.
This will be overridden by the clustermanagementaddon configuration references.
items:
description: ConfigReference is a reference to the current add-on
configuration. This resource is used to locate the configuration
resource for the current add-on.
description: |-
ConfigReference is a reference to the current add-on configuration.
This resource is used to locate the configuration resource for the current add-on.
properties:
desiredConfig:
description: desiredConfig record the desired config spec hash.
@@ -213,9 +221,9 @@ spec:
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration. If this
field is not set, the configuration is in the cluster
scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
specHash:
description: spec hash for an add-on configuration.
@@ -236,9 +244,9 @@ spec:
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration. If this
field is not set, the configuration is in the cluster
scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
specHash:
description: spec hash for an add-on configuration.
@@ -247,8 +255,9 @@ spec:
- name
type: object
lastObservedGeneration:
description: 'Deprecated: Use LastAppliedConfig instead lastObservedGeneration
is the observed generation of the add-on configuration.'
description: |-
Deprecated: Use LastAppliedConfig instead
lastObservedGeneration is the observed generation of the add-on configuration.
format: int64
type: integer
name:
@@ -256,8 +265,9 @@ spec:
minLength: 1
type: string
namespace:
description: namespace of the add-on configuration. If this
field is not set, the configuration is in the cluster scope.
description: |-
namespace of the add-on configuration.
If this field is not set, the configuration is in the cluster scope.
type: string
resource:
description: resource of the add-on configuration.
@@ -269,9 +279,9 @@ spec:
type: object
type: array
healthCheck:
description: healthCheck indicates how to check the healthiness status
of the current addon. It should be set by each addon implementation,
by default, the lease mode will be used.
description: |-
healthCheck indicates how to check the healthiness status of the current addon. It should be
set by each addon implementation, by default, the lease mode will be used.
properties:
mode:
default: Lease
@@ -283,31 +293,25 @@ spec:
type: string
type: object
namespace:
description: namespace is the namespace on the managedcluster to put
registration secret or lease for the addon. It is required when
registration is set or healthcheck mode is Lease.
description: |-
namespace is the namespace on the managedcluster to put registration secret or lease for the addon. It is
required when registration is set or healthcheck mode is Lease.
type: string
registrations:
description: registrations is the configurations for the addon agent
to register to hub. It should be set by each addon controller on
hub to define how the addon agent on managedcluster is registered.
With the registration defined, The addon agent can access to kube
apiserver with kube style API or other endpoints on hub cluster
with client certificate authentication. A csr will be created per
registration configuration. If more than one registrationConfig
is defined, a csr will be created for each registration configuration.
It is not allowed that multiple registrationConfigs have the same
signer name. After the csr is approved on the hub cluster, the klusterlet
agent will create a secret in the installNamespace for the registrationConfig.
If the signerName is "kubernetes.io/kube-apiserver-client", the
secret name will be "{addon name}-hub-kubeconfig" whose contents
includes key/cert and kubeconfig. Otherwise, the secret name will
be "{addon name}-{signer name}-client-cert" whose contents includes
key/cert.
description: |-
registrations is the configurations for the addon agent to register to hub. It should be set by each addon controller
on hub to define how the addon agent on managedcluster is registered. With the registration defined,
The addon agent can access to kube apiserver with kube style API or other endpoints on hub cluster with client
certificate authentication. A csr will be created per registration configuration. If more than one
registrationConfig is defined, a csr will be created for each registration configuration. It is not allowed that
multiple registrationConfigs have the same signer name. After the csr is approved on the hub cluster, the klusterlet
agent will create a secret in the installNamespace for the registrationConfig. If the signerName is
"kubernetes.io/kube-apiserver-client", the secret name will be "{addon name}-hub-kubeconfig" whose contents includes
key/cert and kubeconfig. Otherwise, the secret name will be "{addon name}-{signer name}-client-cert" whose contents includes key/cert.
items:
description: RegistrationConfig defines the configuration of the
addon agent to register to hub. The Klusterlet agent will create
a csr for the addon agent with the registrationConfig.
description: |-
RegistrationConfig defines the configuration of the addon agent to register to hub. The Klusterlet agent will
create a csr for the addon agent with the registrationConfig.
properties:
signerName:
description: signerName is the name of signer that addon agent
@@ -317,12 +321,14 @@ spec:
pattern: ^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$
type: string
subject:
description: 'subject is the user subject of the addon agent
to be registered to the hub. If it is not set, the addon agent
will have the default subject "subject": { "user": "system:open-cluster-management:cluster:{clusterName}:addon:{addonName}:agent:{agentName}",
"groups: ["system:open-cluster-management:cluster:{clusterName}:addon:{addonName}",
"system:open-cluster-management:addon:{addonName}", "system:authenticated"]
}'
description: |-
subject is the user subject of the addon agent to be registered to the hub.
If it is not set, the addon agent will have the default subject
"subject": {
"user": "system:open-cluster-management:cluster:{clusterName}:addon:{addonName}:agent:{agentName}",
"groups: ["system:open-cluster-management:cluster:{clusterName}:addon:{addonName}",
"system:open-cluster-management:addon:{addonName}", "system:authenticated"]
}
properties:
groups:
description: groups is the user group of the addon agent.
@@ -341,10 +347,12 @@ spec:
type: object
type: array
relatedObjects:
description: 'relatedObjects is a list of objects that are "interesting"
or related to this operator. Common uses are: 1. the detailed resource
driving the operator 2. operator namespaces 3. operand namespaces
4. related ClusterManagementAddon resource'
description: |-
relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are:
1. the detailed resource driving the operator
2. operator namespaces
3. operand namespaces
4. related ClusterManagementAddon resource
items:
description: ObjectReference contains enough information to let
you inspect or modify the referred object.
@@ -368,10 +376,10 @@ spec:
type: object
type: array
supportedConfigs:
description: SupportedConfigs is a list of configuration types that
are allowed to override the add-on configurations defined in ClusterManagementAddOn
spec. The default is an empty list, which means the add-on configurations
can not be overridden.
description: |-
SupportedConfigs is a list of configuration types that are allowed to override the add-on configurations defined
in ClusterManagementAddOn spec.
The default is an empty list, which means the add-on configurations can not be overridden.
items:
description: ConfigGroupResource represents the GroupResource of
the add-on configuration

98
manifests/cluster-manager/hub/0000_01_clusters.open-cluster-management.io_managedclustersetbindings.crd.yaml
View File

@@ -18,22 +18,27 @@ spec:
- name: v1beta2
schema:
openAPIV3Schema:
description: ManagedClusterSetBinding projects a ManagedClusterSet into a
certain namespace. You can create a ManagedClusterSetBinding in a namespace
and bind it to a ManagedClusterSet if both have a RBAC rules to CREATE on
the virtual subresource of managedclustersets/bind. Workloads that you create
in the same namespace can only be distributed to ManagedClusters in ManagedClusterSets
that are bound in this namespace by higher-level controllers.
description: |-
ManagedClusterSetBinding projects a ManagedClusterSet into a certain namespace.
You can create a ManagedClusterSetBinding in a namespace and bind it to a
ManagedClusterSet if both have a RBAC rules to CREATE on the virtual subresource of managedclustersets/bind.
Workloads that you create in the same namespace can only be distributed to ManagedClusters
in ManagedClusterSets that are bound in this namespace by higher-level controllers.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -41,11 +46,11 @@ spec:
description: Spec defines the attributes of ManagedClusterSetBinding.
properties:
clusterSet:
description: ClusterSet is the name of the ManagedClusterSet to bind.
It must match the instance name of the ManagedClusterSetBinding
and cannot change once created. User is allowed to set this field
if they have an RBAC rule to CREATE on the virtual subresource of
managedclustersets/bind.
description: |-
ClusterSet is the name of the ManagedClusterSet to bind. It must match the
instance name of the ManagedClusterSetBinding and cannot change once created.
User is allowed to set this field if they have an RBAC rule to CREATE on the
virtual subresource of managedclustersets/bind.
minLength: 1
type: string
type: object
@@ -57,42 +62,42 @@ spec:
for this ManagedClusterSetBinding.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -106,11 +111,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

133
manifests/cluster-manager/hub/0000_02_addon.open-cluster-management.io_addondeploymentconfigs.crd.yaml
View File

@@ -15,19 +15,24 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: AddOnDeploymentConfig represents a configuration to customize
the deployments of an add-on. For example, you can specify the NodePlacement
to control the scheduling of the add-on agents.
description: |-
AddOnDeploymentConfig represents a configuration to customize the deployments of an add-on.
For example, you can specify the NodePlacement to control the scheduling of the add-on agents.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -42,10 +47,10 @@ spec:
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
customizedVariables:
description: CustomizedVariables is a list of name-value variables
for the current add-on deployment. The add-on implementation can
use these variables to render its add-on deployment. The default
is an empty list.
description: |-
CustomizedVariables is a list of name-value variables for the current add-on deployment.
The add-on implementation can use these variables to render its add-on deployment.
The default is an empty list.
items:
description: CustomizedVariable represents a customized variable
for add-on deployment.
@@ -67,73 +72,74 @@ spec:
- name
x-kubernetes-list-type: map
nodePlacement:
description: NodePlacement enables explicit control over the scheduling
of the add-on agents on the managed cluster. All add-on agent pods
are expected to comply with this node placement. If the placement
is nil, the placement is not specified, it will be omitted. If the
placement is an empty object, the placement will match all nodes
and tolerate nothing.
description: |-
NodePlacement enables explicit control over the scheduling of the add-on agents on the
managed cluster.
All add-on agent pods are expected to comply with this node placement.
If the placement is nil, the placement is not specified, it will be omitted.
If the placement is an empty object, the placement will match all nodes and tolerate nothing.
properties:
nodeSelector:
additionalProperties:
type: string
description: NodeSelector defines which Nodes the Pods are scheduled
on. If the selector is an empty list, it will match all nodes.
description: |-
NodeSelector defines which Nodes the Pods are scheduled on.
If the selector is an empty list, it will match all nodes.
The default is an empty list.
type: object
tolerations:
description: Tolerations is attached by pods to tolerate any taint
that matches the triple <key,value,effect> using the matching
operator <operator>. If the tolerations is an empty list, it
will tolerate nothing. The default is an empty list.
description: |-
Tolerations is attached by pods to tolerate any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
If the tolerations is an empty list, it will tolerate nothing.
The default is an empty list.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
proxyConfig:
description: ProxyConfig holds proxy settings for add-on agent on
the managed cluster. Empty means no proxy settings is available.
description: |-
ProxyConfig holds proxy settings for add-on agent on the managed cluster.
Empty means no proxy settings is available.
properties:
caBundle:
description: CABundle is a CA certificate bundle to verify the
proxy server. And it's only useful when HTTPSProxy is set and
a HTTPS proxy server is specified.
description: |-
CABundle is a CA certificate bundle to verify the proxy server.
And it's only useful when HTTPSProxy is set and a HTTPS proxy server is specified.
format: byte
type: string
httpProxy:
@@ -143,16 +149,21 @@ spec:
description: HTTPSProxy is the URL of the proxy for HTTPS requests
type: string
noProxy:
description: NoProxy is a comma-separated list of hostnames and/or
CIDRs and/or IPs for which the proxy should not be used.
description: |-
NoProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy
should not be used.
type: string
type: object
registries:
description: "Registries describes how to override images used by
the addon agent on the managed cluster. the following example will
override image \"quay.io/open-cluster-management/addon-agent\" to
\"quay.io/ocm/addon-agent\" when deploying the addon agent \n registries:
- source: quay.io/open-cluster-management/addon-agent mirror: quay.io/ocm/addon-agent"
description: |-
Registries describes how to override images used by the addon agent on the managed cluster.
the following example will override image "quay.io/open-cluster-management/addon-agent" to
"quay.io/ocm/addon-agent" when deploying the addon agent
registries:
- source: quay.io/open-cluster-management/addon-agent
mirror: quay.io/ocm/addon-agent
items:
description: ImageMirror describes how to mirror images from a source
properties:

506
manifests/cluster-manager/hub/0000_02_clusters.open-cluster-management.io_placements.crd.yaml
View File

@@ -25,34 +25,49 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
description: "Placement defines a rule to select a set of ManagedClusters
from the ManagedClusterSets bound to the placement namespace. \n Here is
how the placement policy combines with other selection methods to determine
a matching list of ManagedClusters: 1. Kubernetes clusters are registered
with hub as cluster-scoped ManagedClusters; 2. ManagedClusters are organized
into cluster-scoped ManagedClusterSets; 3. ManagedClusterSets are bound
to workload namespaces; 4. Namespace-scoped Placements specify a slice of
ManagedClusterSets which select a working set of potential ManagedClusters;
5. Then Placements subselect from that working set using label/claim selection.
\n A ManagedCluster will not be selected if no ManagedClusterSet is bound
to the placement namespace. A user is able to bind a ManagedClusterSet to
a namespace by creating a ManagedClusterSetBinding in that namespace if
they have an RBAC rule to CREATE on the virtual subresource of `managedclustersets/bind`.
\n A slice of PlacementDecisions with the label cluster.open-cluster-management.io/placement={placement
name} will be created to represent the ManagedClusters selected by this
placement. \n If a ManagedCluster is selected and added into the PlacementDecisions,
other components may apply workload on it; once it is removed from the PlacementDecisions,
the workload applied on this ManagedCluster should be evicted accordingly."
description: |-
Placement defines a rule to select a set of ManagedClusters from the ManagedClusterSets bound
to the placement namespace.
Here is how the placement policy combines with other selection methods to determine a matching
list of ManagedClusters:
1. Kubernetes clusters are registered with hub as cluster-scoped ManagedClusters;
2. ManagedClusters are organized into cluster-scoped ManagedClusterSets;
3. ManagedClusterSets are bound to workload namespaces;
4. Namespace-scoped Placements specify a slice of ManagedClusterSets which select a working set
of potential ManagedClusters;
5. Then Placements subselect from that working set using label/claim selection.
A ManagedCluster will not be selected if no ManagedClusterSet is bound to the placement
namespace. A user is able to bind a ManagedClusterSet to a namespace by creating a
ManagedClusterSetBinding in that namespace if they have an RBAC rule to CREATE on the virtual
subresource of `managedclustersets/bind`.
A slice of PlacementDecisions with the label cluster.open-cluster-management.io/placement={placement name}
will be created to represent the ManagedClusters selected by this placement.
If a ManagedCluster is selected and added into the PlacementDecisions, other components may
apply workload on it; once it is removed from the PlacementDecisions, the workload applied on
this ManagedCluster should be evicted accordingly.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -60,12 +75,11 @@ spec:
description: Spec defines the attributes of Placement.
properties:
clusterSets:
description: ClusterSets represent the ManagedClusterSets from which
the ManagedClusters are selected. If the slice is empty, ManagedClusters
will be selected from the ManagedClusterSets bound to the placement
namespace, otherwise ManagedClusters will be selected from the intersection
of this slice and the ManagedClusterSets bound to the placement
namespace.
description: |-
ClusterSets represent the ManagedClusterSets from which the ManagedClusters are selected.
If the slice is empty, ManagedClusters will be selected from the ManagedClusterSets bound to the placement
namespace, otherwise ManagedClusters will be selected from the intersection of this slice and the
ManagedClusterSets bound to the placement namespace.
items:
type: string
type: array
@@ -82,32 +96,28 @@ spec:
- type: integer
- type: string
default: 100%
description: "ClustersPerDecisionGroup is a specific number
or percentage of the total selected clusters. The specific
number will divide the placementDecisions to decisionGroups
each group has max number of clusters equal to that specific
number. The percentage will divide the placementDecisions
to decisionGroups each group has max number of clusters
based on the total num of selected clusters and percentage.
ex; for a total 100 clusters selected, ClustersPerDecisionGroup
equal to 20% will divide the placement decision to 5 groups
each group should have 20 clusters. Default is having all
clusters in a single group. \n The predefined decisionGroups
is expected to be a subset of the selected clusters and
the number of items in each group SHOULD be less than ClustersPerDecisionGroup.
Once the number of items exceeds the ClustersPerDecisionGroup,
the decisionGroups will also be be divided into multiple
decisionGroups with same GroupName but different GroupIndex."
description: |-
ClustersPerDecisionGroup is a specific number or percentage of the total selected clusters.
The specific number will divide the placementDecisions to decisionGroups each group has max number of clusters
equal to that specific number.
The percentage will divide the placementDecisions to decisionGroups each group has max number of clusters based
on the total num of selected clusters and percentage.
ex; for a total 100 clusters selected, ClustersPerDecisionGroup equal to 20% will divide the placement decision
to 5 groups each group should have 20 clusters.
Default is having all clusters in a single group.
The predefined decisionGroups is expected to be a subset of the selected clusters and the number of items in each
group SHOULD be less than ClustersPerDecisionGroup. Once the number of items exceeds the ClustersPerDecisionGroup,
the decisionGroups will also be be divided into multiple decisionGroups with same GroupName but different GroupIndex.
pattern: ^((100|[1-9][0-9]{0,1})%|[1-9][0-9]*)$
x-kubernetes-int-or-string: true
decisionGroups:
description: DecisionGroups represents a list of predefined
groups to put decision results. Decision groups will be
constructed based on the DecisionGroups field at first.
The clusters not included in the DecisionGroups will be
divided to other decision groups afterwards. Each decision
group should not have the number of clusters larger than
the ClustersPerDecisionGroup.
description: |-
DecisionGroups represents a list of predefined groups to put decision results.
Decision groups will be constructed based on the DecisionGroups field at first. The clusters not included in the
DecisionGroups will be divided to other decision groups afterwards. Each decision group should not have the number
of clusters larger than the ClustersPerDecisionGroup.
items:
description: DecisionGroup define a subset of clusters that
will be added to placementDecisions with groupName label.
@@ -125,32 +135,29 @@ spec:
claim selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
@@ -166,46 +173,42 @@ spec:
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement
is a selector that contains values, a key,
and an operator that relates the key and
values.
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that
the selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and
DoesNotExist.
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty.
If the operator is Exists or DoesNotExist,
the values array must be empty. This
array is replaced during a strategic
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is
"In", and the values array contains only "value".
The requirements are ANDed.
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
@@ -224,18 +227,18 @@ spec:
type: object
type: object
numberOfClusters:
description: NumberOfClusters represents the desired number of ManagedClusters
to be selected which meet the placement requirements. 1) If not
specified, all ManagedClusters which meet the placement requirements
(including ClusterSets, and Predicates) will be selected; 2) Otherwise
if the nubmer of ManagedClusters meet the placement requirements
is larger than NumberOfClusters, a random subset with desired number
of ManagedClusters will be selected; 3) If the nubmer of ManagedClusters
meet the placement requirements is equal to NumberOfClusters, all
of them will be selected; 4) If the nubmer of ManagedClusters meet
the placement requirements is less than NumberOfClusters, all of
them will be selected, and the status of condition `PlacementConditionSatisfied`
will be set to false;
description: |-
NumberOfClusters represents the desired number of ManagedClusters to be selected which meet the
placement requirements.
1) If not specified, all ManagedClusters which meet the placement requirements (including ClusterSets,
and Predicates) will be selected;
2) Otherwise if the nubmer of ManagedClusters meet the placement requirements is larger than
NumberOfClusters, a random subset with desired number of ManagedClusters will be selected;
3) If the nubmer of ManagedClusters meet the placement requirements is equal to NumberOfClusters,
all of them will be selected;
4) If the nubmer of ManagedClusters meet the placement requirements is less than NumberOfClusters,
all of them will be selected, and the status of condition `PlacementConditionSatisfied` will be
set to false;
format: int32
type: integer
predicates:
@@ -245,16 +248,13 @@ spec:
description: ClusterPredicate represents a predicate to select ManagedClusters.
properties:
requiredClusterSelector:
description: RequiredClusterSelector represents a selector of
ManagedClusters by label and claim. If specified, 1) Any ManagedCluster,
which does not match the selector, should not be selected
by this ClusterPredicate; 2) If a selected ManagedCluster
(of this ClusterPredicate) ceases to match the selector (e.g.
due to an update) of any ClusterPredicate, it will be eventually
removed from the placement decisions; 3) If a ManagedCluster
(not selected previously) starts to match the selector, it
will either be selected or at least has a chance to be selected
(when NumberOfClusters is specified);
description: |-
RequiredClusterSelector represents a selector of ManagedClusters by label and claim. If specified,
1) Any ManagedCluster, which does not match the selector, should not be selected by this ClusterPredicate;
2) If a selected ManagedCluster (of this ClusterPredicate) ceases to match the selector (e.g. due to
an update) of any ClusterPredicate, it will be eventually removed from the placement decisions;
3) If a ManagedCluster (not selected previously) starts to match the selector, it will either
be selected or at least has a chance to be selected (when NumberOfClusters is specified);
properties:
claimSelector:
description: ClaimSelector represents a selector of ManagedClusters
@@ -264,8 +264,8 @@ spec:
description: matchExpressions is a list of cluster claim
selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
@@ -273,20 +273,20 @@ spec:
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
@@ -301,8 +301,8 @@ spec:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
@@ -310,33 +310,33 @@ spec:
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be empty.
This array is replaced during a strategic merge
patch.
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
@@ -344,10 +344,10 @@ spec:
type: object
type: array
prioritizerPolicy:
description: PrioritizerPolicy defines the policy of the prioritizers.
If this field is unset, then default prioritizer mode and configurations
are used. Referring to PrioritizerPolicy to see more description
about Mode and Configurations.
description: |-
PrioritizerPolicy defines the policy of the prioritizers.
If this field is unset, then default prioritizer mode and configurations are used.
Referring to PrioritizerPolicy to see more description about Mode and Configurations.
properties:
configurations:
items:
@@ -363,37 +363,35 @@ spec:
resource name and score name.
properties:
resourceName:
description: ResourceName defines the resource name
of the AddOnPlacementScore. The placement prioritizer
selects AddOnPlacementScore CR by this name.
description: |-
ResourceName defines the resource name of the AddOnPlacementScore.
The placement prioritizer selects AddOnPlacementScore CR by this name.
type: string
scoreName:
description: ScoreName defines the score name inside
AddOnPlacementScore. AddOnPlacementScore contains
a list of score name and score value, ScoreName
specify the score to be used by the prioritizer.
description: |-
ScoreName defines the score name inside AddOnPlacementScore.
AddOnPlacementScore contains a list of score name and score value, ScoreName specify the score to be used by
the prioritizer.
type: string
required:
- resourceName
- scoreName
type: object
builtIn:
description: 'BuiltIn defines the name of a BuiltIn
prioritizer. Below are the valid BuiltIn prioritizer
names. 1) Balance: balance the decisions among the
clusters. 2) Steady: ensure the existing decision
is stabilized. 3) ResourceAllocatableCPU & ResourceAllocatableMemory:
sort clusters based on the allocatable. 4) Spread:
spread the workload evenly to topologies.'
description: |-
BuiltIn defines the name of a BuiltIn prioritizer. Below are the valid BuiltIn prioritizer names.
1) Balance: balance the decisions among the clusters.
2) Steady: ensure the existing decision is stabilized.
3) ResourceAllocatableCPU & ResourceAllocatableMemory: sort clusters based on the allocatable.
4) Spread: spread the workload evenly to topologies.
type: string
type:
default: BuiltIn
description: Type defines the type of the prioritizer
score. Type is either "BuiltIn", "AddOn" or "", where
"" is "BuiltIn" by default. When the type is "BuiltIn",
need to specify a BuiltIn prioritizer name in BuiltIn.
When the type is "AddOn", need to configure the score
source in AddOn.
description: |-
Type defines the type of the prioritizer score.
Type is either "BuiltIn", "AddOn" or "", where "" is "BuiltIn" by default.
When the type is "BuiltIn", need to specify a BuiltIn prioritizer name in BuiltIn.
When the type is "AddOn", need to configure the score source in AddOn.
enum:
- BuiltIn
- AddOn
@@ -403,14 +401,13 @@ spec:
type: object
weight:
default: 1
description: Weight defines the weight of the prioritizer
score. The value must be ranged in [-10,10]. Each prioritizer
will calculate an integer score of a cluster in the range
of [-100, 100]. The final score of a cluster will be sum(weight
* prioritizer_score). A higher weight indicates that the
prioritizer weights more in the cluster selection, while
0 weight indicates that the prioritizer is disabled. A
negative weight indicates wants to select the last ones.
description: |-
Weight defines the weight of the prioritizer score. The value must be ranged in [-10,10].
Each prioritizer will calculate an integer score of a cluster in the range of [-100, 100].
The final score of a cluster will be sum(weight * prioritizer_score).
A higher weight indicates that the prioritizer weights more in the cluster selection,
while 0 weight indicates that the prioritizer is disabled. A negative weight indicates
wants to select the last ones.
format: int32
maximum: 10
minimum: -10
@@ -421,43 +418,38 @@ spec:
type: array
mode:
default: Additive
description: Mode is either Exact, Additive, "" where "" is Additive
by default. In Additive mode, any prioritizer not explicitly
enumerated is enabled in its default Configurations, in which
Steady and Balance prioritizers have the weight of 1 while other
prioritizers have the weight of 0. Additive doesn't require
configuring all prioritizers. The default Configurations may
change in the future, and additional prioritization will happen.
In Exact mode, any prioritizer not explicitly enumerated is
weighted as zero. Exact requires knowing the full set of prioritizers
you want, but avoids behavior changes between releases.
description: |-
Mode is either Exact, Additive, "" where "" is Additive by default.
In Additive mode, any prioritizer not explicitly enumerated is enabled in its default Configurations,
in which Steady and Balance prioritizers have the weight of 1 while other prioritizers have the weight of 0.
Additive doesn't require configuring all prioritizers. The default Configurations may change in the future,
and additional prioritization will happen.
In Exact mode, any prioritizer not explicitly enumerated is weighted as zero.
Exact requires knowing the full set of prioritizers you want, but avoids behavior changes between releases.
type: string
type: object
spreadPolicy:
description: SpreadPolicy defines how placement decisions should be
distributed among a set of ManagedClusters.
description: |-
SpreadPolicy defines how placement decisions should be distributed among a
set of ManagedClusters.
properties:
spreadConstraints:
description: SpreadConstraints defines how the placement decision
should be distributed among a set of ManagedClusters. The importance
of the SpreadConstraintsTerms follows the natural order of their
index in the slice. The scheduler first consider SpreadConstraintsTerms
with smaller index then those with larger index to distribute
the placement decision.
description: |-
SpreadConstraints defines how the placement decision should be distributed among a set of ManagedClusters.
The importance of the SpreadConstraintsTerms follows the natural order of their index in the slice.
The scheduler first consider SpreadConstraintsTerms with smaller index then those with larger index
to distribute the placement decision.
items:
description: SpreadConstraintsTerm defines a terminology to
spread placement decisions.
properties:
maxSkew:
default: 1
description: MaxSkew represents the degree to which the
workload may be unevenly distributed. Skew is the maximum
difference between the number of selected ManagedClusters
in a topology and the global minimum. The global minimum
is the minimum number of selected ManagedClusters for
the topologies within the same TopologyKey. The minimum
possible value of MaxSkew is 1, and the default value
is 1.
description: |-
MaxSkew represents the degree to which the workload may be unevenly distributed.
Skew is the maximum difference between the number of selected ManagedClusters in a topology and the global minimum.
The global minimum is the minimum number of selected ManagedClusters for the topologies within the same TopologyKey.
The minimum possible value of MaxSkew is 1, and the default value is 1.
format: int32
minimum: 1
type: integer
@@ -476,13 +468,11 @@ spec:
type: string
whenUnsatisfiable:
default: ScheduleAnyway
description: WhenUnsatisfiable represents the action of
the scheduler when MaxSkew cannot be satisfied. It could
be DoNotSchedule or ScheduleAnyway. The default value
is ScheduleAnyway. DoNotSchedule instructs the scheduler
not to schedule more ManagedClusters when MaxSkew is not
satisfied. ScheduleAnyway instructs the scheduler to keep
scheduling even if MaxSkew is not satisfied.
description: |-
WhenUnsatisfiable represents the action of the scheduler when MaxSkew cannot be satisfied.
It could be DoNotSchedule or ScheduleAnyway. The default value is ScheduleAnyway.
DoNotSchedule instructs the scheduler not to schedule more ManagedClusters when MaxSkew is not satisfied.
ScheduleAnyway instructs the scheduler to keep scheduling even if MaxSkew is not satisfied.
enum:
- DoNotSchedule
- ScheduleAnyway
@@ -495,53 +485,52 @@ spec:
type: array
type: object
tolerations:
description: Tolerations are applied to placements, and allow (but
do not require) the managed clusters with certain taints to be selected
by placements with matching tolerations.
description: |-
Tolerations are applied to placements, and allow (but do not require) the managed clusters with
certain taints to be selected by placements with matching tolerations.
items:
description: Toleration represents the toleration object that can
be attached to a placement. The placement this Toleration is attached
to tolerates any taint that matches the triple <key,value,effect>
using the matching operator <operator>.
description: |-
Toleration represents the toleration object that can be attached to a placement.
The placement this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match. Empty
means match all taint effects. When specified, allowed values
are NoSelect, PreferNoSelect and NoSelectIfNew.
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSelect, PreferNoSelect and NoSelectIfNew.
enum:
- NoSelect
- PreferNoSelect
- NoSelectIfNew
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match all
values and all keys.
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
operator:
default: Equal
description: Operator represents a key's relationship to the
value. Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a placement
can tolerate all taints of a particular category.
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a placement can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time
the toleration (which must be of effect NoSelect/PreferNoSelect,
otherwise this field is ignored) tolerates the taint. The
default value is nil, which indicates it tolerates the taint
forever. The start time of counting the TolerationSeconds
should be the TimeAdded in Taint, not the cluster scheduled
time or TolerationSeconds added time.
description: |-
TolerationSeconds represents the period of time the toleration (which must be of effect
NoSelect/PreferNoSelect, otherwise this field is ignored) tolerates the taint.
The default value is nil, which indicates it tolerates the taint forever.
The start time of counting the TolerationSeconds should be the TimeAdded in Taint, not the cluster
scheduled time or TolerationSeconds added time.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
maxLength: 1024
type: string
type: object
@@ -555,42 +544,42 @@ spec:
this Placement.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -604,11 +593,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string

335
manifests/cluster-manager/hub/0000_03_addon.open-cluster-management.io_addontemplates.crd.yaml
View File

@@ -20,25 +20,35 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: "AddOnTemplate is the Custom Resource object, it is used to describe
how to deploy the addon agent and how to register the addon. \n AddOnTemplate
is a cluster-scoped resource, and will only be used on the hub cluster."
description: |-
AddOnTemplate is the Custom Resource object, it is used to describe
how to deploy the addon agent and how to register the addon.
AddOnTemplate is a cluster-scoped resource, and will only be used
on the hub cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec holds the registration configuration for the addon and
the addon agent resources yaml description.
description: |-
spec holds the registration configuration for the addon and the
addon agent resources yaml description.
properties:
addonName:
description: AddonName represents the name of the addon which the
@@ -49,21 +59,20 @@ spec:
of the addon agent to be deployed on a managed cluster.
properties:
deleteOption:
description: DeleteOption represents deletion strategy when the
manifestwork is deleted. Foreground deletion strategy is applied
to all the resource in this manifestwork if it is not set.
description: |-
DeleteOption represents deletion strategy when the manifestwork is deleted.
Foreground deletion strategy is applied to all the resource in this manifestwork if it is not set.
properties:
propagationPolicy:
default: Foreground
description: propagationPolicy can be Foreground, Orphan or
SelectivelyOrphan SelectivelyOrphan should be rarely used. It
is provided for cases where particular resources is transfering
ownership from one ManifestWork to another or another management
unit. Setting this value will allow a flow like 1. create
manifestwork/2 to manage foo 2. update manifestwork/1 to
selectively orphan foo 3. remove foo from manifestwork/1
without impacting continuity because manifestwork/2 adopts
it.
description: |-
propagationPolicy can be Foreground, Orphan or SelectivelyOrphan
SelectivelyOrphan should be rarely used. It is provided for cases where particular resources is transfering
ownership from one ManifestWork to another or another management unit.
Setting this value will allow a flow like
1. create manifestwork/2 to manage foo
2. update manifestwork/1 to selectively orphan foo
3. remove foo from manifestwork/1 without impacting continuity because manifestwork/2 adopts it.
enum:
- Foreground
- Orphan
@@ -74,26 +83,26 @@ spec:
following orphan deletion stratecy
properties:
orphaningRules:
description: orphaningRules defines a slice of orphaningrule.
Each orphaningrule identifies a single resource included
in this manifestwork
description: |-
orphaningRules defines a slice of orphaningrule.
Each orphaningrule identifies a single resource included in this manifestwork
items:
description: OrphaningRule identifies a single resource
included in this manifestwork to be orphaned
properties:
group:
description: Group is the API Group of the Kubernetes
resource, empty string indicates it is in core
group.
description: |-
Group is the API Group of the Kubernetes resource,
empty string indicates it is in core group.
type: string
name:
description: Name is the name of the Kubernetes
resource.
type: string
namespace:
description: Name is the namespace of the Kubernetes
resource, empty string indicates it is a cluster
scoped resource.
description: |-
Name is the namespace of the Kubernetes resource, empty string indicates
it is a cluster scoped resource.
type: string
resource:
description: Resource is the resource name of the
@@ -107,23 +116,22 @@ spec:
type: object
type: object
executor:
description: Executor is the configuration that makes the work
agent to perform some pre-request processing/checking. e.g.
the executor identity tells the work agent to check the executor
has sufficient permission to write the workloads to the local
managed cluster. Note that nil executor is still supported for
backward-compatibility which indicates that the work agent will
not perform any additional actions before applying resources.
description: |-
Executor is the configuration that makes the work agent to perform some pre-request processing/checking.
e.g. the executor identity tells the work agent to check the executor has sufficient permission to write
the workloads to the local managed cluster.
Note that nil executor is still supported for backward-compatibility which indicates that the work agent
will not perform any additional actions before applying resources.
properties:
subject:
description: Subject is the subject identity which the work
agent uses to talk to the local cluster when applying the
resources.
description: |-
Subject is the subject identity which the work agent uses to talk to the
local cluster when applying the resources.
properties:
serviceAccount:
description: ServiceAccount is for identifying which service
account to use by the work agent. Only required if the
type is "ServiceAccount".
description: |-
ServiceAccount is for identifying which service account to use by the work agent.
Only required if the type is "ServiceAccount".
properties:
name:
description: Name is the name of the service account.
@@ -143,8 +151,9 @@ spec:
- namespace
type: object
type:
description: 'Type is the type of the subject identity.
Supported types are: "ServiceAccount".'
description: |-
Type is the type of the subject identity.
Supported types are: "ServiceAccount".
enum:
- ServiceAccount
type: string
@@ -160,9 +169,9 @@ spec:
of a manifest defined in workload field.
properties:
feedbackRules:
description: FeedbackRules defines what resource status
field should be returned. If it is not set or empty, no
feedback rules will be honored.
description: |-
FeedbackRules defines what resource status field should be returned. If it is not set or empty,
no feedback rules will be honored.
items:
properties:
jsonPaths:
@@ -175,22 +184,19 @@ spec:
for this field
type: string
path:
description: Path represents the json path of
the field under status. The path must point
to a field with single value in the type of
integer, bool or string. If the path points
to a non-existing field, no value will be
returned. If the path points to a structure,
map or slice, no value will be returned and
the status conddition of StatusFeedBackSynced
will be set as false. Ref to https://kubernetes.io/docs/reference/kubectl/jsonpath/
on how to write a jsonPath.
description: |-
Path represents the json path of the field under status.
The path must point to a field with single value in the type of integer, bool or string.
If the path points to a non-existing field, no value will be returned.
If the path points to a structure, map or slice, no value will be returned and the status conddition
of StatusFeedBackSynced will be set as false.
Ref to https://kubernetes.io/docs/reference/kubectl/jsonpath/ on how to write a jsonPath.
type: string
version:
description: Version is the version of the Kubernetes
resource. If it is not specified, the resource
with the semantically latest version is used
to resolve the path.
description: |-
Version is the version of the Kubernetes resource.
If it is not specified, the resource with the semantically latest version is
used to resolve the path.
type: string
required:
- name
@@ -198,14 +204,13 @@ spec:
type: object
type: array
type:
description: Type defines the option of how status
can be returned. It can be jsonPaths or wellKnownStatus.
If the type is JSONPaths, user should specify the
jsonPaths field If the type is WellKnownStatus,
certain common fields of status defined by a rule
only for types in in k8s.io/api and open-cluster-management/api
will be reported, If these status fields do not
exist, no values will be reported.
description: |-
Type defines the option of how status can be returned.
It can be jsonPaths or wellKnownStatus.
If the type is JSONPaths, user should specify the jsonPaths field
If the type is WellKnownStatus, certain common fields of status defined by a rule only
for types in in k8s.io/api and open-cluster-management/api will be reported,
If these status fields do not exist, no values will be reported.
enum:
- WellKnownStatus
- JSONPaths
@@ -215,22 +220,22 @@ spec:
type: object
type: array
resourceIdentifier:
description: ResourceIdentifier represents the group, resource,
name and namespace of a resoure. iff this refers to a
resource not created by this manifest work, the related
rules will not be executed.
description: |-
ResourceIdentifier represents the group, resource, name and namespace of a resoure.
iff this refers to a resource not created by this manifest work, the related rules will not be executed.
properties:
group:
description: Group is the API Group of the Kubernetes
resource, empty string indicates it is in core group.
description: |-
Group is the API Group of the Kubernetes resource,
empty string indicates it is in core group.
type: string
name:
description: Name is the name of the Kubernetes resource.
type: string
namespace:
description: Name is the namespace of the Kubernetes
resource, empty string indicates it is a cluster scoped
resource.
description: |-
Name is the namespace of the Kubernetes resource, empty string indicates
it is a cluster scoped resource.
type: string
resource:
description: Resource is the resource name of the Kubernetes
@@ -241,19 +246,20 @@ spec:
- resource
type: object
updateStrategy:
description: UpdateStrategy defines the strategy to update
this manifest. UpdateStrategy is Update if it is not set.
description: |-
UpdateStrategy defines the strategy to update this manifest. UpdateStrategy is Update
if it is not set.
properties:
serverSideApply:
description: serverSideApply defines the configuration
for server side apply. It is honored only when type
of updateStrategy is ServerSideApply
description: |-
serverSideApply defines the configuration for server side apply. It is honored only when
type of updateStrategy is ServerSideApply
properties:
fieldManager:
default: work-agent
description: FieldManager is the manager to apply
the resource. It is work-agent by default, but
can be other name with work-agent as the prefix.
description: |-
FieldManager is the manager to apply the resource. It is work-agent by default, but can be other name with work-agent
as the prefix.
pattern: ^work-agent
type: string
force:
@@ -263,17 +269,15 @@ spec:
type: object
type:
default: Update
description: type defines the strategy to update this
manifest, default value is Update. Update type means
to update resource by an update call. CreateOnly type
means do not update resource based on current manifest.
ServerSideApply type means to update resource using
server side apply with work-controller as the field
manager. If there is conflict, the related Applied
condition of manifest will be in the status of False
with the reason of ApplyConflict. ReadOnly type means
the agent will only check the existence of the resource
based on its metadata.
description: |-
type defines the strategy to update this manifest, default value is Update.
Update type means to update resource by an update call.
CreateOnly type means do not update resource based on current manifest.
ServerSideApply type means to update resource using server side apply with work-controller as the field manager.
If there is conflict, the related Applied condition of manifest will be in the status of False with the
reason of ApplyConflict.
ReadOnly type means the agent will only check the existence of the resource based on its metadata,
statusFeedBackRules can still be used to get feedbackResults.
enum:
- Update
- CreateOnly
@@ -307,23 +311,22 @@ spec:
description: Registration holds the registration configuration for
the addon
items:
description: RegistrationSpec describes how to register an addon
agent to the hub cluster. With the registration defined, The addon
agent can access to kube apiserver with kube style API or other
endpoints on hub cluster with client certificate authentication.
During the addon registration process, a csr will be created for
each Registration on the hub cluster. The CSR will be approved
automatically, After the csr is approved on the hub cluster, the
klusterlet agent will create a secret in the installNamespace
for the addon agent. If the RegistrationType type is KubeClient,
the secret name will be "{addon name}-hub-kubeconfig" whose content
includes key/cert and kubeconfig. Otherwise, If the RegistrationType
type is CustomSigner the secret name will be "{addon name}-{signer
name}-client-cert" whose content includes key/cert.
description: |-
RegistrationSpec describes how to register an addon agent to the hub cluster.
With the registration defined, The addon agent can access to kube apiserver with kube style API
or other endpoints on hub cluster with client certificate authentication. During the addon
registration process, a csr will be created for each Registration on the hub cluster. The
CSR will be approved automatically, After the csr is approved on the hub cluster, the klusterlet
agent will create a secret in the installNamespace for the addon agent.
If the RegistrationType type is KubeClient, the secret name will be "{addon name}-hub-kubeconfig"
whose content includes key/cert and kubeconfig. Otherwise, If the RegistrationType type is
CustomSigner the secret name will be "{addon name}-{signer name}-client-cert" whose content
includes key/cert.
properties:
customSigner:
description: CustomSigner holds the configuration of the CustomSigner
type registration required when the Type is CustomSigner
description: |-
CustomSigner holds the configuration of the CustomSigner type registration
required when the Type is CustomSigner
properties:
signerName:
description: signerName is the name of signer that addon
@@ -333,14 +336,13 @@ spec:
pattern: ^([a-z0-9][a-z0-9-]*[a-z0-9]\.)+[a-z]+\/[a-z0-9-\.]+$
type: string
signingCA:
description: 'SigningCA represents the reference of the
secret on the hub cluster to sign the CSR the secret must
be in the namespace where the addon-manager is located,
and the secret type must be "kubernetes.io/tls" Note:
The addon manager will not have permission to access the
secret by default, so the user must grant the permission
to the addon manager(by creating rolebinding for the addon-manager
serviceaccount "addon-manager-controller-sa").'
description: |-
SigningCA represents the reference of the secret on the hub cluster to sign the CSR
the secret must be in the namespace where the addon-manager is located, and the secret
type must be "kubernetes.io/tls"
Note: The addon manager will not have permission to access the secret by default, so
the user must grant the permission to the addon manager(by creating rolebinding for
the addon-manager serviceaccount "addon-manager-controller-sa").
properties:
name:
description: Name of the signing CA secret
@@ -349,13 +351,14 @@ spec:
- name
type: object
subject:
description: 'Subject is the user subject of the addon agent
to be registered to the hub. If it is not set, the addon
agent will have the default subject "subject": { "user":
"system:open-cluster-management:cluster:{clusterName}:addon:{addonName}:agent:{agentName}",
"groups: ["system:open-cluster-management:cluster:{clusterName}:addon:{addonName}",
"system:open-cluster-management:addon:{addonName}", "system:authenticated"]
}'
description: |-
Subject is the user subject of the addon agent to be registered to the hub.
If it is not set, the addon agent will have the default subject
"subject": {
"user": "system:open-cluster-management:cluster:{clusterName}:addon:{addonName}:agent:{agentName}",
"groups: ["system:open-cluster-management:cluster:{clusterName}:addon:{addonName}",
"system:open-cluster-management:addon:{addonName}", "system:authenticated"]
}
properties:
groups:
description: groups is the user group of the addon agent.
@@ -383,43 +386,40 @@ spec:
description: HubPermissions represent the permission configurations
of the addon agent to access the hub cluster
items:
description: HubPermissionConfig configures the permission
of the addon agent to access the hub cluster. Will create
a RoleBinding in the same namespace as the managedClusterAddon
to bind the user provided ClusterRole/Role to the "system:open-cluster-management:cluster:<cluster-name>:addon:<addon-name>"
description: |-
HubPermissionConfig configures the permission of the addon agent to access the hub cluster.
Will create a RoleBinding in the same namespace as the managedClusterAddon to bind the user
provided ClusterRole/Role to the "system:open-cluster-management:cluster:<cluster-name>:addon:<addon-name>"
Group.
properties:
currentCluster:
description: CurrentCluster contains the configuration
of CurrentCluster type binding. It is required when
the type is CurrentCluster.
description: |-
CurrentCluster contains the configuration of CurrentCluster type binding.
It is required when the type is CurrentCluster.
properties:
clusterRoleName:
description: ClusterRoleName is the name of the
clusterrole the addon agent is bound. A rolebinding
will be created referring to this cluster role
in each cluster namespace. The user must make
sure the clusterrole exists on the hub cluster.
description: |-
ClusterRoleName is the name of the clusterrole the addon agent is bound. A rolebinding
will be created referring to this cluster role in each cluster namespace.
The user must make sure the clusterrole exists on the hub cluster.
type: string
required:
- clusterRoleName
type: object
singleNamespace:
description: SingleNamespace contains the configuration
of SingleNamespace type binding. It is required
when the type is SingleNamespace
description: |-
SingleNamespace contains the configuration of SingleNamespace type binding.
It is required when the type is SingleNamespace
properties:
namespace:
description: Namespace is the namespace the addon
agent has permissions to bind to. A rolebinding
will be created in this namespace referring
to the RoleRef.
description: |-
Namespace is the namespace the addon agent has permissions to bind to. A rolebinding
will be created in this namespace referring to the RoleRef.
type: string
roleRef:
description: RoleRef is an reference to the permission
resource. it could be a role or a cluster role,
the user must make sure it exist on the hub
cluster.
description: |-
RoleRef is an reference to the permission resource. it could be a role or a cluster role,
the user must make sure it exist on the hub cluster.
properties:
apiGroup:
description: APIGroup is the group for the
@@ -444,12 +444,10 @@ spec:
- roleRef
type: object
type:
description: 'Type of the permissions setting. It
defines how to bind the roleRef on the hub cluster.
It can be: - CurrentCluster: Bind the roleRef to
the namespace with the same name as the managedCluster.
- SingleNamespace: Bind the roleRef to the namespace
specified by SingleNamespaceBindingConfig.'
description: |-
Type of the permissions setting. It defines how to bind the roleRef on the hub cluster. It can be:
- CurrentCluster: Bind the roleRef to the namespace with the same name as the managedCluster.
- SingleNamespace: Bind the roleRef to the namespace specified by SingleNamespaceBindingConfig.
enum:
- CurrentCluster
- SingleNamespace
@@ -460,16 +458,15 @@ spec:
type: array
type: object
type:
description: 'Type of the registration configuration, it supports:
- KubeClient: the addon agent can access the hub kube apiserver
with kube style API. the signer name should be "kubernetes.io/kube-apiserver-client".
When this type is used, the KubeClientRegistrationConfig can
be used to define the permission of the addon agent to access
the hub cluster - CustomSigner: the addon agent can access
the hub cluster through user-defined endpoints. When this
type is used, the CustomSignerRegistrationConfig can be used
to define how to issue the client certificate for the addon
agent.'
description: |-
Type of the registration configuration, it supports:
- KubeClient: the addon agent can access the hub kube apiserver with kube style API.
the signer name should be "kubernetes.io/kube-apiserver-client". When this type is
used, the KubeClientRegistrationConfig can be used to define the permission of the
addon agent to access the hub cluster
- CustomSigner: the addon agent can access the hub cluster through user-defined endpoints.
When this type is used, the CustomSignerRegistrationConfig can be used to define how
to issue the client certificate for the addon agent.
enum:
- KubeClient
- CustomSigner

47
manifests/cluster-manager/hub/0000_03_clusters.open-cluster-management.io_placementdecisions.crd.yaml
View File

@@ -15,24 +15,33 @@ spec:
- name: v1beta1
schema:
openAPIV3Schema:
description: "PlacementDecision indicates a decision from a placement. PlacementDecision
must have a cluster.open-cluster-management.io/placement={placement name}
label to reference a certain placement. \n If a placement has spec.numberOfClusters
specified, the total number of decisions contained in the status.decisions
of PlacementDecisions must be the same as NumberOfClusters. Otherwise, the
description: |-
PlacementDecision indicates a decision from a placement.
PlacementDecision must have a cluster.open-cluster-management.io/placement={placement name} label to reference a certain placement.
If a placement has spec.numberOfClusters specified, the total number of decisions contained in
the status.decisions of PlacementDecisions must be the same as NumberOfClusters. Otherwise, the
total number of decisions must equal the number of ManagedClusters that
match the placement requirements. \n Some of the decisions might be empty
when there are not enough ManagedClusters to meet the placement requirements."
match the placement requirements.
Some of the decisions might be empty when there are not enough ManagedClusters to meet the placement requirements.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -40,16 +49,18 @@ spec:
description: Status represents the current status of the PlacementDecision
properties:
decisions:
description: Decisions is a slice of decisions according to a placement
description: |-
Decisions is a slice of decisions according to a placement
The number of decisions should not be larger than 100
items:
description: ClusterDecision represents a decision from a placement
description: |-
ClusterDecision represents a decision from a placement
An empty ClusterDecision indicates it is not scheduled yet.
properties:
clusterName:
description: ClusterName is the name of the ManagedCluster.
If it is not empty, its value should be unique cross all placement
decisions for the Placement.
description: |-
ClusterName is the name of the ManagedCluster. If it is not empty, its value should be unique cross all
placement decisions for the Placement.
type: string
reason:
description: Reason represents the reason why the ManagedCluster

90
manifests/cluster-manager/hub/0000_05_clusters.open-cluster-management.io_addonplacementscores.crd.yaml
View File

@@ -15,19 +15,24 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: AddOnPlacementScore represents a bundle of scores of one managed
cluster, which could be used by placement. AddOnPlacementScore is a namespace
scoped resource. The namespace of the resource is the cluster namespace.
description: |-
AddOnPlacementScore represents a bundle of scores of one managed cluster, which could be used by placement.
AddOnPlacementScore is a namespace scoped resource. The namespace of the resource is the cluster namespace.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -39,42 +44,42 @@ spec:
this AddOnPlacementScore.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -88,11 +93,12 @@ spec:
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -133,10 +139,10 @@ spec:
- name
x-kubernetes-list-type: map
validUntil:
description: ValidUntil defines the valid time of the scores. After
this time, the scores are considered to be invalid by placement.
nil means never expire. The controller owning this resource should
keep the scores up-to-date.
description: |-
ValidUntil defines the valid time of the scores.
After this time, the scores are considered to be invalid by placement. nil means never expire.
The controller owning this resource should keep the scores up-to-date.
format: date-time
type: string
type: object

87
manifests/klusterlet/managed/0000_01_work.open-cluster-management.io_appliedmanifestworks.crd.yaml
View File

@@ -15,23 +15,29 @@ spec:
- name: v1
schema:
openAPIV3Schema:
description: AppliedManifestWork represents an applied manifestwork on managed
cluster that is placed on a managed cluster. An AppliedManifestWork links
to a manifestwork on a hub recording resources deployed in the managed cluster.
When the agent is removed from managed cluster, cluster-admin on managed
cluster can delete appliedmanifestwork to remove resources deployed by the
agent. The name of the appliedmanifestwork must be in the format of {hash
of hub's first kube-apiserver url}-{manifestwork name}
description: |-
AppliedManifestWork represents an applied manifestwork on managed cluster that is placed
on a managed cluster. An AppliedManifestWork links to a manifestwork on a hub recording resources
deployed in the managed cluster.
When the agent is removed from managed cluster, cluster-admin on managed cluster
can delete appliedmanifestwork to remove resources deployed by the agent.
The name of the appliedmanifestwork must be in the format of
{hash of hub's first kube-apiserver url}-{manifestwork name}
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -43,8 +49,9 @@ spec:
handle this AppliedManifestWork.
type: string
hubHash:
description: HubHash represents the hash of the first hub kube apiserver
to identify which hub this AppliedManifestWork links to.
description: |-
HubHash represents the hash of the first hub kube apiserver to identify which hub
this AppliedManifestWork links to.
type: string
manifestWorkName:
description: ManifestWorkName represents the name of the related manifestwork
@@ -55,41 +62,40 @@ spec:
description: Status represents the current status of AppliedManifestWork.
properties:
appliedResources:
description: AppliedResources represents a list of resources defined
within the manifestwork that are applied. Only resources with valid
GroupVersionResource, namespace, and name are suitable. An item
in this slice is deleted when there is no mapped manifest in manifestwork.Spec
or by finalizer. The resource relating to the item will also be
removed from managed cluster. The deleted resource may still be
present until the finalizers for that resource are finished. However,
the resource will not be undeleted, so it can be removed from this
list and eventual consistency is preserved.
description: |-
AppliedResources represents a list of resources defined within the manifestwork that are applied.
Only resources with valid GroupVersionResource, namespace, and name are suitable.
An item in this slice is deleted when there is no mapped manifest in manifestwork.Spec or by finalizer.
The resource relating to the item will also be removed from managed cluster.
The deleted resource may still be present until the finalizers for that resource are finished.
However, the resource will not be undeleted, so it can be removed from this list and eventual consistency is preserved.
items:
description: AppliedManifestResourceMeta represents the group, version,
resource, name and namespace of a resource. Since these resources
have been created, they must have valid group, version, resource,
namespace, and name.
description: |-
AppliedManifestResourceMeta represents the group, version, resource, name and namespace of a resource.
Since these resources have been created, they must have valid group, version, resource, namespace, and name.
properties:
group:
description: Group is the API Group of the Kubernetes resource,
description: |-
Group is the API Group of the Kubernetes resource,
empty string indicates it is in core group.
type: string
name:
description: Name is the name of the Kubernetes resource.
type: string
namespace:
description: Name is the namespace of the Kubernetes resource,
empty string indicates it is a cluster scoped resource.
description: |-
Name is the namespace of the Kubernetes resource, empty string indicates
it is a cluster scoped resource.
type: string
resource:
description: Resource is the resource name of the Kubernetes
resource.
type: string
uid:
description: UID is set on successful deletion of the Kubernetes
resource by controller. The resource might be still visible
on the managed cluster after this field is set. It is not
directly settable by a client.
description: |-
UID is set on successful deletion of the Kubernetes resource by controller. The
resource might be still visible on the managed cluster after this field is set.
It is not directly settable by a client.
type: string
version:
description: Version is the version of the Kubernetes resource.
@@ -101,12 +107,11 @@ spec:
type: object
type: array
evictionStartTime:
description: 'EvictionStartTime represents the current appliedmanifestwork
will be evicted after a grace period. An appliedmanifestwork will
be evicted from the managed cluster in the following two scenarios:
- the manifestwork of the current appliedmanifestwork is missing
on the hub, or - the appliedmanifestwork hub hash does not match
the current hub hash of the work agent.'
description: |-
EvictionStartTime represents the current appliedmanifestwork will be evicted after a grace period.
An appliedmanifestwork will be evicted from the managed cluster in the following two scenarios:
- the manifestwork of the current appliedmanifestwork is missing on the hub, or
- the appliedmanifestwork hub hash does not match the current hub hash of the work agent.
format: date-time
type: string
type: object

33
manifests/klusterlet/managed/0000_02_clusters.open-cluster-management.io_clusterclaims.crd.yaml
View File

@@ -15,22 +15,31 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: "ClusterClaim represents cluster information that a managed cluster
claims ClusterClaims with well known names include, 1. id.k8s.io, it contains
a unique identifier for the cluster. 2. clusterset.k8s.io, it contains an
identifier that relates the cluster to the ClusterSet in which it belongs.
\n ClusterClaims created on a managed cluster will be collected and saved
into the status of the corresponding ManagedCluster on hub."
description: |-
ClusterClaim represents cluster information that a managed cluster claims
ClusterClaims with well known names include,
1. id.k8s.io, it contains a unique identifier for the cluster.
2. clusterset.k8s.io, it contains an identifier that relates the cluster
to the ClusterSet in which it belongs.
ClusterClaims created on a managed cluster will be collected and saved into
the status of the corresponding ManagedCluster on hub.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object

83
pkg/addon/manager_test.go Normal file
View File

@@ -0,0 +1,83 @@
package addon
import (
"context"
"path/filepath"
"testing"
"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
"github.com/openshift/library-go/pkg/controller/controllercmd"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/envtest"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
addonv1alpha1 "open-cluster-management.io/api/addon/v1alpha1"
clusterv1 "open-cluster-management.io/api/cluster/v1"
clusterv1beta1 "open-cluster-management.io/api/cluster/v1beta1"
workv1 "open-cluster-management.io/api/work/v1"
"open-cluster-management.io/ocm/test/integration/util"
)
var testEnv *envtest.Environment
var cfg *rest.Config
func TestAddonManager(t *testing.T) {
gomega.RegisterFailHandler(ginkgo.Fail)
ginkgo.RunSpecs(t, "Addon Manager Suite")
}
var _ = ginkgo.BeforeSuite(func() {
logf.SetLogger(zap.New(zap.WriteTo(ginkgo.GinkgoWriter), zap.UseDevMode(true)))
ginkgo.By("bootstrapping test environment")
var err error
// start a kube-apiserver
testEnv = &envtest.Environment{
ErrorIfCRDPathMissing: true,
CRDDirectoryPaths: []string{
filepath.Join("../../", "vendor", "open-cluster-management.io", "api", "work", "v1", "0000_00_work.open-cluster-management.io_manifestworks.crd.yaml"),
filepath.Join("../../", "vendor", "open-cluster-management.io", "api", "cluster", "v1"),
filepath.Join("../../", "vendor", "open-cluster-management.io", "api", "cluster", "v1beta1"),
filepath.Join("../../", "vendor", "open-cluster-management.io", "api", "addon", "v1alpha1"),
},
}
cfg, err = testEnv.Start()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
gomega.Expect(cfg).ToNot(gomega.BeNil())
err = workv1.Install(scheme.Scheme)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
err = clusterv1beta1.Install(scheme.Scheme)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
err = clusterv1.Install(scheme.Scheme)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
err = addonv1alpha1.Install(scheme.Scheme)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
})
var _ = ginkgo.AfterSuite(func() {
ginkgo.By("tearing down the test environment")
err := testEnv.Stop()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
})
var _ = ginkgo.Describe("start hub manager", func() {
ginkgo.It("start hub manager", func() {
ctx, stopHub := context.WithCancel(context.Background())
// start hub controller
go func() {
err := RunManager(ctx, &controllercmd.ControllerContext{
KubeConfig: cfg,
EventRecorder: util.NewIntegrationTestEventRecorder("integration"),
})
gomega.Expect(err).ToNot(gomega.HaveOccurred())
}()
stopHub()
})
})

72
pkg/operator/operators/clustermanager/options_test.go Normal file
View File

@@ -0,0 +1,72 @@
package clustermanager
import (
"context"
"path/filepath"
"testing"
"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
"github.com/openshift/library-go/pkg/controller/controllercmd"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/envtest"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
"open-cluster-management.io/ocm/test/integration/util"
)
var testEnv *envtest.Environment
var cfg *rest.Config
func TestClusterManager(t *testing.T) {
gomega.RegisterFailHandler(ginkgo.Fail)
ginkgo.RunSpecs(t, "ClusterManager Suite")
}
var _ = ginkgo.BeforeSuite(func() {
logf.SetLogger(zap.New(zap.WriteTo(ginkgo.GinkgoWriter), zap.UseDevMode(true)))
ginkgo.By("bootstrapping test environment")
var err error
// install operator CRDs and start a local kube-apiserver
testEnv = &envtest.Environment{
ErrorIfCRDPathMissing: true,
CRDDirectoryPaths: []string{
filepath.Join("../../../../", "deploy", "cluster-manager", "olm-catalog", "latest", "manifests"),
},
}
cfg, err = testEnv.Start()
cfg.QPS = 100
cfg.Burst = 200
gomega.Expect(err).ToNot(gomega.HaveOccurred())
gomega.Expect(cfg).ToNot(gomega.BeNil())
})
var _ = ginkgo.AfterSuite(func() {
ginkgo.By("tearing down the test environment")
err := testEnv.Stop()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
})
var _ = ginkgo.Describe("start cluster manager", func() {
ginkgo.It("start hub manager", func() {
ctx, stopHub := context.WithCancel(context.Background())
// start hub controller
go func() {
o := &Options{}
err := o.RunClusterManagerOperator(ctx, &controllercmd.ControllerContext{
KubeConfig: cfg,
EventRecorder: util.NewIntegrationTestEventRecorder("integration"),
OperatorNamespace: metav1.NamespaceDefault,
})
gomega.Expect(err).NotTo(gomega.HaveOccurred())
}()
stopHub()
})
})

70
pkg/operator/operators/klusterlet/options_test.go Normal file
View File

@@ -0,0 +1,70 @@
package klusterlet
import (
"context"
"path/filepath"
"testing"
"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
"github.com/openshift/library-go/pkg/controller/controllercmd"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/envtest"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
"open-cluster-management.io/ocm/test/integration/util"
)
var testEnv *envtest.Environment
var cfg *rest.Config
func TestKlusterlet(t *testing.T) {
gomega.RegisterFailHandler(ginkgo.Fail)
ginkgo.RunSpecs(t, "Klusterlet Suite")
}
var _ = ginkgo.BeforeSuite(func() {
logf.SetLogger(zap.New(zap.WriteTo(ginkgo.GinkgoWriter), zap.UseDevMode(true)))
ginkgo.By("bootstrapping test environment")
var err error
// install operator CRDs and start a local kube-apiserver
testEnv = &envtest.Environment{
ErrorIfCRDPathMissing: true,
CRDDirectoryPaths: []string{
filepath.Join("../../../../", "deploy", "klusterlet", "olm-catalog", "latest", "manifests"),
},
}
cfg, err = testEnv.Start()
cfg.QPS = 100
cfg.Burst = 200
gomega.Expect(err).ToNot(gomega.HaveOccurred())
gomega.Expect(cfg).ToNot(gomega.BeNil())
})
var _ = ginkgo.AfterSuite(func() {
ginkgo.By("tearing down the test environment")
err := testEnv.Stop()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
})
var _ = ginkgo.Describe("start klusterlet", func() {
ginkgo.It("start klusterlet", func() {
ctx, stopKlusterlet := context.WithCancel(context.Background())
// start hub controller
go func() {
o := &Options{EnableSyncLabels: true}
err := o.RunKlusterletOperator(ctx, &controllercmd.ControllerContext{
KubeConfig: cfg,
EventRecorder: util.NewIntegrationTestEventRecorder("integration"),
})
gomega.Expect(err).NotTo(gomega.HaveOccurred())
}()
stopKlusterlet()
})
})

80
pkg/placement/controllers/manager_test.go Normal file
View File

@@ -0,0 +1,80 @@
package hub
import (
"context"
"testing"
"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
"github.com/openshift/library-go/pkg/controller/controllercmd"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/envtest"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
clusterv1beta1 "open-cluster-management.io/api/cluster/v1beta1"
clusterv1beta2 "open-cluster-management.io/api/cluster/v1beta2"
"open-cluster-management.io/ocm/test/integration/util"
)
var testEnv *envtest.Environment
var cfg *rest.Config
var CRDPaths = []string{
"../../../vendor/open-cluster-management.io/api/cluster/v1/0000_00_clusters.open-cluster-management.io_managedclusters.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1alpha1/0000_05_clusters.open-cluster-management.io_addonplacementscores.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1beta2/0000_00_clusters.open-cluster-management.io_managedclustersets.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1beta2/0000_01_clusters.open-cluster-management.io_managedclustersetbindings.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1beta1/0000_02_clusters.open-cluster-management.io_placements.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1beta1/0000_03_clusters.open-cluster-management.io_placementdecisions.crd.yaml",
}
func TestPlacementManager(t *testing.T) {
gomega.RegisterFailHandler(ginkgo.Fail)
ginkgo.RunSpecs(t, "Placement Suite")
}
var _ = ginkgo.BeforeSuite(func() {
logf.SetLogger(zap.New(zap.WriteTo(ginkgo.GinkgoWriter), zap.UseDevMode(true)))
ginkgo.By("bootstrapping test environment")
var err error
// start a kube-apiserver
testEnv = &envtest.Environment{
ErrorIfCRDPathMissing: true,
CRDDirectoryPaths: CRDPaths,
}
cfg, err = testEnv.Start()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
gomega.Expect(cfg).ToNot(gomega.BeNil())
err = clusterv1beta2.Install(scheme.Scheme)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
err = clusterv1beta1.Install(scheme.Scheme)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
})
var _ = ginkgo.AfterSuite(func() {
ginkgo.By("tearing down the test environment")
err := testEnv.Stop()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
})
var _ = ginkgo.Describe("start hub manager", func() {
ginkgo.It("start hub manager", func() {
ctx, stopHub := context.WithCancel(context.Background())
// start hub controller
go func() {
err := RunControllerManager(ctx, &controllercmd.ControllerContext{
KubeConfig: cfg,
EventRecorder: util.NewIntegrationTestEventRecorder("integration"),
})
gomega.Expect(err).ToNot(gomega.HaveOccurred())
}()
stopHub()
})
})

101
pkg/registration/hub/manager_test.go Normal file
View File

@@ -0,0 +1,101 @@
package hub
import (
"context"
"testing"
"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
"github.com/openshift/library-go/pkg/controller/controllercmd"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/envtest"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
clusterv1 "open-cluster-management.io/api/cluster/v1"
ocmfeature "open-cluster-management.io/api/feature"
"open-cluster-management.io/ocm/pkg/features"
"open-cluster-management.io/ocm/test/integration/util"
)
var testEnv *envtest.Environment
var cfg *rest.Config
var CRDPaths = []string{
// hub
"../../../vendor/open-cluster-management.io/api/cluster/v1/0000_00_clusters.open-cluster-management.io_managedclusters.crd.yaml",
"../../../vendor/open-cluster-management.io/api/work/v1/0000_00_work.open-cluster-management.io_manifestworks.crd.yaml",
"../../../vendor/open-cluster-management.io/api/addon/v1alpha1/0000_01_addon.open-cluster-management.io_managedclusteraddons.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1beta2/0000_00_clusters.open-cluster-management.io_managedclustersets.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1beta2/0000_01_clusters.open-cluster-management.io_managedclustersetbindings.crd.yaml",
}
func TestManager(t *testing.T) {
gomega.RegisterFailHandler(ginkgo.Fail)
ginkgo.RunSpecs(t, "Manager Suite")
}
var _ = ginkgo.BeforeSuite(func() {
logf.SetLogger(zap.New(zap.WriteTo(ginkgo.GinkgoWriter), zap.UseDevMode(true)))
ginkgo.By("bootstrapping test environment")
var err error
// install cluster CRD and start a local kube-apiserver
gomega.Expect(err).ToNot(gomega.HaveOccurred())
testEnv = &envtest.Environment{
ErrorIfCRDPathMissing: true,
CRDDirectoryPaths: CRDPaths,
}
cfg, err = testEnv.Start()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
gomega.Expect(cfg).ToNot(gomega.BeNil())
err = features.SpokeMutableFeatureGate.Add(ocmfeature.DefaultSpokeRegistrationFeatureGates)
gomega.Expect(err).ToNot(gomega.HaveOccurred())
err = features.HubMutableFeatureGate.Add(ocmfeature.DefaultHubRegistrationFeatureGates)
gomega.Expect(err).ToNot(gomega.HaveOccurred())
err = clusterv1.Install(scheme.Scheme)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
// enable DefaultClusterSet feature gate
err = features.HubMutableFeatureGate.Set("DefaultClusterSet=true")
gomega.Expect(err).ToNot(gomega.HaveOccurred())
// enable ManagedClusterAutoApproval feature gate
err = features.HubMutableFeatureGate.Set("ManagedClusterAutoApproval=true")
gomega.Expect(err).NotTo(gomega.HaveOccurred())
// enable resourceCleanup feature gate
err = features.HubMutableFeatureGate.Set("ResourceCleanup=true")
gomega.Expect(err).NotTo(gomega.HaveOccurred())
})
var _ = ginkgo.AfterSuite(func() {
ginkgo.By("tearing down the test environment")
err := testEnv.Stop()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
})
var _ = ginkgo.Describe("start hub manager", func() {
ginkgo.It("start hub manager", func() {
ctx, stopHub := context.WithCancel(context.Background())
m := NewHubManagerOptions()
m.ClusterAutoApprovalUsers = []string{util.AutoApprovalBootstrapUser}
go func() {
err := m.RunControllerManager(ctx, &controllercmd.ControllerContext{
KubeConfig: cfg,
EventRecorder: util.NewIntegrationTestEventRecorder("hub"),
})
gomega.Expect(err).NotTo(gomega.HaveOccurred())
}()
stopHub()
})
})

81
pkg/work/hub/manager_test.go Normal file
View File

@@ -0,0 +1,81 @@
package hub
import (
"context"
"testing"
"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
"github.com/openshift/library-go/pkg/controller/controllercmd"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/envtest"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
workapiv1 "open-cluster-management.io/api/work/v1"
"open-cluster-management.io/ocm/test/integration/util"
)
var testEnv *envtest.Environment
var sourceConfigFileName string
var cfg *rest.Config
var CRDPaths = []string{
// hub
"../../../vendor/open-cluster-management.io/api/work/v1/0000_00_work.open-cluster-management.io_manifestworks.crd.yaml",
"../../../vendor/open-cluster-management.io/api/work/v1alpha1/0000_00_work.open-cluster-management.io_manifestworkreplicasets.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1beta1/0000_02_clusters.open-cluster-management.io_placements.crd.yaml",
"../../../vendor/open-cluster-management.io/api/cluster/v1beta1/0000_03_clusters.open-cluster-management.io_placementdecisions.crd.yaml",
}
func TestWorkManager(t *testing.T) {
gomega.RegisterFailHandler(ginkgo.Fail)
ginkgo.RunSpecs(t, "Work Manager Suite")
}
var _ = ginkgo.BeforeSuite(func() {
logf.SetLogger(zap.New(zap.WriteTo(ginkgo.GinkgoWriter), zap.UseDevMode(true)))
ginkgo.By("bootstrapping test environment")
var err error
// start a kube-apiserver
testEnv = &envtest.Environment{
ErrorIfCRDPathMissing: true,
CRDDirectoryPaths: CRDPaths,
}
cfg, err = testEnv.Start()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
gomega.Expect(cfg).ToNot(gomega.BeNil())
err = workapiv1.Install(scheme.Scheme)
gomega.Expect(err).NotTo(gomega.HaveOccurred())
})
var _ = ginkgo.AfterSuite(func() {
ginkgo.By("tearing down the test environment")
err := testEnv.Stop()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
})
var _ = ginkgo.Describe("start hub manager", func() {
ginkgo.It("start hub manager", func() {
ctx, stopHub := context.WithCancel(context.Background())
opts := NewWorkHubManagerOptions()
opts.WorkDriver = "kube"
opts.WorkDriverConfig = sourceConfigFileName
hubConfig := NewWorkHubManagerConfig(opts)
// start hub controller
go func() {
err := hubConfig.RunWorkHubManager(ctx, &controllercmd.ControllerContext{
KubeConfig: cfg,
EventRecorder: util.NewIntegrationTestEventRecorder("hub"),
})
gomega.Expect(err).NotTo(gomega.HaveOccurred())
}()
stopHub()
})
})

2
test/integration-test.mk
View File

@@ -2,7 +2,7 @@ TEST_TMP :=/tmp
export KUBEBUILDER_ASSETS ?=$(TEST_TMP)/kubebuilder/bin
K8S_VERSION ?=1.29.3
K8S_VERSION ?=1.30.0
KB_TOOLS_ARCHIVE_NAME :=kubebuilder-tools-$(K8S_VERSION)-$(GOHOSTOS)-$(GOHOSTARCH).tar.gz
KB_TOOLS_ARCHIVE_PATH := $(TEST_TMP)/$(KB_TOOLS_ARCHIVE_NAME)

13
vendor/github.com/evanphx/json-patch/v5/internal/json/encode.go generated vendored
View File

@@ -167,6 +167,19 @@ func Marshal(v any) ([]byte, error) {
return buf, nil
}
func MarshalEscaped(v any, escape bool) ([]byte, error) {
e := newEncodeState()
defer encodeStatePool.Put(e)
err := e.marshal(v, encOpts{escapeHTML: escape})
if err != nil {
return nil, err
}
buf := append([]byte(nil), e.Bytes()...)
return buf, nil
}
// MarshalIndent is like Marshal but applies Indent to format the output.
// Each JSON element in the output will begin on a new line beginning with prefix
// followed by one or more copies of indent according to the indentation nesting.

24
vendor/github.com/evanphx/json-patch/v5/internal/json/stream.go generated vendored
View File

@@ -6,7 +6,7 @@ package json
import (
"bytes"
"errors"
"encoding/json"
"io"
)
@@ -259,27 +259,7 @@ func (enc *Encoder) SetEscapeHTML(on bool) {
// RawMessage is a raw encoded JSON value.
// It implements Marshaler and Unmarshaler and can
// be used to delay JSON decoding or precompute a JSON encoding.
type RawMessage []byte
// MarshalJSON returns m as the JSON encoding of m.
func (m RawMessage) MarshalJSON() ([]byte, error) {
if m == nil {
return []byte("null"), nil
}
return m, nil
}
// UnmarshalJSON sets *m to a copy of data.
func (m *RawMessage) UnmarshalJSON(data []byte) error {
if m == nil {
return errors.New("json.RawMessage: UnmarshalJSON on nil pointer")
}
*m = append((*m)[0:0], data...)
return nil
}
var _ Marshaler = (*RawMessage)(nil)
var _ Unmarshaler = (*RawMessage)(nil)
type RawMessage = json.RawMessage
// A Token holds a value of one of these types:
//

52
vendor/github.com/evanphx/json-patch/v5/merge.go generated vendored
View File

@@ -10,26 +10,26 @@ import (
"github.com/evanphx/json-patch/v5/internal/json"
)
func merge(cur, patch *lazyNode, mergeMerge bool) *lazyNode {
curDoc, err := cur.intoDoc()
func merge(cur, patch *lazyNode, mergeMerge bool, options *ApplyOptions) *lazyNode {
curDoc, err := cur.intoDoc(options)
if err != nil {
pruneNulls(patch)
pruneNulls(patch, options)
return patch
}
patchDoc, err := patch.intoDoc()
patchDoc, err := patch.intoDoc(options)
if err != nil {
return patch
}
mergeDocs(curDoc, patchDoc, mergeMerge)
mergeDocs(curDoc, patchDoc, mergeMerge, options)
return cur
}
func mergeDocs(doc, patch *partialDoc, mergeMerge bool) {
func mergeDocs(doc, patch *partialDoc, mergeMerge bool, options *ApplyOptions) {
for k, v := range patch.obj {
if v == nil {
if mergeMerge {
@@ -45,55 +45,55 @@ func mergeDocs(doc, patch *partialDoc, mergeMerge bool) {
}
doc.obj[k] = nil
} else {
_ = doc.remove(k, &ApplyOptions{})
_ = doc.remove(k, options)
}
} else {
cur, ok := doc.obj[k]
if !ok || cur == nil {
if !mergeMerge {
pruneNulls(v)
pruneNulls(v, options)
}
_ = doc.set(k, v, &ApplyOptions{})
_ = doc.set(k, v, options)
} else {
_ = doc.set(k, merge(cur, v, mergeMerge), &ApplyOptions{})
_ = doc.set(k, merge(cur, v, mergeMerge, options), options)
}
}
}
}
func pruneNulls(n *lazyNode) {
sub, err := n.intoDoc()
func pruneNulls(n *lazyNode, options *ApplyOptions) {
sub, err := n.intoDoc(options)
if err == nil {
pruneDocNulls(sub)
pruneDocNulls(sub, options)
} else {
ary, err := n.intoAry()
if err == nil {
pruneAryNulls(ary)
pruneAryNulls(ary, options)
}
}
}
func pruneDocNulls(doc *partialDoc) *partialDoc {
func pruneDocNulls(doc *partialDoc, options *ApplyOptions) *partialDoc {
for k, v := range doc.obj {
if v == nil {
_ = doc.remove(k, &ApplyOptions{})
} else {
pruneNulls(v)
pruneNulls(v, options)
}
}
return doc
}
func pruneAryNulls(ary *partialArray) *partialArray {
func pruneAryNulls(ary *partialArray, options *ApplyOptions) *partialArray {
newAry := []*lazyNode{}
for _, v := range ary.nodes {
if v != nil {
pruneNulls(v)
pruneNulls(v, options)
}
newAry = append(newAry, v)
}
@@ -128,11 +128,17 @@ func doMergePatch(docData, patchData []byte, mergeMerge bool) ([]byte, error) {
return nil, errBadJSONPatch
}
doc := &partialDoc{}
options := NewApplyOptions()
doc := &partialDoc{
opts: options,
}
docErr := doc.UnmarshalJSON(docData)
patch := &partialDoc{}
patch := &partialDoc{
opts: options,
}
patchErr := patch.UnmarshalJSON(patchData)
@@ -158,7 +164,7 @@ func doMergePatch(docData, patchData []byte, mergeMerge bool) ([]byte, error) {
if mergeMerge {
doc = patch
} else {
doc = pruneDocNulls(patch)
doc = pruneDocNulls(patch, options)
}
} else {
patchAry := &partialArray{}
@@ -172,7 +178,7 @@ func doMergePatch(docData, patchData []byte, mergeMerge bool) ([]byte, error) {
return nil, errBadJSONPatch
}
pruneAryNulls(patchAry)
pruneAryNulls(patchAry, options)
out, patchErr := json.Marshal(patchAry.nodes)
@@ -183,7 +189,7 @@ func doMergePatch(docData, patchData []byte, mergeMerge bool) ([]byte, error) {
return out, nil
}
} else {
mergeDocs(doc, patch, mergeMerge)
mergeDocs(doc, patch, mergeMerge, options)
}
return json.Marshal(doc)

68
vendor/github.com/evanphx/json-patch/v5/patch.go generated vendored
View File

@@ -38,6 +38,8 @@ var (
ErrInvalid = errors.New("invalid state detected")
ErrInvalidIndex = errors.New("invalid index referenced")
ErrExpectedObject = errors.New("invalid value, expected object")
rawJSONArray = []byte("[]")
rawJSONObject = []byte("{}")
rawJSONNull = []byte("null")
@@ -60,6 +62,8 @@ type partialDoc struct {
self *lazyNode
keys []string
obj map[string]*lazyNode
opts *ApplyOptions
}
type partialArray struct {
@@ -90,6 +94,8 @@ type ApplyOptions struct {
// EnsurePathExistsOnAdd instructs json-patch to recursively create the missing parts of path on "add" operation.
// Default to false.
EnsurePathExistsOnAdd bool
EscapeHTML bool
}
// NewApplyOptions creates a default set of options for calls to ApplyWithOptions.
@@ -99,6 +105,7 @@ func NewApplyOptions() *ApplyOptions {
AccumulatedCopySizeLimit: AccumulatedCopySizeLimit,
AllowMissingPathOnRemove: false,
EnsurePathExistsOnAdd: false,
EscapeHTML: true,
}
}
@@ -134,16 +141,28 @@ func (n *lazyNode) UnmarshalJSON(data []byte) error {
}
func (n *partialDoc) TrustMarshalJSON(buf *bytes.Buffer) error {
if n.obj == nil {
return ErrExpectedObject
}
if err := buf.WriteByte('{'); err != nil {
return err
}
escaped := true
// n.opts should always be set, but in case we missed a case,
// guard.
if n.opts != nil {
escaped = n.opts.EscapeHTML
}
for i, k := range n.keys {
if i > 0 {
if err := buf.WriteByte(','); err != nil {
return err
}
}
key, err := json.Marshal(k)
key, err := json.MarshalEscaped(k, escaped)
if err != nil {
return err
}
@@ -153,7 +172,7 @@ func (n *partialDoc) TrustMarshalJSON(buf *bytes.Buffer) error {
if err := buf.WriteByte(':'); err != nil {
return err
}
value, err := json.Marshal(n.obj[k])
value, err := json.MarshalEscaped(n.obj[k], escaped)
if err != nil {
return err
}
@@ -194,11 +213,11 @@ func (n *partialArray) RedirectMarshalJSON() (interface{}, error) {
return n.nodes, nil
}
func deepCopy(src *lazyNode) (*lazyNode, int, error) {
func deepCopy(src *lazyNode, options *ApplyOptions) (*lazyNode, int, error) {
if src == nil {
return nil, 0, nil
}
a, err := json.Marshal(src)
a, err := json.MarshalEscaped(src, options.EscapeHTML)
if err != nil {
return nil, 0, err
}
@@ -216,7 +235,7 @@ func (n *lazyNode) nextByte() byte {
return s[0]
}
func (n *lazyNode) intoDoc() (*partialDoc, error) {
func (n *lazyNode) intoDoc(options *ApplyOptions) (*partialDoc, error) {
if n.which == eDoc {
return n.doc, nil
}
@@ -235,6 +254,7 @@ func (n *lazyNode) intoDoc() (*partialDoc, error) {
return nil, ErrInvalid
}
n.doc.opts = options
if err != nil {
return nil, err
}
@@ -545,7 +565,7 @@ func findObject(pd *container, path string, options *ApplyOptions) (container, s
return nil, ""
}
} else {
doc, err = next.intoDoc()
doc, err = next.intoDoc(options)
if err != nil {
return nil, ""
@@ -557,6 +577,10 @@ func findObject(pd *container, path string, options *ApplyOptions) (container, s
}
func (d *partialDoc) set(key string, val *lazyNode, options *ApplyOptions) error {
if d.obj == nil {
return ErrExpectedObject
}
found := false
for _, k := range d.keys {
if k == key {
@@ -579,6 +603,11 @@ func (d *partialDoc) get(key string, options *ApplyOptions) (*lazyNode, error) {
if key == "" {
return d.self, nil
}
if d.obj == nil {
return nil, ErrExpectedObject
}
v, ok := d.obj[key]
if !ok {
return v, errors.Wrapf(ErrMissing, "unable to get nonexistent key: %s", key)
@@ -587,6 +616,10 @@ func (d *partialDoc) get(key string, options *ApplyOptions) (*lazyNode, error) {
}
func (d *partialDoc) remove(key string, options *ApplyOptions) error {
if d.obj == nil {
return ErrExpectedObject
}
_, ok := d.obj[key]
if !ok {
if options.AllowMissingPathOnRemove {
@@ -750,6 +783,7 @@ func (p Patch) add(doc *container, op Operation, options *ApplyOptions) error {
} else {
pd = &partialDoc{
self: val,
opts: options,
}
}
@@ -855,7 +889,7 @@ func ensurePathExists(pd *container, path string, options *ApplyOptions) error {
newNode := newLazyNode(newRawMessage(rawJSONObject))
doc.add(part, newNode, options)
doc, err = newNode.intoDoc()
doc, err = newNode.intoDoc(options)
if err != nil {
return err
}
@@ -868,7 +902,7 @@ func ensurePathExists(pd *container, path string, options *ApplyOptions) error {
return err
}
} else {
doc, err = target.intoDoc()
doc, err = target.intoDoc(options)
if err != nil {
return err
@@ -954,6 +988,8 @@ func (p Patch) replace(doc *container, op Operation, options *ApplyOptions) erro
if !val.tryAry() {
return errors.Wrapf(err, "replace operation value must be object or array")
}
} else {
val.doc.opts = options
}
}
@@ -1115,7 +1151,7 @@ func (p Patch) copy(doc *container, op Operation, accumulatedCopySize *int64, op
return errors.Wrapf(ErrMissing, "copy operation does not apply: doc is missing destination path: %s", path)
}
valCopy, sz, err := deepCopy(val)
valCopy, sz, err := deepCopy(val, options)
if err != nil {
return errors.Wrapf(err, "error while performing deep copy")
}
@@ -1202,6 +1238,7 @@ func (p Patch) ApplyIndentWithOptions(doc []byte, indent string, options *ApplyO
} else {
pd = &partialDoc{
self: self,
opts: options,
}
}
@@ -1238,11 +1275,18 @@ func (p Patch) ApplyIndentWithOptions(doc []byte, indent string, options *ApplyO
}
}
if indent != "" {
return json.MarshalIndent(pd, "", indent)
data, err := json.MarshalEscaped(pd, options.EscapeHTML)
if err != nil {
return nil, err
}
return json.Marshal(pd)
if indent == "" {
return data, nil
}
var buf bytes.Buffer
json.Indent(&buf, data, "", indent)
return buf.Bytes(), nil
}
// From http://tools.ietf.org/html/rfc6901#section-4 :

3
vendor/github.com/google/cel-go/checker/cost.go generated vendored
View File

@@ -520,6 +520,9 @@ func (c *coster) costComprehension(e *exprpb.Expr) CostEstimate {
c.iterRanges.pop(comp.GetIterVar())
sum = sum.Add(c.cost(comp.Result))
rangeCnt := c.sizeEstimate(c.newAstNode(comp.GetIterRange()))
c.computedSizes[e.GetId()] = rangeCnt
rangeCost := rangeCnt.MultiplyByCost(stepCost.Add(loopCost))
sum = sum.Add(rangeCost)

2
vendor/github.com/openshift/api/.ci-operator.yaml generated vendored
View File

@@ -1,4 +1,4 @@
build_root_image:
name: release
namespace: openshift
tag: rhel-8-release-golang-1.20-openshift-4.14
tag: rhel-9-release-golang-1.22-openshift-4.17

3
vendor/github.com/openshift/api/Dockerfile.rhel8 generated vendored
View File

@@ -1,4 +1,4 @@
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.20-openshift-4.16 AS builder
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.22-openshift-4.17 AS builder
WORKDIR /go/src/github.com/openshift/api
COPY . .
ENV GO_PACKAGE github.com/openshift/api
@@ -17,6 +17,7 @@ COPY payload-manifests/crds/* /usr/share/bootkube/manifests/manifests
# these are applied by the CVO
COPY manifests /manifests
COPY payload-manifests/crds/* /manifests
COPY payload-manifests/featuregates/* /manifests
COPY payload-command/empty-resources /manifests
LABEL io.openshift.release.operator true

13
vendor/github.com/openshift/api/Makefile generated vendored
View File

@@ -4,7 +4,7 @@ all: build
update: update-codegen-crds
RUNTIME ?= podman
RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.20-openshift-4.14
RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.22-openshift-4.17
EXCLUDE_DIRS := _output/ dependencymagnet/ hack/ third_party/ tls/ tools/ vendor/ tests/
GO_PACKAGES :=$(addsuffix ...,$(addprefix ./,$(filter-out $(EXCLUDE_DIRS), $(wildcard */))))
@@ -50,6 +50,8 @@ verify-scripts:
bash -x hack/verify-group-versions.sh
bash -x hack/verify-prerelease-lifecycle-gen.sh
hack/verify-payload-crds.sh
hack/verify-payload-featuregates.sh
hack/verify-promoted-features-pass-tests.sh
.PHONY: verify
verify: verify-scripts verify-crd-schema verify-codegen-crds
@@ -77,7 +79,7 @@ verify-%:
################################################################################################
.PHONY: update-scripts
update-scripts: update-compatibility update-openapi update-deepcopy update-protobuf update-swagger-docs tests-vendor update-prerelease-lifecycle-gen update-payload-crds
update-scripts: update-compatibility update-openapi update-deepcopy update-protobuf update-swagger-docs tests-vendor update-prerelease-lifecycle-gen update-payload-crds update-payload-featuregates
.PHONY: update-compatibility
update-compatibility:
@@ -107,6 +109,10 @@ update-prerelease-lifecycle-gen:
update-payload-crds:
hack/update-payload-crds.sh
.PHONY: update-payload-featuregates
update-payload-featuregates:
hack/update-payload-featuregates.sh
#####################
#
# END: Update scripts
@@ -148,7 +154,8 @@ write-available-featuresets:
.PHONY: clean
clean:
rm render write-available-featuresets
rm -f render write-available-featuresets models-schema
rm -rf tools/_output
VERSION ?= $(shell git describe --always --abbrev=7)
MUTABLE_TAG ?= latest

259
vendor/github.com/openshift/api/README.md generated vendored
View File

@@ -3,6 +3,107 @@ The canonical location of the OpenShift API definition.
This repo holds the API type definitions and serialization code used by [openshift/client-go](https://github.com/openshift/client-go)
APIs in this repo ship inside OCP payloads.
## Adding new FeatureGates
Add your FeatureGate to feature_gates.go.
The threshold for merging a fully disabled or TechPreview FeatureGate is an open enhancement.
To promote to Default on any ClusterProfile, the threshold is 99% passing tests on all platforms or QE sign off.
### Adding new TechPreview FeatureGate to all ClusterProfiles (Hypershift and SelfManaged)
```go
FeatureGateMyFeatureName = newFeatureGate("MyFeatureName").
reportProblemsToJiraComponent("my-jira-component").
contactPerson("my-team-lead").
productScope(ocpSpecific).
enableIn(TechPreviewNoUpgrade).
mustRegister()
```
### Adding new TechPreview FeatureGate to all only Hypershift
This will be enabled in TechPreview on Hypershift, but never enabled on SelfManaged
```go
FeatureGateMyFeatureName = newFeatureGate("MyFeatureName").
reportProblemsToJiraComponent("my-jira-component").
contactPerson("my-team-lead").
productScope(ocpSpecific).
enableForClusterProfile(Hypershift, TechPreviewNoUpgrade).
mustRegister()
```
### Promoting to Default, but only on Hypershift
This will be enabled in TechPreview on all ClusterProfiles and also by Default on Hypershift.
It will be disabled in Default on SelfManaged.
```go
FeatureGateMyFeatureName = newFeatureGate("MyFeatureName").
reportProblemsToJiraComponent("my-jira-component").
contactPerson("my-team-lead").
productScope([ocpSpecific|kubernetes]).
enableIn(TechPreviewNoUpgrade).
enableForClusterProfile(Hypershift, Default).
mustRegister()
```
### Promoting to Default on all ClusterProfiles
```go
FeatureGateMyFeatureName = newFeatureGate("MyFeatureName").
reportProblemsToJiraComponent("my-jira-component").
contactPerson("my-team-lead").
productScope([ocpSpecific|kubernetes]).
enableIn(Default, TechPreviewNoUpgrade).
mustRegister()
```
### defining API validation tests
Tests are logically associated with FeatureGates.
When adding any FeatureGated functionality a new test file is required.
The test files are located in `<group>/<version>/tests/<crd-name>/FeatureGate.yaml`:
```
route/
v1/
tests/
routes.route.openshift.io/
AAA_ungated.yaml
ExternalRouteCertificate.yaml
```
Here's an `AAA_ungated.yaml` example:
```yaml
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this.
name: Route
crdName: routes.route.openshift.io
tests:
```
Here's an `ExternalRouteCertificate.yaml` example:
```yaml
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this.
name: Route
crdName: routes.route.openshift.io
featureGate: ExternalRouteCertificate
tests:
```
The integration tests use the crdName and featureGate to determine which tests apply to which manifests and automatically
react to changes when the FeatureGates are enabled/disabled on various FeatureSets and ClusterProfiles.
[`gen-minimal-test.sh`](tests/hack/gen-minimal-test.sh) can still function to stub out files if you don't want to
copy/paste an existing one.
### defining FeatureGate e2e tests
In order to move an API into the `Default` FeatureSet, it is necessary to demonstrate completeness and reliability.
E2E tests are the ONLY category of test that automatically prevents regression over time: repository presubmits do NOT provide equivalent protection.
To confirm this, there is an automated verify script that runs every time a FeatureGate is added to the `Default` FeatureSet.
The script queries our CI system (sippy/component readiness) to retrieve a list of all automated tests for a given FeatureGate
and then enforces the following rules.
1. Tests must contain either `[OCPFeatureGate:<FeatureGateName>]` or the standard upstream `[FeatureGate:<FeatureGateName>]`.
2. There must be at least five tests for each FeatureGate.
3. Every test must be run on every TechPreview platform we have jobs for. (Ask for an exception if your feature doesn't support a variant.)
4. Every test must run at least 14 times on every platform/variant.
5. Every test must pass at least 95% of the time on every platform/variant.
If your FeatureGate lacks automated testing, there is an exception process that allows QE to sign off on the promotion by
commenting on the PR.
## defining new APIs
When defining a new API, please follow [the OpenShift API
@@ -10,6 +111,89 @@ conventions](https://github.com/openshift/enhancements/blob/master/CONVENTIONS.m
and then follow the instructions below to regenerate CRDs (if necessary) and
submit a pull request with your new API definitions and generated files.
### Adding a new stable API (v1)
When copying, it matters which `// +foo` markers are two comments blocks up and which are one comment block up.
```go
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// the next line of whitespace matters
// MyAPI is amazing, let me describe it!
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=my-operator,operatorOrdering=01
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=myapis,scope=Cluster
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/<this PR number>
// +openshift:capability=IfYouHaveOne
// +kubebuilder:printcolumn:name=Column Name,JSONPath=.status.something,type=string,description=how users should interpret this.
// +kubebuilder:metadata:annotations=key=value
// +kubebuilder:metadata:labels=key=value
// +kubebuilder:validation:XValidation:rule=
type MyAPI struct {
metav1.TypeMeta `json:",inline"`
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ObjectMeta `json:"metadata,omitempty"`
// spec is the desired state of the cluster version - the operator will work
// to ensure that the desired version is applied to the cluster.
// +kubebuilder:validation:Required
Spec MyAPISpec `json:"spec"`
// status contains information about the available updates and any in-progress
// updates.
// +optional
Status MyAPIStatus `json:"status"`
}
```
### Adding a new unstable API (v1alpha)
First, add a FeatureGate as described above.
Like above, but there's an additional
```go
// +kubebuilder:validation:XValidation:rule=
// +openshift:enable:FeatureGate=MyFeatureGate
type MyAPI struct {
...
}
```
### Adding new fields
Here are few other use-cases for convenience, but have a look in `./example` for other possibilities.
```go
// +openshift:validation:FeatureGateAwareXValidation:featureGate=MyFeatureGate,rule="has(oldSelf.coolNewField) ? has(self.coolNewField) : true",message="coolNewField may not be removed once set"
type MyAPI struct {
// +openshift:enable:FeatureGate=MyFeatureGate
// +optional
CoolNewField string `json:"coolNewField"`
}
// EvolvingDiscriminator defines the audit policy profile type.
// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="";StableValue
// +openshift:validation:FeatureGateAwareEnum:featureGate=MyFeatureGate,enum="";StableValue;TechPreviewOnlyValue
type EvolvingDiscriminator string
const (
// "StableValue" is always present.
StableValue EvolvingDiscriminator = "StableValue"
// "TechPreviewOnlyValue" should only be allowed when TechPreviewNoUpgrade is set in the cluster
TechPreviewOnlyValue EvolvingDiscriminator = "TechPreviewOnlyValue"
)
```
### required labels
In addition to the standard `lgtm` and `approved` labels this repository requires either:
@@ -40,6 +224,18 @@ No, signing a team up to be a no-FF team includes some basic education on the pr
participants are aware the team is moving to that model. If you'd like to sign your team up, please speak with Gina Hargan who will
be happy to help on-board your team.
## vendoring generated manifests into other repositories
If your repository relies on vendoring and copying CRD manifests (good job!), you'll need have an import line that
depends on the package that contains the CRD manifests.
For example, adding
```go
import (
_ "github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests"
)
```
to any .go file will work, but some commonly chosen files are `tools/tools.go` or `pkg/dependencymagnet/doc.go`.
Once added, a `go mod vendor` will pick up the package containing the manifests for you to copy.
## generating CRD schemas
Since Kubernetes 1.16, every CRD created in `apiextensions.k8s.io/v1` is required to have a [structural OpenAPIV3 schema](https://kubernetes.io/blog/2019/06/20/crd-structural-schema/). The schemas provide server-side validation for fields, as well as providing the descriptions for `oc explain`. Moreover, schemas ensure structural consistency of data in etcd. Without it anything can be stored in a resource which can have security implications. As we host many of our CRDs in this repo along with their corresponding Go types we also require them to have schemas. However, the following instructions apply for CRDs that are not hosted here as well.
@@ -78,13 +274,60 @@ After this, calling `make update-codegen-crds` should generate a new structural
For more information on the API markers to add to your Go types, see the [Kubebuilder book](https://book.kubebuilder.io/reference/markers.html)
### Post-schema-generation Patches
### Order of generation
`make update-codegen-crds` does roughly this:
Schema generation features might be limited or fall behind what CRD schemas supports in the latest Kubernetes version.
To work around this, there are two patch mechanisms implemented by the `add-crd-gen` target. Basic idea is that you
place a patch file next to the CRD yaml manifest with either `yaml-merge-patch` or `yaml-patch` as extension,
but with the same base name. The `update-codegen-crds` Makefile target will apply these **after** calling
kubebuilder's controller-gen:
1. Run the `empty-partial-schema` tool. This creates empty CRD manifests in `zz_generated.featuregated-crd-manifests` for each FeatureGate.
2. Run the `schemapatch` tool. This fills in the schema for each per-FeatureGate CRD manifest.
3. Run the `manifest-merge` tool. This combines all the per-FeatureGate CRD manifests and `manual-overrides`
#### empty-partial-schema
This tool is gengo based and scans all types for a `// +kubebuilder:object:root=true` marker.
For each type match, the type is navigated and all tags that include a `featureGate`
(`// +openshift:enable:FeatureGate`, `// +openshift:validation:FeatureGateAwareEnum`, and `// +openshift:validation:FeatureGateAwareXValidation`)
are tracked.
For each type, for each FeatureGate, a file CRD manifest is created in `zz_generated.featuregated-crd-manifests`.
The most common kube-builder tags are re-implemented in this stage to fill in the non-schema portion of the CRD manifests.
This includes things like metadata, resource, and some custom openshift tags as well.
The generator ignores the schema when doing verify, so it doesn't fail on needing to run `schemapatch`.
The generator should clean up old FeatureGated manifests when the gate is removed.
Ungated files are created for resources that are sometimes ungated.
Annotations are injected to indicate which FeatureGate a manifest is for: this is later read by `schemapatch` and `manifest-merge`.
#### schemapatch
This tool is kubebuilder based with patches to handle FeatureGated types, members, and validation.
It reads the injected annotation from `empty-partial-schema` to decide which FeatureGate should be considered enabled when
creating the schema that needs to be injected.
It has no knowledge of whether the FeatureGate is enabled or disabled in particular ClusterProfile,FeatureSet tuples.
It only needs a single pass over all the FeatureGated partial manifests.
If the schema generation isn't doing what you want, `manual-override-crd-manifests` allows partially overlaying bits of the CRD manifest.
`yamlpatch` is no longer supported.
The format is just "write the CRD you want and delete the stuff the generator sets properly".
More specifically, it is the partial manifest that server-side-apply (structured merge diff) would properly merge on top of
the CRD that is generated otherwise.
Caveat, you cannot test this with a kube-apiserver because the CRD schema uses atomic lists and we had to patch that
schema to indicate map lists keyed by version.
#### manifest-merge
This tool is gengo based and it combines the files in `zz_generated.featuregated-crd-manifests` and `manual-override-crd-manifests`
on a per ClusterProfile,FeatureSet tuple.
This tool takes as input all possible ClusterProfiles and all possible FeatureSets.
It then maps from ClusterProfile,FeatureSet tuple to the set of enabled and disabled FeatureGates.
Then for each CRD,ClusterProfile,Feature tuple, it merges the pertinent input using structured-merge-diff (SSA) logic
based on the CRD schema plus a patch to make atomic fields map-lists.
Pertinence is determined based on
1. does this manifest have preferred ClusterProfile annotations: if so, honor them; if not, include everywhere.
2. does this manifest have FeatureGate annotations: if so, match against the enabled set for the ClusterProfile,FeatureSet tuple.
Note that CustomNoUpgrade selects everything
Once we have CRD for each ClusterProfile,FeatureSet tuple we choose what to serialize.
This roughly follows:
1. if all the CRDs are the same, write a single file and annotate with no FeatureSet and every ClusterProfile. Done.
2. if all the CRDs are the same across all ClusterProfiles for each FeatureSet, create one file per FeatureSet and
annotate with one FeatureSet and all ClusterProfiles. Done.
3. if all the CRDs are the same across all FeatureSets for one ClusterProfile, create one file and annotate
with no FeatureSet and one ClusterProfile. Continue to 4.
4. for all remaining ClusterProfile,FeatureSet tuples, serialize a file with one FeatureSet and one ClusterProfile.
- `yaml-merge-patch`: these are applied via `yq m -x <yaml-file> <patch-file>` compare https://mikefarah.gitbook.io/yq/commands/merge#overwrite-values.
- `yaml-patch`: these are applied via `yaml-patch -o <patch-file> < <yaml-file>` using https://github.com/krishicks/yaml-patch.

254
vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml generated vendored
View File

@@ -1,254 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/897
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: apirequestcounts.apiserver.openshift.io
spec:
group: apiserver.openshift.io
names:
kind: APIRequestCount
listKind: APIRequestCountList
plural: apirequestcounts
singular: apirequestcount
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: RemovedInRelease
type: string
description: Release in which an API will be removed.
jsonPath: .status.removedInRelease
- name: RequestsInCurrentHour
type: integer
description: Number of requests in the current hour.
jsonPath: .status.currentHour.requestCount
- name: RequestsInLast24h
type: integer
description: Number of requests in the last 24h.
jsonPath: .status.requestCount
"schema":
"openAPIV3Schema":
description: "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec defines the characteristics of the resource.
type: object
properties:
numberOfUsersToReport:
description: numberOfUsersToReport is the number of users to include in the report. If unspecified or zero, the default is ten. This is default is subject to change.
type: integer
format: int64
default: 10
maximum: 100
minimum: 0
status:
description: status contains the observed state of the resource.
type: object
properties:
conditions:
description: conditions contains details of the current status of this API Resource.
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
currentHour:
description: currentHour contains request history for the current hour. This is porcelain to make the API easier to read by humans seeing if they addressed a problem. This field is reset on the hour.
type: object
properties:
byNode:
description: byNode contains logs of requests per node.
type: array
maxItems: 512
items:
description: PerNodeAPIRequestLog contains logs of requests to a certain node.
type: object
properties:
byUser:
description: byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list.
type: array
maxItems: 500
items:
description: PerUserAPIRequestCount contains logs of a user's requests.
type: object
properties:
byVerb:
description: byVerb details by verb.
type: array
maxItems: 10
items:
description: PerVerbAPIRequestCount requestCounts requests by API request verb.
type: object
properties:
requestCount:
description: requestCount of requests for verb.
type: integer
format: int64
minimum: 0
verb:
description: verb of API request (get, list, create, etc...)
type: string
maxLength: 20
requestCount:
description: requestCount of requests by the user across all verbs.
type: integer
format: int64
minimum: 0
userAgent:
description: userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change.
type: string
maxLength: 1024
username:
description: userName that made the request.
type: string
maxLength: 512
nodeName:
description: nodeName where the request are being handled.
type: string
maxLength: 512
minLength: 1
requestCount:
description: requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users.
type: integer
format: int64
minimum: 0
requestCount:
description: requestCount is a sum of all requestCounts across nodes.
type: integer
format: int64
minimum: 0
last24h:
description: last24h contains request history for the last 24 hours, indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am is index 6, etc. The index of the current hour is updated live and then duplicated into the requestsLastHour field.
type: array
maxItems: 24
items:
description: PerResourceAPIRequestLog logs request for various nodes.
type: object
properties:
byNode:
description: byNode contains logs of requests per node.
type: array
maxItems: 512
items:
description: PerNodeAPIRequestLog contains logs of requests to a certain node.
type: object
properties:
byUser:
description: byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list.
type: array
maxItems: 500
items:
description: PerUserAPIRequestCount contains logs of a user's requests.
type: object
properties:
byVerb:
description: byVerb details by verb.
type: array
maxItems: 10
items:
description: PerVerbAPIRequestCount requestCounts requests by API request verb.
type: object
properties:
requestCount:
description: requestCount of requests for verb.
type: integer
format: int64
minimum: 0
verb:
description: verb of API request (get, list, create, etc...)
type: string
maxLength: 20
requestCount:
description: requestCount of requests by the user across all verbs.
type: integer
format: int64
minimum: 0
userAgent:
description: userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change.
type: string
maxLength: 1024
username:
description: userName that made the request.
type: string
maxLength: 512
nodeName:
description: nodeName where the request are being handled.
type: string
maxLength: 512
minLength: 1
requestCount:
description: requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users.
type: integer
format: int64
minimum: 0
requestCount:
description: requestCount is a sum of all requestCounts across nodes.
type: integer
format: int64
minimum: 0
removedInRelease:
description: removedInRelease is when the API will be removed.
type: string
maxLength: 64
minLength: 0
pattern: ^[0-9][0-9]*\.[0-9][0-9]*$
requestCount:
description: requestCount is a sum of all requestCounts across all current hours, nodes, and users.
type: integer
format: int64
minimum: 0

15
vendor/github.com/openshift/api/apiserver/v1/stable.apirequestcount.testsuite.yaml generated vendored
View File

@@ -1,15 +0,0 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] API Server"
crd: apiserver.openshift.io_apirequestcount.yaml
tests:
onCreate:
- name: Should be able to create a minimal RoleBindingRestriction
initial: |
apiVersion: apiserver.openshift.io/v1
kind: APIRequestCount
spec: {} # No spec is required for a APIRequestCount
expected: |
apiVersion: apiserver.openshift.io/v1
kind: APIRequestCount
spec:
numberOfUsersToReport: 10

11
vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go generated vendored
View File

@@ -11,8 +11,6 @@ const (
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:scope="Cluster"
// +kubebuilder:subresource:status
// +genclient:nonNamespaced
// +openshift:compatibility-gen:level=1
@@ -20,6 +18,15 @@ const (
// be of the form `resource.version.group`, matching the resource.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=apirequestcounts,scope=Cluster
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/897
// +openshift:file-pattern=operatorName=kube-apiserver
// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true
// +kubebuilder:printcolumn:name=RemovedInRelease,JSONPath=.status.removedInRelease,type=string,description=Release in which an API will be removed.
// +kubebuilder:printcolumn:name=RequestsInCurrentHour,JSONPath=.status.currentHour.requestCount,type=integer,description=Number of requests in the current hour.
// +kubebuilder:printcolumn:name=RequestsInLast24h,JSONPath=.status.requestCount,type=integer,description=Number of requests in the last 24h.
type APIRequestCount struct {
metav1.TypeMeta `json:",inline"`

34
vendor/github.com/openshift/api/apiserver/v1/zz_generated.featuregated-crd-manifests.yaml generated vendored Normal file
View File

@@ -0,0 +1,34 @@
apirequestcounts.apiserver.openshift.io:
Annotations:
include.release.openshift.io/self-managed-high-availability: "true"
ApprovedPRNumber: https://github.com/openshift/api/pull/897
CRDName: apirequestcounts.apiserver.openshift.io
Capability: ""
Category: ""
FeatureGates: []
FilenameOperatorName: kube-apiserver
FilenameOperatorOrdering: ""
FilenameRunLevel: ""
GroupName: apiserver.openshift.io
HasStatus: true
KindName: APIRequestCount
Labels: {}
PluralName: apirequestcounts
PrinterColumns:
- description: Release in which an API will be removed.
jsonPath: .status.removedInRelease
name: RemovedInRelease
type: string
- description: Number of requests in the current hour.
jsonPath: .status.currentHour.requestCount
name: RequestsInCurrentHour
type: integer
- description: Number of requests in the last 24h.
jsonPath: .status.requestCount
name: RequestsInLast24h
type: integer
Scope: Cluster
ShortNames: null
TopLevelFeatureGates: []
Version: v1

158
vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml generated vendored
View File

@@ -1,158 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: rolebindingrestrictions.authorization.openshift.io
spec:
group: authorization.openshift.io
names:
kind: RoleBindingRestriction
listKind: RoleBindingRestrictionList
plural: rolebindingrestrictions
singular: rolebindingrestriction
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: "RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs. If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the matcher.
type: object
properties:
grouprestriction:
description: GroupRestriction matches against group subjects.
type: object
properties:
groups:
description: Groups is a list of groups used to match against an individual user's groups. If the user is a member of one of the whitelisted groups, the user is allowed to be bound to a role.
type: array
items:
type: string
nullable: true
labels:
description: Selectors specifies a list of label selectors over group labels.
type: array
items:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
type: object
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
type: array
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
type: object
required:
- key
- operator
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
additionalProperties:
type: string
x-kubernetes-map-type: atomic
nullable: true
nullable: true
serviceaccountrestriction:
description: ServiceAccountRestriction matches against service-account subjects.
type: object
properties:
namespaces:
description: Namespaces specifies a list of literal namespace names.
type: array
items:
type: string
serviceaccounts:
description: ServiceAccounts specifies a list of literal service-account names.
type: array
items:
description: ServiceAccountReference specifies a service account and namespace by their names.
type: object
properties:
name:
description: Name is the name of the service account.
type: string
namespace:
description: Namespace is the namespace of the service account. Service accounts from inside the whitelisted namespaces are allowed to be bound to roles. If Namespace is empty, then the namespace of the RoleBindingRestriction in which the ServiceAccountReference is embedded is used.
type: string
nullable: true
userrestriction:
description: UserRestriction matches against user subjects.
type: object
properties:
groups:
description: Groups specifies a list of literal group names.
type: array
items:
type: string
nullable: true
labels:
description: Selectors specifies a list of label selectors over user labels.
type: array
items:
description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
type: object
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
type: array
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
type: object
required:
- key
- operator
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
additionalProperties:
type: string
x-kubernetes-map-type: atomic
nullable: true
users:
description: Users specifies a list of literal user names.
type: array
items:
type: string
nullable: true
served: true
storage: true

5
vendor/github.com/openshift/api/authorization/v1/generated.proto generated vendored
View File

@@ -367,7 +367,12 @@ message RoleBindingList {
// a subject, rolebindings on that subject in the namespace are allowed.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +kubebuilder:object:root=true
// +kubebuilder:resource:path=rolebindingrestrictions,scope=Namespaced
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470
// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01
// +openshift:compatibility-gen:level=1
// +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true
message RoleBindingRestriction {
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

14
vendor/github.com/openshift/api/authorization/v1/stable.rolebindingrestriction.testsuite.yaml generated vendored
View File

@@ -1,14 +0,0 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Authorization"
crd: 0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal RoleBindingRestriction
initial: |
apiVersion: authorization.openshift.io/v1
kind: RoleBindingRestriction
spec: {} # No spec is required for a RoleBindingRestriction
expected: |
apiVersion: authorization.openshift.io/v1
kind: RoleBindingRestriction
spec: {}

5
vendor/github.com/openshift/api/authorization/v1/types.go generated vendored
View File

@@ -532,7 +532,12 @@ type ClusterRoleList struct {
// a subject, rolebindings on that subject in the namespace are allowed.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +kubebuilder:object:root=true
// +kubebuilder:resource:path=rolebindingrestrictions,scope=Namespaced
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470
// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01
// +openshift:compatibility-gen:level=1
// +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true
type RoleBindingRestriction struct {
metav1.TypeMeta `json:",inline"`

22
vendor/github.com/openshift/api/authorization/v1/zz_generated.featuregated-crd-manifests.yaml generated vendored Normal file
View File

@@ -0,0 +1,22 @@
rolebindingrestrictions.authorization.openshift.io:
Annotations:
release.openshift.io/bootstrap-required: "true"
ApprovedPRNumber: https://github.com/openshift/api/pull/470
CRDName: rolebindingrestrictions.authorization.openshift.io
Capability: ""
Category: ""
FeatureGates: []
FilenameOperatorName: config-operator
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_03"
GroupName: authorization.openshift.io
HasStatus: false
KindName: RoleBindingRestriction
Labels: {}
PluralName: rolebindingrestrictions
PrinterColumns: []
Scope: Namespaced
ShortNames: null
TopLevelFeatureGates: []
Version: v1

5
vendor/github.com/openshift/api/build/OWNERS generated vendored
View File

@@ -1,4 +1,7 @@
reviewers:
- adambkaplan
- bparees
- gabemontero
- sayan-biswas
emeritus_reviewers:
- jim-minter
- gabemontero

0
vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml generated vendored Normal file
View File

107
vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml generated vendored
View File

@@ -1,107 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/859
name: cloudprivateipconfigs.cloud.network.openshift.io
spec:
group: cloud.network.openshift.io
names:
kind: CloudPrivateIPConfig
listKind: CloudPrivateIPConfigList
plural: cloudprivateipconfigs
singular: cloudprivateipconfig
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6). \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
properties:
name:
anyOf:
- format: ipv4
- format: ipv6
type: string
type: object
spec:
description: spec is the definition of the desired private IP request.
properties:
node:
description: 'node is the node name, as specified by the Kubernetes field: node.metadata.name'
type: string
type: object
status:
description: status is the observed status of the desired private IP request. Read-only.
properties:
conditions:
description: condition is the assignment condition of the private IP and its status
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
node:
description: 'node is the node name, as specified by the Kubernetes field: node.metadata.name'
type: string
required:
- conditions
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

10
vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml-patch generated vendored
View File

@@ -1,10 +0,0 @@
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/metadata
value:
type: object
properties:
name:
type: string
anyOf:
- format: ipv4
- format: ipv6

2
vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto generated vendored
View File

@@ -31,6 +31,8 @@ option go_package = "github.com/openshift/api/cloudnetwork/v1";
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=cloudprivateipconfigs,scope=Cluster
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/859
// +openshift:file-pattern=operatorOrdering=001
// +openshift:compatibility-gen:level=1
message CloudPrivateIPConfig {
// metadata is the standard object's metadata.

18
vendor/github.com/openshift/api/cloudnetwork/v1/stable.cloudprivateipconfig.testsuite.yaml generated vendored
View File

@@ -1,18 +0,0 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "[Stable] Cloud Network"
crd: 001-cloudprivateipconfig.crd.yaml
tests:
onCreate:
- name: Should be able to create a minimal CloudPrivateIPConfig
initial: |
apiVersion: cloud.network.openshift.io/v1
kind: CloudPrivateIPConfig
metadata:
name: 1.2.3.4
spec: {} # No spec is required for a CloudPrivateIPConfig
expected: |
apiVersion: cloud.network.openshift.io/v1
kind: CloudPrivateIPConfig
metadata:
name: 1.2.3.4
spec: {}

2
vendor/github.com/openshift/api/cloudnetwork/v1/types.go generated vendored
View File

@@ -23,6 +23,8 @@ import (
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=cloudprivateipconfigs,scope=Cluster
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/859
// +openshift:file-pattern=operatorOrdering=001
// +openshift:compatibility-gen:level=1
type CloudPrivateIPConfig struct {
metav1.TypeMeta `json:",inline"`

21
vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.featuregated-crd-manifests.yaml generated vendored Normal file
View File

@@ -0,0 +1,21 @@
cloudprivateipconfigs.cloud.network.openshift.io:
Annotations: {}
ApprovedPRNumber: https://github.com/openshift/api/pull/859
CRDName: cloudprivateipconfigs.cloud.network.openshift.io
Capability: ""
Category: ""
FeatureGates: []
FilenameOperatorName: ""
FilenameOperatorOrdering: "001"
FilenameRunLevel: ""
GroupName: cloud.network.openshift.io
HasStatus: true
KindName: CloudPrivateIPConfig
Labels: {}
PluralName: cloudprivateipconfigs
PrinterColumns: []
Scope: Cluster
ShortNames: null
TopLevelFeatureGates: []
Version: v1

6
vendor/github.com/openshift/api/config/.codegen.yaml generated vendored
View File

@@ -1,8 +1,2 @@
schemapatch:
requiredFeatureSets:
- ""
- "Default"
- "TechPreviewNoUpgrade"
- "CustomNoUpgrade"
swaggerdocs:
commentPolicy: Warn

137
vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml generated vendored
View File

@@ -1,137 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/497
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: clusteroperators.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ClusterOperator
listKind: ClusterOperatorList
plural: clusteroperators
shortNames:
- co
singular: clusteroperator
scope: Cluster
versions:
- additionalPrinterColumns:
- description: The version the operator is at.
jsonPath: .status.versions[?(@.name=="operator")].version
name: Version
type: string
- description: Whether the operator is running and stable.
jsonPath: .status.conditions[?(@.type=="Available")].status
name: Available
type: string
- description: Whether the operator is processing changes.
jsonPath: .status.conditions[?(@.type=="Progressing")].status
name: Progressing
type: string
- description: Whether the operator is degraded.
jsonPath: .status.conditions[?(@.type=="Degraded")].status
name: Degraded
type: string
- description: The time the operator's Available status last changed.
jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime
name: Since
type: date
name: v1
schema:
openAPIV3Schema:
description: "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds configuration that could apply to any operator.
type: object
status:
description: status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.
type: object
properties:
conditions:
description: conditions describes the state of the operator's managed and monitored components.
type: array
items:
description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
type: object
required:
- lastTransitionTime
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the time of the last update to the current status property.
type: string
format: date-time
message:
description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
reason:
description: reason is the CamelCase reason for the condition's current status.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type specifies the aspect reported by this condition.
type: string
extension:
description: extension contains any additional status information specific to the operator which owns this status object.
type: object
nullable: true
x-kubernetes-preserve-unknown-fields: true
relatedObjects:
description: 'relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces'
type: array
items:
description: ObjectReference contains enough information to let you inspect or modify the referred object.
type: object
required:
- group
- name
- resource
properties:
group:
description: group of the referent.
type: string
name:
description: name of the referent.
type: string
namespace:
description: namespace of the referent.
type: string
resource:
description: resource of the referent.
type: string
versions:
description: versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
type: array
items:
type: object
required:
- name
- version
properties:
name:
description: name is the name of the particular operand this version is for. It usually matches container images, not operators.
type: string
version:
description: version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0
type: string
served: true
storage: true
subresources:
status: {}

503
vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml generated vendored
View File

@@ -1,503 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/495
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: CustomNoUpgrade
name: clusterversions.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ClusterVersion
plural: clusterversions
singular: clusterversion
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.history[?(@.state=="Completed")].version
name: Version
type: string
- jsonPath: .status.conditions[?(@.type=="Available")].status
name: Available
type: string
- jsonPath: .status.conditions[?(@.type=="Progressing")].status
name: Progressing
type: string
- jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime
name: Since
type: date
- jsonPath: .status.conditions[?(@.type=="Progressing")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.
type: object
required:
- clusterID
properties:
capabilities:
description: capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.
type: object
properties:
additionalEnabledCapabilities:
description: additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
baselineCapabilitySet:
description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.
type: string
enum:
- None
- v4.11
- v4.12
- v4.13
- v4.14
- v4.15
- vCurrent
channel:
description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.
type: string
clusterID:
description: clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.
type: string
desiredUpdate:
description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. \n Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. \n If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed."
type: object
properties:
architecture:
description: architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.
type: string
enum:
- Multi
- ""
force:
description: force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.
type: boolean
image:
description: image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.
type: string
version:
description: version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.
type: string
x-kubernetes-validations:
- rule: 'has(self.architecture) && has(self.image) ? (self.architecture == '''' || self.image == '''') : true'
message: cannot set both Architecture and Image
- rule: 'has(self.architecture) && self.architecture != '''' ? self.version != '''' : true'
message: Version must be set if Architecture is set
overrides:
description: overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.
type: array
items:
description: ComponentOverride allows overriding cluster version operator's behavior for a component.
type: object
required:
- group
- kind
- name
- namespace
- unmanaged
properties:
group:
description: group identifies the API group that the kind is in.
type: string
kind:
description: kind indentifies which object to override.
type: string
name:
description: name is the component's name.
type: string
namespace:
description: namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.
type: string
unmanaged:
description: 'unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false'
type: boolean
x-kubernetes-list-map-keys:
- kind
- group
- namespace
- name
x-kubernetes-list-type: map
signatureStores:
description: "signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle. \n By default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually. \n A maximum of 32 signature stores may be configured."
type: array
maxItems: 32
items:
description: SignatureStore represents the URL of custom Signature Store
type: object
required:
- url
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
url:
description: url contains the upstream custom signature store URL. url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. This must be provided and cannot be empty.
type: string
x-kubernetes-validations:
- rule: isURL(self)
message: url must be a valid absolute URL
x-kubernetes-list-map-keys:
- url
x-kubernetes-list-type: map
upstream:
description: upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.
type: string
status:
description: status contains information about the available updates and any in-progress updates.
type: object
required:
- availableUpdates
- desired
- observedGeneration
- versionHash
properties:
availableUpdates:
description: availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.
type: array
items:
description: Release represents an OpenShift release image and associated metadata.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
nullable: true
x-kubernetes-list-type: atomic
capabilities:
description: capabilities describes the state of optional, core cluster components.
type: object
properties:
enabledCapabilities:
description: enabledCapabilities lists all the capabilities that are currently managed.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
knownCapabilities:
description: knownCapabilities lists all the capabilities known to the current cluster.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
conditionalUpdates:
description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.
type: array
items:
description: ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.
type: object
required:
- release
- risks
properties:
conditions:
description: 'conditions represents the observations of the conditional update''s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.'
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
release:
description: release is the target of the update.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
risks:
description: risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.
type: array
minItems: 1
items:
description: ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.
type: object
required:
- matchingRules
- message
- name
- url
properties:
matchingRules:
description: matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.
type: array
minItems: 1
items:
description: ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.
type: object
required:
- type
properties:
promql:
description: promQL represents a cluster condition based on PromQL.
type: object
required:
- promql
properties:
promql:
description: PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.
type: string
type:
description: type represents the cluster-condition type. This defines the members and semantics of any additional properties.
type: string
enum:
- Always
- PromQL
x-kubernetes-list-type: atomic
message:
description: message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
minLength: 1
name:
description: name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.
type: string
minLength: 1
url:
description: url contains information about this risk.
type: string
format: uri
minLength: 1
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
x-kubernetes-list-type: atomic
conditions:
description: conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.
type: array
items:
description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
type: object
required:
- lastTransitionTime
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the time of the last update to the current status property.
type: string
format: date-time
message:
description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
reason:
description: reason is the CamelCase reason for the condition's current status.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type specifies the aspect reported by this condition.
type: string
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
desired:
description: desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
history:
description: history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.
type: array
items:
description: UpdateHistory is a single attempted update to the cluster.
type: object
required:
- completionTime
- image
- startedTime
- state
- verified
properties:
acceptedRisks:
description: acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.
type: string
completionTime:
description: completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).
type: string
format: date-time
nullable: true
image:
description: image is a container image location that contains the update. This value is always populated.
type: string
startedTime:
description: startedTime is the time at which the update was started.
type: string
format: date-time
state:
description: state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).
type: string
verified:
description: verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.
type: boolean
version:
description: version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.
type: string
x-kubernetes-list-type: atomic
observedGeneration:
description: observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.
type: integer
format: int64
versionHash:
description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.
type: string
x-kubernetes-validations:
- rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true'
message: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability
- rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) : true'
message: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability
served: true
storage: true
subresources:
status: {}

475
vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml generated vendored
View File

@@ -1,475 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/495
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: Default
name: clusterversions.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ClusterVersion
plural: clusterversions
singular: clusterversion
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.history[?(@.state=="Completed")].version
name: Version
type: string
- jsonPath: .status.conditions[?(@.type=="Available")].status
name: Available
type: string
- jsonPath: .status.conditions[?(@.type=="Progressing")].status
name: Progressing
type: string
- jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime
name: Since
type: date
- jsonPath: .status.conditions[?(@.type=="Progressing")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.
type: object
required:
- clusterID
properties:
capabilities:
description: capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.
type: object
properties:
additionalEnabledCapabilities:
description: additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
baselineCapabilitySet:
description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.
type: string
enum:
- None
- v4.11
- v4.12
- v4.13
- v4.14
- v4.15
- vCurrent
channel:
description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.
type: string
clusterID:
description: clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.
type: string
desiredUpdate:
description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. \n Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. \n If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed."
type: object
properties:
architecture:
description: architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.
type: string
enum:
- Multi
- ""
force:
description: force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.
type: boolean
image:
description: image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.
type: string
version:
description: version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.
type: string
x-kubernetes-validations:
- rule: 'has(self.architecture) && has(self.image) ? (self.architecture == '''' || self.image == '''') : true'
message: cannot set both Architecture and Image
- rule: 'has(self.architecture) && self.architecture != '''' ? self.version != '''' : true'
message: Version must be set if Architecture is set
overrides:
description: overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.
type: array
items:
description: ComponentOverride allows overriding cluster version operator's behavior for a component.
type: object
required:
- group
- kind
- name
- namespace
- unmanaged
properties:
group:
description: group identifies the API group that the kind is in.
type: string
kind:
description: kind indentifies which object to override.
type: string
name:
description: name is the component's name.
type: string
namespace:
description: namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.
type: string
unmanaged:
description: 'unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false'
type: boolean
x-kubernetes-list-map-keys:
- kind
- group
- namespace
- name
x-kubernetes-list-type: map
upstream:
description: upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.
type: string
status:
description: status contains information about the available updates and any in-progress updates.
type: object
required:
- availableUpdates
- desired
- observedGeneration
- versionHash
properties:
availableUpdates:
description: availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.
type: array
items:
description: Release represents an OpenShift release image and associated metadata.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
nullable: true
x-kubernetes-list-type: atomic
capabilities:
description: capabilities describes the state of optional, core cluster components.
type: object
properties:
enabledCapabilities:
description: enabledCapabilities lists all the capabilities that are currently managed.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
knownCapabilities:
description: knownCapabilities lists all the capabilities known to the current cluster.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
conditionalUpdates:
description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.
type: array
items:
description: ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.
type: object
required:
- release
- risks
properties:
conditions:
description: 'conditions represents the observations of the conditional update''s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.'
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
release:
description: release is the target of the update.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
risks:
description: risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.
type: array
minItems: 1
items:
description: ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.
type: object
required:
- matchingRules
- message
- name
- url
properties:
matchingRules:
description: matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.
type: array
minItems: 1
items:
description: ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.
type: object
required:
- type
properties:
promql:
description: promQL represents a cluster condition based on PromQL.
type: object
required:
- promql
properties:
promql:
description: PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.
type: string
type:
description: type represents the cluster-condition type. This defines the members and semantics of any additional properties.
type: string
enum:
- Always
- PromQL
x-kubernetes-list-type: atomic
message:
description: message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
minLength: 1
name:
description: name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.
type: string
minLength: 1
url:
description: url contains information about this risk.
type: string
format: uri
minLength: 1
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
x-kubernetes-list-type: atomic
conditions:
description: conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.
type: array
items:
description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
type: object
required:
- lastTransitionTime
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the time of the last update to the current status property.
type: string
format: date-time
message:
description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
reason:
description: reason is the CamelCase reason for the condition's current status.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type specifies the aspect reported by this condition.
type: string
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
desired:
description: desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
history:
description: history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.
type: array
items:
description: UpdateHistory is a single attempted update to the cluster.
type: object
required:
- completionTime
- image
- startedTime
- state
- verified
properties:
acceptedRisks:
description: acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.
type: string
completionTime:
description: completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).
type: string
format: date-time
nullable: true
image:
description: image is a container image location that contains the update. This value is always populated.
type: string
startedTime:
description: startedTime is the time at which the update was started.
type: string
format: date-time
state:
description: state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).
type: string
verified:
description: verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.
type: boolean
version:
description: version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.
type: string
x-kubernetes-list-type: atomic
observedGeneration:
description: observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.
type: integer
format: int64
versionHash:
description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.
type: string
x-kubernetes-validations:
- rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true'
message: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability
- rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) : true'
message: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability
served: true
storage: true
subresources:
status: {}

503
vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml generated vendored
View File

@@ -1,503 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/495
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: clusterversions.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ClusterVersion
plural: clusterversions
singular: clusterversion
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.history[?(@.state=="Completed")].version
name: Version
type: string
- jsonPath: .status.conditions[?(@.type=="Available")].status
name: Available
type: string
- jsonPath: .status.conditions[?(@.type=="Progressing")].status
name: Progressing
type: string
- jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime
name: Since
type: date
- jsonPath: .status.conditions[?(@.type=="Progressing")].message
name: Status
type: string
name: v1
schema:
openAPIV3Schema:
description: "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.
type: object
required:
- clusterID
properties:
capabilities:
description: capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.
type: object
properties:
additionalEnabledCapabilities:
description: additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
baselineCapabilitySet:
description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.
type: string
enum:
- None
- v4.11
- v4.12
- v4.13
- v4.14
- v4.15
- vCurrent
channel:
description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.
type: string
clusterID:
description: clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.
type: string
desiredUpdate:
description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. \n Some of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error. \n If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed."
type: object
properties:
architecture:
description: architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.
type: string
enum:
- Multi
- ""
force:
description: force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.
type: boolean
image:
description: image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.
type: string
version:
description: version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.
type: string
x-kubernetes-validations:
- rule: 'has(self.architecture) && has(self.image) ? (self.architecture == '''' || self.image == '''') : true'
message: cannot set both Architecture and Image
- rule: 'has(self.architecture) && self.architecture != '''' ? self.version != '''' : true'
message: Version must be set if Architecture is set
overrides:
description: overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.
type: array
items:
description: ComponentOverride allows overriding cluster version operator's behavior for a component.
type: object
required:
- group
- kind
- name
- namespace
- unmanaged
properties:
group:
description: group identifies the API group that the kind is in.
type: string
kind:
description: kind indentifies which object to override.
type: string
name:
description: name is the component's name.
type: string
namespace:
description: namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.
type: string
unmanaged:
description: 'unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false'
type: boolean
x-kubernetes-list-map-keys:
- kind
- group
- namespace
- name
x-kubernetes-list-type: map
signatureStores:
description: "signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle. \n By default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually. \n A maximum of 32 signature stores may be configured."
type: array
maxItems: 32
items:
description: SignatureStore represents the URL of custom Signature Store
type: object
required:
- url
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
url:
description: url contains the upstream custom signature store URL. url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. This must be provided and cannot be empty.
type: string
x-kubernetes-validations:
- rule: isURL(self)
message: url must be a valid absolute URL
x-kubernetes-list-map-keys:
- url
x-kubernetes-list-type: map
upstream:
description: upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.
type: string
status:
description: status contains information about the available updates and any in-progress updates.
type: object
required:
- availableUpdates
- desired
- observedGeneration
- versionHash
properties:
availableUpdates:
description: availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.
type: array
items:
description: Release represents an OpenShift release image and associated metadata.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
nullable: true
x-kubernetes-list-type: atomic
capabilities:
description: capabilities describes the state of optional, core cluster components.
type: object
properties:
enabledCapabilities:
description: enabledCapabilities lists all the capabilities that are currently managed.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
knownCapabilities:
description: knownCapabilities lists all the capabilities known to the current cluster.
type: array
items:
description: ClusterVersionCapability enumerates optional, core cluster components.
type: string
enum:
- openshift-samples
- baremetal
- marketplace
- Console
- Insights
- Storage
- CSISnapshot
- NodeTuning
- MachineAPI
- Build
- DeploymentConfig
- ImageRegistry
- OperatorLifecycleManager
- CloudCredential
x-kubernetes-list-type: atomic
conditionalUpdates:
description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.
type: array
items:
description: ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.
type: object
required:
- release
- risks
properties:
conditions:
description: 'conditions represents the observations of the conditional update''s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.'
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
release:
description: release is the target of the update.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
risks:
description: risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.
type: array
minItems: 1
items:
description: ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.
type: object
required:
- matchingRules
- message
- name
- url
properties:
matchingRules:
description: matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.
type: array
minItems: 1
items:
description: ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.
type: object
required:
- type
properties:
promql:
description: promQL represents a cluster condition based on PromQL.
type: object
required:
- promql
properties:
promql:
description: PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.
type: string
type:
description: type represents the cluster-condition type. This defines the members and semantics of any additional properties.
type: string
enum:
- Always
- PromQL
x-kubernetes-list-type: atomic
message:
description: message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
minLength: 1
name:
description: name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.
type: string
minLength: 1
url:
description: url contains information about this risk.
type: string
format: uri
minLength: 1
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
x-kubernetes-list-type: atomic
conditions:
description: conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.
type: array
items:
description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.
type: object
required:
- lastTransitionTime
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the time of the last update to the current status property.
type: string
format: date-time
message:
description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
type: string
reason:
description: reason is the CamelCase reason for the condition's current status.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type specifies the aspect reported by this condition.
type: string
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
desired:
description: desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.
type: object
properties:
channels:
description: channels is the set of Cincinnati channels to which the release currently belongs.
type: array
items:
type: string
x-kubernetes-list-type: set
image:
description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
type: string
url:
description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
type: string
version:
description: version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.
type: string
history:
description: history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.
type: array
items:
description: UpdateHistory is a single attempted update to the cluster.
type: object
required:
- completionTime
- image
- startedTime
- state
- verified
properties:
acceptedRisks:
description: acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.
type: string
completionTime:
description: completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).
type: string
format: date-time
nullable: true
image:
description: image is a container image location that contains the update. This value is always populated.
type: string
startedTime:
description: startedTime is the time at which the update was started.
type: string
format: date-time
state:
description: state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).
type: string
verified:
description: verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.
type: boolean
version:
description: version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.
type: string
x-kubernetes-list-type: atomic
observedGeneration:
description: observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.
type: integer
format: int64
versionHash:
description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.
type: string
x-kubernetes-validations:
- rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true'
message: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability
- rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) : true'
message: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability
served: true
storage: true
subresources:
status: {}

78
vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml generated vendored
View File

@@ -1,78 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: proxies.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Proxy
listKind: ProxyList
plural: proxies
singular: proxy
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec holds user-settable values for the proxy configuration
type: object
properties:
httpProxy:
description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.
type: string
httpsProxy:
description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.
type: string
noProxy:
description: noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.
type: string
readinessEndpoints:
description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
type: array
items:
type: string
trustedCA:
description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----"
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
httpProxy:
description: httpProxy is the URL of the proxy for HTTP requests.
type: string
httpsProxy:
description: httpsProxy is the URL of the proxy for HTTPS requests.
type: string
noProxy:
description: noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
type: string
served: true
storage: true
subresources:
status: {}

84
vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml generated vendored
View File

@@ -1,84 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
capability.openshift.io/name: marketplace
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: operatorhubs.config.openshift.io
spec:
group: config.openshift.io
names:
kind: OperatorHub
listKind: OperatorHubList
plural: operatorhubs
singular: operatorhub
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: OperatorHubSpec defines the desired state of OperatorHub
type: object
properties:
disableAllDefaultSources:
description: disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source.
type: boolean
sources:
description: sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block.
type: array
items:
description: HubSource is used to specify the hub source and its configuration
type: object
properties:
disabled:
description: disabled is used to disable a default hub source on cluster
type: boolean
name:
description: name is the name of one of the default hub sources
type: string
maxLength: 253
minLength: 1
status:
description: OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.
type: object
properties:
sources:
description: sources encapsulates the result of applying the configuration for each hub source
type: array
items:
description: HubSourceStatus is used to reflect the current state of applying the configuration to a default source
type: object
properties:
disabled:
description: disabled is used to disable a default hub source on cluster
type: boolean
message:
description: message provides more information regarding failures
type: string
name:
description: name is the name of one of the default hub sources
type: string
maxLength: 253
minLength: 1
status:
description: status indicates success or failure in applying the configuration
type: string
served: true
storage: true
subresources:
status: {}

179
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml generated vendored
View File

@@ -1,179 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: CustomNoUpgrade
name: apiservers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: APIServer
listKind: APIServerList
plural: apiservers
singular: apiserver
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
additionalCORSAllowedOrigins:
description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.
type: array
items:
type: string
audit:
description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.
type: object
default:
profile: Default
properties:
customRules:
description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.
type: array
items:
description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.
type: object
required:
- group
- profile
properties:
group:
description: group is a name of group a request user must be member of in order to this profile to apply.
type: string
minLength: 1
profile:
description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default."
type: string
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
x-kubernetes-list-map-keys:
- group
x-kubernetes-list-type: map
profile:
description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default."
type: string
default: Default
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
clientCA:
description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
encryption:
description: encryption allows the configuration of encryption of resources at the datastore layer.
type: object
properties:
type:
description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io"
type: string
enum:
- ""
- identity
- aescbc
- aesgcm
servingCerts:
description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
type: object
properties:
namedCertificates:
description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
type: array
items:
description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
type: object
properties:
names:
description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
type: array
items:
type: string
servingCertificate:
description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsSecurityProfile:
description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12."
type: object
properties:
custom:
description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11"
type: object
properties:
ciphers:
description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA"
type: array
items:
type: string
minTLSVersion:
description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12"
type: string
enum:
- VersionTLS10
- VersionTLS11
- VersionTLS12
- VersionTLS13
nullable: true
intermediate:
description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12"
type: object
nullable: true
modern:
description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported."
type: object
nullable: true
old:
description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10"
type: object
nullable: true
type:
description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries."
type: string
enum:
- Old
- Intermediate
- Modern
- Custom
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

179
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml generated vendored
View File

@@ -1,179 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: Default
name: apiservers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: APIServer
listKind: APIServerList
plural: apiservers
singular: apiserver
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
additionalCORSAllowedOrigins:
description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.
type: array
items:
type: string
audit:
description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.
type: object
default:
profile: Default
properties:
customRules:
description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.
type: array
items:
description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.
type: object
required:
- group
- profile
properties:
group:
description: group is a name of group a request user must be member of in order to this profile to apply.
type: string
minLength: 1
profile:
description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default."
type: string
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
x-kubernetes-list-map-keys:
- group
x-kubernetes-list-type: map
profile:
description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default."
type: string
default: Default
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
clientCA:
description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
encryption:
description: encryption allows the configuration of encryption of resources at the datastore layer.
type: object
properties:
type:
description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io"
type: string
enum:
- ""
- identity
- aescbc
- aesgcm
servingCerts:
description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
type: object
properties:
namedCertificates:
description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
type: array
items:
description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
type: object
properties:
names:
description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
type: array
items:
type: string
servingCertificate:
description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsSecurityProfile:
description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12."
type: object
properties:
custom:
description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11"
type: object
properties:
ciphers:
description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA"
type: array
items:
type: string
minTLSVersion:
description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12"
type: string
enum:
- VersionTLS10
- VersionTLS11
- VersionTLS12
- VersionTLS13
nullable: true
intermediate:
description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12"
type: object
nullable: true
modern:
description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported."
type: object
nullable: true
old:
description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10"
type: object
nullable: true
type:
description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries."
type: string
enum:
- Old
- Intermediate
- Modern
- Custom
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

179
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml generated vendored
View File

@@ -1,179 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: apiservers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: APIServer
listKind: APIServerList
plural: apiservers
singular: apiserver
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
additionalCORSAllowedOrigins:
description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.
type: array
items:
type: string
audit:
description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.
type: object
default:
profile: Default
properties:
customRules:
description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.
type: array
items:
description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.
type: object
required:
- group
- profile
properties:
group:
description: group is a name of group a request user must be member of in order to this profile to apply.
type: string
minLength: 1
profile:
description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default."
type: string
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
x-kubernetes-list-map-keys:
- group
x-kubernetes-list-type: map
profile:
description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default."
type: string
default: Default
enum:
- Default
- WriteRequestBodies
- AllRequestBodies
- None
clientCA:
description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
encryption:
description: encryption allows the configuration of encryption of resources at the datastore layer.
type: object
properties:
type:
description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io"
type: string
enum:
- ""
- identity
- aescbc
- aesgcm
servingCerts:
description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.
type: object
properties:
namedCertificates:
description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.
type: array
items:
description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
type: object
properties:
names:
description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
type: array
items:
type: string
servingCertificate:
description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsSecurityProfile:
description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12."
type: object
properties:
custom:
description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11"
type: object
properties:
ciphers:
description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA"
type: array
items:
type: string
minTLSVersion:
description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12"
type: string
enum:
- VersionTLS10
- VersionTLS11
- VersionTLS12
- VersionTLS13
nullable: true
intermediate:
description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12"
type: object
nullable: true
modern:
description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported."
type: object
nullable: true
old:
description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10"
type: object
nullable: true
type:
description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries."
type: string
enum:
- Old
- Intermediate
- Modern
- Custom
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

374
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml generated vendored
View File

@@ -1,374 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: CustomNoUpgrade
name: authentications.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Authentication
listKind: AuthenticationList
plural: authentications
singular: authentication
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
"schema":
"openAPIV3Schema":
description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
oauthMetadata:
description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
oidcProviders:
description: "OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". \n At most one provider can be configured."
type: array
maxItems: 1
items:
type: object
required:
- issuer
- name
properties:
claimMappings:
description: ClaimMappings describes rules on how to transform information from an ID token into a cluster identity
type: object
properties:
groups:
description: Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values.
type: object
required:
- claim
properties:
claim:
description: Claim is a JWT token claim to be used in the mapping
type: string
prefix:
description: "Prefix is a string to prefix the value from the token in the result of the claim mapping. \n By default, no prefixing occurs. \n Example: if `prefix` is set to \"myoidc:\"\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"."
type: string
username:
description: "Username is a name of the claim that should be used to construct usernames for the cluster identity. \n Default value: \"sub\""
type: object
required:
- claim
properties:
claim:
description: Claim is a JWT token claim to be used in the mapping
type: string
prefix:
type: object
required:
- prefixString
properties:
prefixString:
type: string
minLength: 1
prefixPolicy:
description: "PrefixPolicy specifies how a prefix should apply. \n By default, claims other than `email` will be prefixed with the issuer URL to prevent naming clashes with other plugins. \n Set to \"NoPrefix\" to disable prefixing. \n Example: (1) `prefix` is set to \"myoidc:\" and `claim` is set to \"username\". If the JWT claim `username` contains value `userA`, the resulting mapped value will be \"myoidc:userA\". (2) `prefix` is set to \"myoidc:\" and `claim` is set to \"email\". If the JWT `email` claim contains value \"userA@myoidc.tld\", the resulting mapped value will be \"myoidc:userA@myoidc.tld\". (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\", and `claim` is set to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" (b) \"email\": the mapped value will be \"userA@myoidc.tld\""
type: string
enum:
- ""
- NoPrefix
- Prefix
x-kubernetes-validations:
- rule: 'has(self.prefixPolicy) && self.prefixPolicy == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)'
message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise
claimValidationRules:
description: ClaimValidationRules are rules that are applied to validate token claims to authenticate users.
type: array
items:
type: object
properties:
requiredClaim:
description: RequiredClaim allows configuring a required claim name and its expected value
type: object
required:
- claim
- requiredValue
properties:
claim:
description: Claim is a name of a required claim. Only claims with string values are supported.
type: string
minLength: 1
requiredValue:
description: RequiredValue is the required value for the claim.
type: string
minLength: 1
type:
description: Type sets the type of the validation rule
type: string
default: RequiredClaim
enum:
- RequiredClaim
x-kubernetes-list-type: atomic
issuer:
description: Issuer describes atributes of the OIDC token issuer
type: object
required:
- audiences
- issuerURL
properties:
audiences:
description: Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their "aud" claim. Must be set to exactly one value.
type: array
maxItems: 1
items:
type: string
minLength: 1
x-kubernetes-list-type: set
issuerCertificateAuthority:
description: CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the "ca-bundle.crt" key. If unset, system trust is used instead.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
issuerURL:
description: URL is the serving URL of the token issuer. Must use the https:// scheme.
type: string
pattern: ^https:\/\/[^\s]
name:
description: Name of the OIDC provider
type: string
minLength: 1
oidcClients:
description: OIDCClients contains configuration for the platform's clients that need to request tokens from the issuer
type: array
maxItems: 20
items:
type: object
required:
- clientID
- componentName
- componentNamespace
properties:
clientID:
description: ClientID is the identifier of the OIDC client from the OIDC provider
type: string
minLength: 1
clientSecret:
description: ClientSecret refers to a secret in the `openshift-config` namespace that contains the client secret in the `clientSecret` key of the `.data` field
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
componentName:
description: ComponentName is the name of the component that is supposed to consume this client configuration
type: string
maxLength: 256
minLength: 1
componentNamespace:
description: ComponentNamespace is the namespace of the component that is supposed to consume this client configuration
type: string
maxLength: 63
minLength: 1
extraScopes:
description: ExtraScopes is an optional set of scopes to request tokens with.
type: array
items:
type: string
x-kubernetes-list-type: set
x-kubernetes-list-map-keys:
- componentNamespace
- componentName
x-kubernetes-list-type: map
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
serviceAccountIssuer:
description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.'
type: string
type:
description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
type: string
webhookTokenAuthenticator:
description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"."
type: object
required:
- kubeConfig
properties:
kubeConfig:
description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored."
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
webhookTokenAuthenticators:
description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect.
type: array
items:
description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
type: object
properties:
kubeConfig:
description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
x-kubernetes-list-type: atomic
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
integratedOAuthMetadata:
description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
oidcClients:
description: OIDCClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin.
type: array
maxItems: 20
items:
type: object
required:
- componentName
- componentNamespace
properties:
componentName:
description: ComponentName is the name of the component that will consume a client configuration.
type: string
maxLength: 256
minLength: 1
componentNamespace:
description: ComponentNamespace is the namespace of the component that will consume a client configuration.
type: string
maxLength: 63
minLength: 1
conditions:
description: "Conditions are used to communicate the state of the `oidcClients` entry. \n Supported conditions include Available, Degraded and Progressing. \n If Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry."
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
consumingUsers:
description: ConsumingUsers is a slice of ServiceAccounts that need to have read permission on the `clientSecret` secret.
type: array
maxItems: 5
items:
description: ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported.
type: string
maxLength: 512
minLength: 1
pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
x-kubernetes-list-type: set
currentOIDCClients:
description: CurrentOIDCClients is a list of clients that the component is currently using.
type: array
items:
type: object
required:
- clientID
- issuerURL
- oidcProviderName
properties:
clientID:
description: ClientID is the identifier of the OIDC client from the OIDC provider
type: string
minLength: 1
issuerURL:
description: URL is the serving URL of the token issuer. Must use the https:// scheme.
type: string
pattern: ^https:\/\/[^\s]
oidcProviderName:
description: OIDCName refers to the `name` of the provider from `oidcProviders`
type: string
minLength: 1
x-kubernetes-list-map-keys:
- issuerURL
- clientID
x-kubernetes-list-type: map
x-kubernetes-list-map-keys:
- componentNamespace
- componentName
x-kubernetes-list-type: map
x-kubernetes-validations:
- rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))'
message: all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients

374
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml generated vendored
View File

@@ -1,374 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: authentications.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Authentication
listKind: AuthenticationList
plural: authentications
singular: authentication
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
"schema":
"openAPIV3Schema":
description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
oauthMetadata:
description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
oidcProviders:
description: "OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". \n At most one provider can be configured."
type: array
maxItems: 1
items:
type: object
required:
- issuer
- name
properties:
claimMappings:
description: ClaimMappings describes rules on how to transform information from an ID token into a cluster identity
type: object
properties:
groups:
description: Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values.
type: object
required:
- claim
properties:
claim:
description: Claim is a JWT token claim to be used in the mapping
type: string
prefix:
description: "Prefix is a string to prefix the value from the token in the result of the claim mapping. \n By default, no prefixing occurs. \n Example: if `prefix` is set to \"myoidc:\"\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"."
type: string
username:
description: "Username is a name of the claim that should be used to construct usernames for the cluster identity. \n Default value: \"sub\""
type: object
required:
- claim
properties:
claim:
description: Claim is a JWT token claim to be used in the mapping
type: string
prefix:
type: object
required:
- prefixString
properties:
prefixString:
type: string
minLength: 1
prefixPolicy:
description: "PrefixPolicy specifies how a prefix should apply. \n By default, claims other than `email` will be prefixed with the issuer URL to prevent naming clashes with other plugins. \n Set to \"NoPrefix\" to disable prefixing. \n Example: (1) `prefix` is set to \"myoidc:\" and `claim` is set to \"username\". If the JWT claim `username` contains value `userA`, the resulting mapped value will be \"myoidc:userA\". (2) `prefix` is set to \"myoidc:\" and `claim` is set to \"email\". If the JWT `email` claim contains value \"userA@myoidc.tld\", the resulting mapped value will be \"myoidc:userA@myoidc.tld\". (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\", and `claim` is set to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" (b) \"email\": the mapped value will be \"userA@myoidc.tld\""
type: string
enum:
- ""
- NoPrefix
- Prefix
x-kubernetes-validations:
- rule: 'has(self.prefixPolicy) && self.prefixPolicy == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)'
message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise
claimValidationRules:
description: ClaimValidationRules are rules that are applied to validate token claims to authenticate users.
type: array
items:
type: object
properties:
requiredClaim:
description: RequiredClaim allows configuring a required claim name and its expected value
type: object
required:
- claim
- requiredValue
properties:
claim:
description: Claim is a name of a required claim. Only claims with string values are supported.
type: string
minLength: 1
requiredValue:
description: RequiredValue is the required value for the claim.
type: string
minLength: 1
type:
description: Type sets the type of the validation rule
type: string
default: RequiredClaim
enum:
- RequiredClaim
x-kubernetes-list-type: atomic
issuer:
description: Issuer describes atributes of the OIDC token issuer
type: object
required:
- audiences
- issuerURL
properties:
audiences:
description: Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their "aud" claim. Must be set to exactly one value.
type: array
maxItems: 1
items:
type: string
minLength: 1
x-kubernetes-list-type: set
issuerCertificateAuthority:
description: CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the "ca-bundle.crt" key. If unset, system trust is used instead.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
issuerURL:
description: URL is the serving URL of the token issuer. Must use the https:// scheme.
type: string
pattern: ^https:\/\/[^\s]
name:
description: Name of the OIDC provider
type: string
minLength: 1
oidcClients:
description: OIDCClients contains configuration for the platform's clients that need to request tokens from the issuer
type: array
maxItems: 20
items:
type: object
required:
- clientID
- componentName
- componentNamespace
properties:
clientID:
description: ClientID is the identifier of the OIDC client from the OIDC provider
type: string
minLength: 1
clientSecret:
description: ClientSecret refers to a secret in the `openshift-config` namespace that contains the client secret in the `clientSecret` key of the `.data` field
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
componentName:
description: ComponentName is the name of the component that is supposed to consume this client configuration
type: string
maxLength: 256
minLength: 1
componentNamespace:
description: ComponentNamespace is the namespace of the component that is supposed to consume this client configuration
type: string
maxLength: 63
minLength: 1
extraScopes:
description: ExtraScopes is an optional set of scopes to request tokens with.
type: array
items:
type: string
x-kubernetes-list-type: set
x-kubernetes-list-map-keys:
- componentNamespace
- componentName
x-kubernetes-list-type: map
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
serviceAccountIssuer:
description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.'
type: string
type:
description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
type: string
webhookTokenAuthenticator:
description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"."
type: object
required:
- kubeConfig
properties:
kubeConfig:
description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored."
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
webhookTokenAuthenticators:
description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect.
type: array
items:
description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
type: object
properties:
kubeConfig:
description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
x-kubernetes-list-type: atomic
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
integratedOAuthMetadata:
description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
oidcClients:
description: OIDCClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin.
type: array
maxItems: 20
items:
type: object
required:
- componentName
- componentNamespace
properties:
componentName:
description: ComponentName is the name of the component that will consume a client configuration.
type: string
maxLength: 256
minLength: 1
componentNamespace:
description: ComponentNamespace is the namespace of the component that will consume a client configuration.
type: string
maxLength: 63
minLength: 1
conditions:
description: "Conditions are used to communicate the state of the `oidcClients` entry. \n Supported conditions include Available, Degraded and Progressing. \n If Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry."
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
consumingUsers:
description: ConsumingUsers is a slice of ServiceAccounts that need to have read permission on the `clientSecret` secret.
type: array
maxItems: 5
items:
description: ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported.
type: string
maxLength: 512
minLength: 1
pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
x-kubernetes-list-type: set
currentOIDCClients:
description: CurrentOIDCClients is a list of clients that the component is currently using.
type: array
items:
type: object
required:
- clientID
- issuerURL
- oidcProviderName
properties:
clientID:
description: ClientID is the identifier of the OIDC client from the OIDC provider
type: string
minLength: 1
issuerURL:
description: URL is the serving URL of the token issuer. Must use the https:// scheme.
type: string
pattern: ^https:\/\/[^\s]
oidcProviderName:
description: OIDCName refers to the `name` of the provider from `oidcProviders`
type: string
minLength: 1
x-kubernetes-list-map-keys:
- issuerURL
- clientID
x-kubernetes-list-type: map
x-kubernetes-list-map-keys:
- componentNamespace
- componentName
x-kubernetes-list-type: map
x-kubernetes-validations:
- rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))'
message: all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients

103
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml generated vendored
View File

@@ -1,103 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: Default
name: authentications.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Authentication
listKind: AuthenticationList
plural: authentications
singular: authentication
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
oauthMetadata:
description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
serviceAccountIssuer:
description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.'
type: string
type:
description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.
type: string
webhookTokenAuthenticator:
description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"."
type: object
required:
- kubeConfig
properties:
kubeConfig:
description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored."
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
webhookTokenAuthenticators:
description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect.
type: array
items:
description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.
type: object
properties:
kubeConfig:
description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
x-kubernetes-list-type: atomic
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
integratedOAuthMetadata:
description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
served: true
storage: true
subresources:
status: {}

57
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml generated vendored
View File

@@ -1,57 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: consoles.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Console
listKind: ConsoleList
plural: consoles
singular: console
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
authentication:
description: ConsoleAuthentication defines a list of optional configuration for console authentication.
type: object
properties:
logoutRedirect:
description: 'An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user''s token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.'
type: string
pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
consoleURL:
description: The URL for the console. This will be derived from the host for the route that is created for the console.
type: string
served: true
storage: true
subresources:
status: {}

114
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml generated vendored
View File

@@ -1,114 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: CustomNoUpgrade
name: dnses.config.openshift.io
spec:
group: config.openshift.io
names:
kind: DNS
listKind: DNSList
plural: dnses
singular: dns
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
baseDomain:
description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed."
type: string
platform:
description: platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
type: object
required:
- type
properties:
aws:
description: aws contains DNS configuration specific to the Amazon Web Services cloud provider.
type: object
properties:
privateZoneIAMRole:
description: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.
type: string
pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$
type:
description: "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\". \n Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults."
type: string
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
x-kubernetes-validations:
- rule: self in ['','AWS']
message: allowed values are '' and 'AWS'
x-kubernetes-validations:
- rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : !has(self.aws)'
message: aws configuration is required when platform is AWS, and forbidden otherwise
privateZone:
description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed."
type: object
properties:
id:
description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
type: string
tags:
description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
type: object
additionalProperties:
type: string
publicZone:
description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed."
type: object
properties:
id:
description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
type: string
tags:
description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
type: object
additionalProperties:
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

114
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml generated vendored
View File

@@ -1,114 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: Default
name: dnses.config.openshift.io
spec:
group: config.openshift.io
names:
kind: DNS
listKind: DNSList
plural: dnses
singular: dns
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
baseDomain:
description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed."
type: string
platform:
description: platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
type: object
required:
- type
properties:
aws:
description: aws contains DNS configuration specific to the Amazon Web Services cloud provider.
type: object
properties:
privateZoneIAMRole:
description: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.
type: string
pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$
type:
description: "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\". \n Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults."
type: string
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
x-kubernetes-validations:
- rule: self in ['','AWS']
message: allowed values are '' and 'AWS'
x-kubernetes-validations:
- rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : !has(self.aws)'
message: aws configuration is required when platform is AWS, and forbidden otherwise
privateZone:
description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed."
type: object
properties:
id:
description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
type: string
tags:
description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
type: object
additionalProperties:
type: string
publicZone:
description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed."
type: object
properties:
id:
description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
type: string
tags:
description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
type: object
additionalProperties:
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

114
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml generated vendored
View File

@@ -1,114 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: dnses.config.openshift.io
spec:
group: config.openshift.io
names:
kind: DNS
listKind: DNSList
plural: dnses
singular: dns
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
baseDomain:
description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed."
type: string
platform:
description: platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
type: object
required:
- type
properties:
aws:
description: aws contains DNS configuration specific to the Amazon Web Services cloud provider.
type: object
properties:
privateZoneIAMRole:
description: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.
type: string
pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$
type:
description: "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\". \n Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults."
type: string
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
x-kubernetes-validations:
- rule: self in ['','AWS']
message: allowed values are '' and 'AWS'
x-kubernetes-validations:
- rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : !has(self.aws)'
message: aws configuration is required when platform is AWS, and forbidden otherwise
privateZone:
description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed."
type: object
properties:
id:
description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
type: string
tags:
description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
type: object
additionalProperties:
type: string
publicZone:
description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed."
type: object
properties:
id:
description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
type: string
tags:
description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
type: object
additionalProperties:
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

153
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml generated vendored
View File

@@ -1,153 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: featuregates.config.openshift.io
spec:
group: config.openshift.io
names:
kind: FeatureGate
listKind: FeatureGateList
plural: featuregates
singular: featuregate
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Feature holds cluster-wide information about feature gates. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
customNoUpgrade:
description: customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field.
type: object
properties:
disabled:
description: disabled is a list of all feature gates that you want to force off
type: array
items:
description: FeatureGateName is a string to enforce patterns on the name of a FeatureGate
type: string
pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
enabled:
description: enabled is a list of all feature gates that you want to force on
type: array
items:
description: FeatureGateName is a string to enforce patterns on the name of a FeatureGate
type: string
pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
nullable: true
featureSet:
description: featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
conditions:
description: 'conditions represent the observations of the current state. Known .status.conditions.type are: "DeterminationDegraded"'
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
featureGates:
description: featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.
type: array
items:
type: object
required:
- version
properties:
disabled:
description: disabled is a list of all feature gates that are disabled in the cluster for the named version.
type: array
items:
type: object
required:
- name
properties:
name:
description: name is the name of the FeatureGate.
type: string
pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
enabled:
description: enabled is a list of all feature gates that are enabled in the cluster for the named version.
type: array
items:
type: object
required:
- name
properties:
name:
description: name is the name of the FeatureGate.
type: string
pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
version:
description: version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.
type: string
x-kubernetes-list-map-keys:
- version
x-kubernetes-list-type: map
served: true
storage: true
subresources:
status: {}

108
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml generated vendored
View File

@@ -1,108 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: images.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Image
listKind: ImageList
plural: images
singular: image
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
additionalTrustedCA:
description: additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
allowedRegistriesForImport:
description: allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.
type: array
items:
description: RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.
type: object
properties:
domainName:
description: domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.
type: string
insecure:
description: insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.
type: boolean
externalRegistryHostnames:
description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format.
type: array
items:
type: string
registrySources:
description: registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.
type: object
properties:
allowedRegistries:
description: "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. \n Only one of BlockedRegistries or AllowedRegistries may be set."
type: array
items:
type: string
blockedRegistries:
description: "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. \n Only one of BlockedRegistries or AllowedRegistries may be set."
type: array
items:
type: string
containerRuntimeSearchRegistries:
description: 'containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.'
type: array
format: hostname
minItems: 1
items:
type: string
x-kubernetes-list-type: set
insecureRegistries:
description: insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
type: array
items:
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
externalRegistryHostnames:
description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format.
type: array
items:
type: string
internalRegistryHostname:
description: internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname.
type: string
served: true
storage: true
subresources:
status: {}

68
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml generated vendored
View File

@@ -1,68 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/874
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: imagecontentpolicies.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ImageContentPolicy
listKind: ImageContentPolicyList
plural: imagecontentpolicies
singular: imagecontentpolicy
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
repositoryDigestMirrors:
description: "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\". \n Each “source” repository is treated independently; configurations for different “source” repositories dont interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified."
type: array
items:
description: RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type: object
required:
- source
properties:
allowMirrorByTags:
description: allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.
type: boolean
mirrors:
description: mirrors is zero or more repositories that may also contain the same images. If the "mirrors" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.
type: array
items:
type: string
pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$
x-kubernetes-list-type: set
source:
description: source is the repository that users refer to, e.g. in image pull specifications.
type: string
pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$
x-kubernetes-list-map-keys:
- source
x-kubernetes-list-type: map
served: true
storage: true
subresources:
status: {}

74
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml generated vendored
View File

@@ -1,74 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/1126
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: imagedigestmirrorsets.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ImageDigestMirrorSet
listKind: ImageDigestMirrorSetList
plural: imagedigestmirrorsets
shortNames:
- idms
singular: imagedigestmirrorset
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
imageDigestMirrors:
description: "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD. \n If the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories dont interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order."
type: array
items:
description: ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type: object
required:
- source
properties:
mirrorSourcePolicy:
description: mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
type: string
enum:
- NeverContactSource
- AllowContactingSource
mirrors:
description: 'mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user''s desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table'
type: array
items:
type: string
pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
x-kubernetes-list-type: set
source:
description: 'source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table'
type: string
pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
x-kubernetes-list-type: atomic
status:
description: status contains the observed state of the resource.
type: object
served: true
storage: true
subresources:
status: {}

74
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml generated vendored
View File

@@ -1,74 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/1126
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: imagetagmirrorsets.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ImageTagMirrorSet
listKind: ImageTagMirrorSetList
plural: imagetagmirrorsets
shortNames:
- itms
singular: imagetagmirrorset
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
imageTagMirrors:
description: "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD. \n If the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories dont interact. \n If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order."
type: array
items:
description: ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.
type: object
required:
- source
properties:
mirrorSourcePolicy:
description: mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.
type: string
enum:
- NeverContactSource
- AllowContactingSource
mirrors:
description: 'mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user''s desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. "mirrors" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table'
type: array
items:
type: string
pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
x-kubernetes-list-type: set
source:
description: 'source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. "source" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table'
type: string
pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$
x-kubernetes-list-type: atomic
status:
description: status contains the observed state of the resource.
type: object
served: true
storage: true
subresources:
status: {}

1194
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml generated vendored
View File

File diff suppressed because it is too large Load Diff

24
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch generated vendored
View File

@@ -1,24 +0,0 @@
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format
value: cidr

997
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml generated vendored
View File

@@ -1,997 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: Default
name: infrastructures.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Infrastructure
listKind: InfrastructureList
plural: infrastructures
singular: infrastructure
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
properties:
cloudConfig:
description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only."
properties:
key:
description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.
type: string
name:
type: string
type: object
platformSpec:
description: platformSpec holds desired information specific to the underlying infrastructure provider.
properties:
alibabaCloud:
description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.
type: object
aws:
description: AWS contains settings specific to the Amazon Web Services infrastructure provider.
properties:
serviceEndpoints:
description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
items:
description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
properties:
name:
description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
pattern: ^https://
type: string
type: object
type: array
x-kubernetes-list-type: atomic
type: object
azure:
description: Azure contains settings specific to the Azure infrastructure provider.
type: object
baremetal:
description: BareMetal contains settings specific to the BareMetal platform.
type: object
equinixMetal:
description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.
type: object
external:
description: ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.
properties:
platformName:
default: Unknown
description: PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.
type: string
x-kubernetes-validations:
- message: platform name cannot be changed once set
rule: oldSelf == 'Unknown' || self == oldSelf
type: object
gcp:
description: GCP contains settings specific to the Google Cloud Platform infrastructure provider.
type: object
ibmcloud:
description: IBMCloud contains settings specific to the IBMCloud infrastructure provider.
type: object
kubevirt:
description: Kubevirt contains settings specific to the kubevirt infrastructure provider.
type: object
nutanix:
description: Nutanix contains settings specific to the Nutanix infrastructure provider.
properties:
failureDomains:
description: failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.
items:
description: NutanixFailureDomain configures failure domain information for the Nutanix platform.
properties:
cluster:
description: cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
properties:
name:
description: name is the resource name in the PC. It cannot be empty if the type is Name.
type: string
type:
description: type is the identifier type to use for this resource.
enum:
- UUID
- Name
type: string
uuid:
description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.
type: string
required:
- type
type: object
x-kubernetes-validations:
- message: uuid configuration is required when type is UUID, and forbidden otherwise
rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)'
- message: name configuration is required when type is Name, and forbidden otherwise
rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)'
name:
description: name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.
maxLength: 64
minLength: 1
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?'
type: string
subnets:
description: subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.
items:
description: NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)
properties:
name:
description: name is the resource name in the PC. It cannot be empty if the type is Name.
type: string
type:
description: type is the identifier type to use for this resource.
enum:
- UUID
- Name
type: string
uuid:
description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.
type: string
required:
- type
type: object
x-kubernetes-validations:
- message: uuid configuration is required when type is UUID, and forbidden otherwise
rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)'
- message: name configuration is required when type is Name, and forbidden otherwise
rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)'
maxItems: 1
minItems: 1
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
required:
- cluster
- name
- subnets
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
prismCentral:
description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
properties:
address:
description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)
maxLength: 256
type: string
port:
description: port is the port number to access the Nutanix Prism Central or Element (cluster)
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- address
- port
type: object
prismElements:
description: prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.
items:
description: NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)
properties:
endpoint:
description: endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.
properties:
address:
description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)
maxLength: 256
type: string
port:
description: port is the port number to access the Nutanix Prism Central or Element (cluster)
format: int32
maximum: 65535
minimum: 1
type: integer
required:
- address
- port
type: object
name:
description: name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).
maxLength: 256
type: string
required:
- endpoint
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
required:
- prismCentral
- prismElements
type: object
openstack:
description: OpenStack contains settings specific to the OpenStack infrastructure provider.
type: object
ovirt:
description: Ovirt contains settings specific to the oVirt infrastructure provider.
type: object
powervs:
description: PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.
properties:
serviceEndpoints:
description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
items:
description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
properties:
name:
description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
format: uri
pattern: ^https://
type: string
required:
- name
- url
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
type:
description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
vsphere:
description: VSphere contains settings specific to the VSphere infrastructure provider.
properties:
failureDomains:
description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.
items:
description: VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.
properties:
name:
description: name defines the arbitrary but unique name of a failure domain.
maxLength: 256
minLength: 1
type: string
region:
description: region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.
maxLength: 80
minLength: 1
type: string
server:
anyOf:
- format: ipv4
- format: ipv6
- format: hostname
description: server is the fully-qualified domain name or the IP address of the vCenter server. ---
maxLength: 255
minLength: 1
type: string
topology:
description: Topology describes a given failure domain using vSphere constructs
properties:
computeCluster:
description: computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form /<datacenter>/host/<cluster>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/host/.*?
type: string
datacenter:
description: datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.
maxLength: 80
type: string
datastore:
description: datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form /<datacenter>/datastore/<datastore> The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/datastore/.*?
type: string
folder:
description: folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form /<datacenter>/vm/<folder>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/vm/.*?
type: string
networks:
description: networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form /<datacenter>/network/<portgroup>.
items:
type: string
maxItems: 1
minItems: 1
type: array
x-kubernetes-list-type: atomic
resourcePool:
description: resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form /<datacenter>/host/<cluster>/Resources/<resourcepool>. The maximum length of the path is 2048 characters.
maxLength: 2048
pattern: ^/.*?/host/.*?/Resources.*
type: string
required:
- computeCluster
- datacenter
- datastore
- networks
type: object
zone:
description: zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.
maxLength: 80
minLength: 1
type: string
required:
- name
- region
- server
- topology
- zone
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
nodeNetworking:
description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.
properties:
external:
description: external represents the network configuration of the node that is externally routable.
properties:
excludeNetworkSubnetCidr:
description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. ---
items:
format: cidr
type: string
type: array
x-kubernetes-list-type: atomic
network:
description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`
type: string
networkSubnetCidr:
description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. ---
items:
format: cidr
type: string
type: array
x-kubernetes-list-type: set
type: object
internal:
description: internal represents the network configuration of the node that is routable only within the cluster.
properties:
excludeNetworkSubnetCidr:
description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. ---
items:
format: cidr
type: string
type: array
x-kubernetes-list-type: atomic
network:
description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`
type: string
networkSubnetCidr:
description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. ---
items:
format: cidr
type: string
type: array
x-kubernetes-list-type: set
type: object
type: object
vcenters:
description: vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. ---
items:
description: VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.
properties:
datacenters:
description: The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.
items:
type: string
minItems: 1
type: array
x-kubernetes-list-type: set
port:
description: port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.
format: int32
maximum: 32767
minimum: 1
type: integer
server:
anyOf:
- format: ipv4
- format: ipv6
- format: hostname
description: server is the fully-qualified domain name or the IP address of the vCenter server. ---
maxLength: 255
type: string
required:
- datacenters
- server
type: object
maxItems: 1
minItems: 0
type: array
x-kubernetes-list-type: atomic
type: object
type: object
type: object
status:
description: status holds observed values from the cluster. They may not be overridden.
properties:
apiServerInternalURI:
description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.
type: string
apiServerURL:
description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.
type: string
controlPlaneTopology:
default: HighlyAvailable
description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.
enum:
- HighlyAvailable
- SingleReplica
- External
type: string
cpuPartitioning:
default: None
description: cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.
enum:
- None
- AllNodes
type: string
etcdDiscoveryDomain:
description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.'
type: string
infrastructureName:
description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.
type: string
infrastructureTopology:
default: HighlyAvailable
description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.'
enum:
- HighlyAvailable
- SingleReplica
type: string
platform:
description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead."
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
platformStatus:
description: platformStatus holds status information specific to the underlying infrastructure provider.
properties:
alibabaCloud:
description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.
properties:
region:
description: region specifies the region for Alibaba Cloud resources created for the cluster.
pattern: ^[0-9A-Za-z-]+$
type: string
resourceGroupID:
description: resourceGroupID is the ID of the resource group for the cluster.
pattern: ^(rg-[0-9A-Za-z]+)?$
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.
items:
description: AlibabaCloudResourceTag is the set of tags to add to apply to resources.
properties:
key:
description: key is the key of the tag.
maxLength: 128
minLength: 1
type: string
value:
description: value is the value of the tag.
maxLength: 128
minLength: 1
type: string
required:
- key
- value
type: object
maxItems: 20
type: array
x-kubernetes-list-map-keys:
- key
x-kubernetes-list-type: map
required:
- region
type: object
aws:
description: AWS contains settings specific to the Amazon Web Services infrastructure provider.
properties:
region:
description: region holds the default AWS region for new AWS resources created by the cluster.
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.
items:
description: AWSResourceTag is a tag to apply to AWS resources created for the cluster.
properties:
key:
description: key is the key of the tag
maxLength: 128
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
value:
description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.:/=+-@]+$
type: string
required:
- key
- value
type: object
maxItems: 25
type: array
x-kubernetes-list-type: atomic
serviceEndpoints:
description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.
items:
description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.
properties:
name:
description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
pattern: ^https://
type: string
type: object
type: array
x-kubernetes-list-type: atomic
type: object
azure:
description: Azure contains settings specific to the Azure infrastructure provider.
properties:
armEndpoint:
description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.
type: string
cloudName:
description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.
enum:
- ""
- AzurePublicCloud
- AzureUSGovernmentCloud
- AzureChinaCloud
- AzureGermanCloud
- AzureStackCloud
type: string
networkResourceGroupName:
description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.
type: string
resourceGroupName:
description: resourceGroupName is the Resource Group for new Azure resources created for the cluster.
type: string
resourceTags:
description: resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.
items:
description: AzureResourceTag is a tag to apply to Azure resources created for the cluster.
properties:
key:
description: key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$
type: string
value:
description: 'value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.'
maxLength: 256
minLength: 1
pattern: ^[0-9A-Za-z_.=+-@]+$
type: string
required:
- key
- value
type: object
maxItems: 10
type: array
x-kubernetes-list-type: atomic
x-kubernetes-validations:
- message: resourceTags are immutable and may only be configured during installation
rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self)
type: object
x-kubernetes-validations:
- message: resourceTags may only be configured during installation
rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)'
baremetal:
description: BareMetal contains settings specific to the BareMetal platform.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
equinixMetal:
description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.
properties:
apiServerInternalIP:
description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.
type: string
ingressIP:
description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
type: string
type: object
external:
description: External contains settings specific to the generic External infrastructure provider.
properties:
cloudControllerManager:
description: cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.
properties:
state:
description: "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager \n Valid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected."
enum:
- ""
- External
- None
type: string
x-kubernetes-validations:
- message: state is immutable once set
rule: self == oldSelf
type: object
x-kubernetes-validations:
- message: state may not be added or removed once set
rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != "External")
type: object
x-kubernetes-validations:
- message: cloudControllerManager may not be added or removed once set
rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)
gcp:
description: GCP contains settings specific to the Google Cloud Platform infrastructure provider.
properties:
projectID:
description: resourceGroupName is the Project ID for new GCP resources created for the cluster.
type: string
region:
description: region holds the region for new GCP resources created for the cluster.
type: string
type: object
ibmcloud:
description: IBMCloud contains settings specific to the IBMCloud infrastructure provider.
properties:
cisInstanceCRN:
description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain
type: string
dnsInstanceCRN:
description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain
type: string
location:
description: Location is where the cluster has been deployed
type: string
providerType:
description: ProviderType indicates the type of cluster that was created
type: string
resourceGroupName:
description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.
type: string
serviceEndpoints:
description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM Cloud service. These endpoints are consumed by components within the cluster to reach the respective IBM Cloud Services.
items:
description: IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.
properties:
name:
description: 'name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`'
enum:
- CIS
- COS
- DNSServices
- GlobalSearch
- GlobalTagging
- HyperProtect
- IAM
- KeyProtect
- ResourceController
- ResourceManager
- VPC
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
type: string
x-kubernetes-validations:
- message: url must be a valid absolute URL
rule: isURL(self)
required:
- name
- url
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
kubevirt:
description: Kubevirt contains settings specific to the kubevirt infrastructure provider.
properties:
apiServerInternalIP:
description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.
type: string
ingressIP:
description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
type: string
type: object
nutanix:
description: Nutanix contains settings specific to the Nutanix infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
type: object
openstack:
description: OpenStack contains settings specific to the OpenStack infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
cloudName:
description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).
type: string
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
loadBalancer:
default:
type: OpenShiftManagedDefault
description: loadBalancer defines how the load balancer used by the cluster is configured.
properties:
type:
default: OpenShiftManagedDefault
description: type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
enum:
- OpenShiftManagedDefault
- UserManaged
type: string
x-kubernetes-validations:
- message: type is immutable once set
rule: oldSelf == '' || self == oldSelf
type: object
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
ovirt:
description: Ovirt contains settings specific to the oVirt infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
nodeDNSIP:
description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.'
type: string
type: object
powervs:
description: PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider.
properties:
cisInstanceCRN:
description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain
type: string
dnsInstanceCRN:
description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain
type: string
region:
description: region holds the default Power VS region for new Power VS resources created by the cluster.
type: string
resourceGroup:
description: 'resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won''t be able to configure storage, which results in the image registry cluster operator not being in an available state.'
maxLength: 40
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
x-kubernetes-validations:
- message: resourceGroup is immutable once set
rule: oldSelf == '' || self == oldSelf
serviceEndpoints:
description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.
items:
description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.
properties:
name:
description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud
pattern: ^[a-z0-9-]+$
type: string
url:
description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.
format: uri
pattern: ^https://
type: string
required:
- name
- url
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
zone:
description: 'zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported'
type: string
type: object
x-kubernetes-validations:
- message: cannot unset resourceGroup once set
rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)'
type:
description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set."
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
type: string
vsphere:
description: VSphere contains settings specific to the VSphere infrastructure provider.
properties:
apiServerInternalIP:
description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead."
type: string
apiServerInternalIPs:
description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
ingressIP:
description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead."
type: string
ingressIPs:
description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.
format: ip
items:
type: string
maxItems: 2
type: array
x-kubernetes-list-type: set
nodeDNSIP:
description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
type: string
type: object
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

24
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml-patch generated vendored
View File

@@ -1,24 +0,0 @@
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format
value: cidr

1194
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml generated vendored
View File

File diff suppressed because it is too large Load Diff

24
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch generated vendored
View File

@@ -1,24 +0,0 @@
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf
value:
- format: ipv4
- format: ipv6
- format: hostname
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format
value: cidr
- op: add
path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format
value: cidr

334
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml generated vendored
View File

@@ -1,334 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: ingresses.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Ingress
listKind: IngressList
plural: ingresses
singular: ingress
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
appsDomain:
description: appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.
type: string
componentRoutes:
description: "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. \n To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes."
type: array
items:
description: ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.
type: object
required:
- hostname
- name
- namespace
properties:
hostname:
description: hostname is the hostname that should be used by the route.
type: string
pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$
name:
description: "name is the logical name of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized."
type: string
maxLength: 256
minLength: 1
namespace:
description: "namespace is the namespace of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized."
type: string
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
servingCertKeyPairSecret:
description: servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
x-kubernetes-list-map-keys:
- namespace
- name
x-kubernetes-list-type: map
domain:
description: "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"<route-name>.<route-namespace>.<domain>\". \n It is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.<domain>\". \n Once set, changing domain is not currently supported."
type: string
loadBalancer:
description: loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.
type: object
properties:
platform:
description: platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.
type: object
properties:
aws:
description: aws contains settings specific to the Amazon Web Services infrastructure provider.
type: object
required:
- type
properties:
type:
description: "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are: \n * \"Classic\": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb \n * \"NLB\": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb"
type: string
enum:
- NLB
- Classic
type:
description: type is the underlying infrastructure provider for the cluster. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.
type: string
enum:
- ""
- AWS
- Azure
- BareMetal
- GCP
- Libvirt
- OpenStack
- None
- VSphere
- oVirt
- IBMCloud
- KubeVirt
- EquinixMetal
- PowerVS
- AlibabaCloud
- Nutanix
- External
requiredHSTSPolicies:
description: "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. \n A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains \n - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. \n The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. \n Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid."
type: array
items:
type: object
required:
- domainPatterns
properties:
domainPatterns:
description: "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. \n The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*."
type: array
minItems: 1
items:
type: string
includeSubDomainsPolicy:
description: 'includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host''s domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com'
type: string
enum:
- RequireIncludeSubDomains
- RequireNoIncludeSubDomains
- NoOpinion
maxAge:
description: maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.
type: object
properties:
largestMaxAge:
description: The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.
type: integer
format: int32
maximum: 2147483647
minimum: 0
smallestMaxAge:
description: The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.
type: integer
format: int32
maximum: 2147483647
minimum: 0
namespaceSelector:
description: namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.
type: object
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
type: array
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
type: object
required:
- key
- operator
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
additionalProperties:
type: string
x-kubernetes-map-type: atomic
preloadPolicy:
description: preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).
type: string
enum:
- RequirePreload
- RequireNoPreload
- NoOpinion
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
componentRoutes:
description: componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.
type: array
items:
description: ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.
type: object
required:
- defaultHostname
- name
- namespace
- relatedObjects
properties:
conditions:
description: "conditions are used to communicate the state of the componentRoutes entry. \n Supported conditions include Available, Degraded and Progressing. \n If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. \n If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. \n If Progressing is true, that means the component is taking some action related to the componentRoutes entry."
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
consumingUsers:
description: consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.
type: array
maxItems: 5
items:
description: ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported.
type: string
maxLength: 512
minLength: 1
pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
currentHostnames:
description: currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.
type: array
minItems: 1
items:
description: "Hostname is an alias for hostname string validation. \n The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. ^([a-zA-Z0-9\\p{S}\\p{L}]((-?[a-zA-Z0-9\\p{S}\\p{L}]{0,62})?)|([a-zA-Z0-9\\p{S}\\p{L}](([a-zA-Z0-9-\\p{S}\\p{L}]{0,61}[a-zA-Z0-9\\p{S}\\p{L}])?)(\\.)){1,}([a-zA-Z\\p{L}]){2,63})$ \n The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, except that it allows hostnames longer than the maximum length: ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ \n Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname was saved via validation by the incorrect left operand of the | operator."
type: string
pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$
defaultHostname:
description: defaultHostname is the hostname of this route prior to customization.
type: string
pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$
name:
description: "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized."
type: string
maxLength: 256
minLength: 1
namespace:
description: "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized."
type: string
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
relatedObjects:
description: relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.
type: array
minItems: 1
items:
description: ObjectReference contains enough information to let you inspect or modify the referred object.
type: object
required:
- group
- name
- resource
properties:
group:
description: group of the referent.
type: string
name:
description: name of the referent.
type: string
namespace:
description: namespace of the referent.
type: string
resource:
description: resource of the referent.
type: string
x-kubernetes-list-map-keys:
- namespace
- name
x-kubernetes-list-type: map
defaultPlacement:
description: "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes. \n This field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments. \n See the documentation for the IngressController replicas and nodePlacement fields for more information. \n When omitted, the default value is Workers"
type: string
enum:
- ControlPlane
- Workers
- ""
served: true
storage: true
subresources:
status: {}

211
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-CustomNoUpgrade.crd.yaml generated vendored
View File

@@ -1,211 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: CustomNoUpgrade
name: networks.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Network
listKind: NetworkList
plural: networks
singular: network
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
type: object
properties:
clusterNetwork:
description: IP address pool to use for pod IPs. This field is immutable after installation.
type: array
items:
description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
type: object
properties:
cidr:
description: The complete block for pod IPs.
type: string
hostPrefix:
description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
type: integer
format: int32
minimum: 0
externalIP:
description: externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.
type: object
properties:
autoAssignCIDRs:
description: autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.
type: array
items:
type: string
policy:
description: policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.
type: object
properties:
allowedCIDRs:
description: allowedCIDRs is the list of allowed CIDRs.
type: array
items:
type: string
rejectedCIDRs:
description: rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.
type: array
items:
type: string
networkType:
description: 'NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.'
type: string
serviceNetwork:
description: IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.
type: array
items:
type: string
serviceNodePortRange:
description: The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.
type: string
pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
clusterNetwork:
description: IP address pool to use for pod IPs.
type: array
items:
description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
type: object
properties:
cidr:
description: The complete block for pod IPs.
type: string
hostPrefix:
description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
type: integer
format: int32
minimum: 0
clusterNetworkMTU:
description: ClusterNetworkMTU is the MTU for inter-pod networking.
type: integer
conditions:
description: 'conditions represents the observations of a network.config current state. Known .status.conditions.type are: "NetworkTypeMigrationInProgress", "NetworkTypeMigrationMTUReady", "NetworkTypeMigrationTargetCNIAvailable", "NetworkTypeMigrationTargetCNIInUse" and "NetworkTypeMigrationOriginalCNIPurged"'
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
migration:
description: Migration contains the cluster network migration configuration.
type: object
properties:
mtu:
description: MTU contains the MTU migration configuration.
type: object
properties:
machine:
description: Machine contains MTU migration configuration for the machine's uplink.
type: object
properties:
from:
description: From is the MTU to migrate from.
type: integer
format: int32
minimum: 0
to:
description: To is the MTU to migrate to.
type: integer
format: int32
minimum: 0
network:
description: Network contains MTU migration configuration for the default network.
type: object
properties:
from:
description: From is the MTU to migrate from.
type: integer
format: int32
minimum: 0
to:
description: To is the MTU to migrate to.
type: integer
format: int32
minimum: 0
networkType:
description: 'NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes'
type: string
enum:
- OpenShiftSDN
- OVNKubernetes
networkType:
description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
type: string
serviceNetwork:
description: IP address pool for services. Currently, we only support a single entry here.
type: array
items:
type: string
served: true
storage: true

164
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-Default.crd.yaml generated vendored
View File

@@ -1,164 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: Default
name: networks.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Network
listKind: NetworkList
plural: networks
singular: network
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
type: object
properties:
clusterNetwork:
description: IP address pool to use for pod IPs. This field is immutable after installation.
type: array
items:
description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
type: object
properties:
cidr:
description: The complete block for pod IPs.
type: string
hostPrefix:
description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
type: integer
format: int32
minimum: 0
externalIP:
description: externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.
type: object
properties:
autoAssignCIDRs:
description: autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.
type: array
items:
type: string
policy:
description: policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.
type: object
properties:
allowedCIDRs:
description: allowedCIDRs is the list of allowed CIDRs.
type: array
items:
type: string
rejectedCIDRs:
description: rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.
type: array
items:
type: string
networkType:
description: 'NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.'
type: string
serviceNetwork:
description: IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.
type: array
items:
type: string
serviceNodePortRange:
description: The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.
type: string
pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
clusterNetwork:
description: IP address pool to use for pod IPs.
type: array
items:
description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
type: object
properties:
cidr:
description: The complete block for pod IPs.
type: string
hostPrefix:
description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
type: integer
format: int32
minimum: 0
clusterNetworkMTU:
description: ClusterNetworkMTU is the MTU for inter-pod networking.
type: integer
migration:
description: Migration contains the cluster network migration configuration.
type: object
properties:
mtu:
description: MTU contains the MTU migration configuration.
type: object
properties:
machine:
description: Machine contains MTU migration configuration for the machine's uplink.
type: object
properties:
from:
description: From is the MTU to migrate from.
type: integer
format: int32
minimum: 0
to:
description: To is the MTU to migrate to.
type: integer
format: int32
minimum: 0
network:
description: Network contains MTU migration configuration for the default network.
type: object
properties:
from:
description: From is the MTU to migrate from.
type: integer
format: int32
minimum: 0
to:
description: To is the MTU to migrate to.
type: integer
format: int32
minimum: 0
networkType:
description: 'NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes'
type: string
enum:
- OpenShiftSDN
- OVNKubernetes
networkType:
description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
type: string
serviceNetwork:
description: IP address pool for services. Currently, we only support a single entry here.
type: array
items:
type: string
served: true
storage: true

211
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-TechPreviewNoUpgrade.crd.yaml generated vendored
View File

@@ -1,211 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: networks.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Network
listKind: NetworkList
plural: networks
singular: network
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
type: object
properties:
clusterNetwork:
description: IP address pool to use for pod IPs. This field is immutable after installation.
type: array
items:
description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
type: object
properties:
cidr:
description: The complete block for pod IPs.
type: string
hostPrefix:
description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
type: integer
format: int32
minimum: 0
externalIP:
description: externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.
type: object
properties:
autoAssignCIDRs:
description: autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.
type: array
items:
type: string
policy:
description: policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.
type: object
properties:
allowedCIDRs:
description: allowedCIDRs is the list of allowed CIDRs.
type: array
items:
type: string
rejectedCIDRs:
description: rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.
type: array
items:
type: string
networkType:
description: 'NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.'
type: string
serviceNetwork:
description: IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.
type: array
items:
type: string
serviceNodePortRange:
description: The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.
type: string
pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
properties:
clusterNetwork:
description: IP address pool to use for pod IPs.
type: array
items:
description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.
type: object
properties:
cidr:
description: The complete block for pod IPs.
type: string
hostPrefix:
description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.
type: integer
format: int32
minimum: 0
clusterNetworkMTU:
description: ClusterNetworkMTU is the MTU for inter-pod networking.
type: integer
conditions:
description: 'conditions represents the observations of a network.config current state. Known .status.conditions.type are: "NetworkTypeMigrationInProgress", "NetworkTypeMigrationMTUReady", "NetworkTypeMigrationTargetCNIAvailable", "NetworkTypeMigrationTargetCNIInUse" and "NetworkTypeMigrationOriginalCNIPurged"'
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
migration:
description: Migration contains the cluster network migration configuration.
type: object
properties:
mtu:
description: MTU contains the MTU migration configuration.
type: object
properties:
machine:
description: Machine contains MTU migration configuration for the machine's uplink.
type: object
properties:
from:
description: From is the MTU to migrate from.
type: integer
format: int32
minimum: 0
to:
description: To is the MTU to migrate to.
type: integer
format: int32
minimum: 0
network:
description: Network contains MTU migration configuration for the default network.
type: object
properties:
from:
description: From is the MTU to migrate from.
type: integer
format: int32
minimum: 0
to:
description: To is the MTU to migrate to.
type: integer
format: int32
minimum: 0
networkType:
description: 'NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes'
type: string
enum:
- OpenShiftSDN
- OVNKubernetes
networkType:
description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
type: string
serviceNetwork:
description: IP address pool for services. Currently, we only support a single entry here.
type: array
items:
type: string
served: true
storage: true

59
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml generated vendored
View File

@@ -1,59 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/1107
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: nodes.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Node
listKind: NodeList
plural: nodes
singular: node
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Node holds cluster-wide information about node specific features. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
cgroupMode:
description: CgroupMode determines the cgroups version on the node
type: string
enum:
- v1
- v2
- ""
workerLatencyProfile:
description: WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster
type: string
enum:
- Default
- MediumUpdateAverageReaction
- LowUpdateSlowReaction
status:
description: status holds observed values.
type: object
served: true
storage: true
subresources:
status: {}

444
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml generated vendored
View File

@@ -1,444 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: oauths.config.openshift.io
spec:
group: config.openshift.io
names:
kind: OAuth
listKind: OAuthList
plural: oauths
singular: oauth
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
identityProviders:
description: identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.
type: array
items:
description: IdentityProvider provides identities for users authenticating using credentials
type: object
properties:
basicAuth:
description: basicAuth contains configuration options for the BasicAuth IdP
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
tlsClientCert:
description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsClientKey:
description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
url:
description: url is the remote URL to connect to
type: string
github:
description: github enables user authentication using GitHub credentials
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
clientID:
description: clientID is the oauth client ID
type: string
clientSecret:
description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
hostname:
description: hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.
type: string
organizations:
description: organizations optionally restricts which organizations are allowed to log in
type: array
items:
type: string
teams:
description: teams optionally restricts which teams are allowed to log in. Format is <org>/<team>.
type: array
items:
type: string
gitlab:
description: gitlab enables user authentication using GitLab credentials
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
clientID:
description: clientID is the oauth client ID
type: string
clientSecret:
description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
url:
description: url is the oauth server base URL
type: string
google:
description: google enables user authentication using Google credentials
type: object
properties:
clientID:
description: clientID is the oauth client ID
type: string
clientSecret:
description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
hostedDomain:
description: hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to
type: string
htpasswd:
description: htpasswd enables user authentication using an HTPasswd file to validate credentials
type: object
properties:
fileData:
description: fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key "htpasswd" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
keystone:
description: keystone enables user authentication using keystone password credentials
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
domainName:
description: domainName is required for keystone v3
type: string
tlsClientCert:
description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tlsClientKey:
description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
url:
description: url is the remote URL to connect to
type: string
ldap:
description: ldap enables user authentication using LDAP credentials
type: object
properties:
attributes:
description: attributes maps LDAP attributes to identities
type: object
properties:
email:
description: email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity
type: array
items:
type: string
id:
description: id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is "dn"
type: array
items:
type: string
name:
description: name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is "cn"
type: array
items:
type: string
preferredUsername:
description: preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is "uid"
type: array
items:
type: string
bindDN:
description: bindDN is an optional DN to bind with during the search phase.
type: string
bindPassword:
description: bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key "bindPassword" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
insecure:
description: 'insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always attempt to connect using TLS, even when `insecure` is set to `true` When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.'
type: boolean
url:
description: 'url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter'
type: string
mappingMethod:
description: mappingMethod determines how identities from this provider are mapped to users Defaults to "claim"
type: string
name:
description: 'name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName'
type: string
openID:
description: openID enables user authentication using OpenID credentials
type: object
properties:
ca:
description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
claims:
description: claims mappings
type: object
properties:
email:
description: email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity
type: array
items:
type: string
x-kubernetes-list-type: atomic
groups:
description: groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.
type: array
items:
description: OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo responses
type: string
minLength: 1
x-kubernetes-list-type: atomic
name:
description: name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity
type: array
items:
type: string
x-kubernetes-list-type: atomic
preferredUsername:
description: preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim
type: array
items:
type: string
x-kubernetes-list-type: atomic
clientID:
description: clientID is the oauth client ID
type: string
clientSecret:
description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
extraAuthorizeParameters:
description: extraAuthorizeParameters are any custom parameters to add to the authorize request.
type: object
additionalProperties:
type: string
extraScopes:
description: extraScopes are any scopes to request in addition to the standard "openid" scope.
type: array
items:
type: string
issuer:
description: issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.
type: string
requestHeader:
description: requestHeader enables user authentication using request header credentials
type: object
properties:
ca:
description: ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key "ca.crt" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
challengeURL:
description: challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when challenge is set to true.
type: string
clientCommonNames:
description: clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.
type: array
items:
type: string
emailHeaders:
description: emailHeaders is the set of headers to check for the email address
type: array
items:
type: string
headers:
description: headers is the set of headers to check for identity information
type: array
items:
type: string
loginURL:
description: loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when login is set to true.
type: string
nameHeaders:
description: nameHeaders is the set of headers to check for the display name
type: array
items:
type: string
preferredUsernameHeaders:
description: preferredUsernameHeaders is the set of headers to check for the preferred username
type: array
items:
type: string
type:
description: type identifies the identity provider type for this entry.
type: string
x-kubernetes-list-type: atomic
templates:
description: templates allow you to customize pages like the login page.
type: object
properties:
error:
description: error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key "errors.html" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
login:
description: login is the name of a secret that specifies a go template to use to render the login page. The key "login.html" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
providerSelection:
description: providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key "providers.html" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
type: string
tokenConfig:
description: tokenConfig contains options for authorization and access tokens
type: object
properties:
accessTokenInactivityTimeout:
description: "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime. \n WARNING: existing tokens' timeout will not be affected (lowered) by changing this value"
type: string
accessTokenInactivityTimeoutSeconds:
description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.'
type: integer
format: int32
accessTokenMaxAgeSeconds:
description: accessTokenMaxAgeSeconds defines the maximum age of access tokens
type: integer
format: int32
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

55
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml generated vendored
View File

@@ -1,55 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: projects.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Project
listKind: ProjectList
plural: projects
singular: project
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Project holds cluster-wide information about Project. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
projectRequestMessage:
description: projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint
type: string
projectRequestTemplate:
description: projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.
type: object
properties:
name:
description: name is the metadata.name of the referenced project request template
type: string
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

68
vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml generated vendored
View File

@@ -1,68 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/470
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
include.release.openshift.io/single-node-developer: "true"
name: schedulers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: Scheduler
listKind: SchedulerList
plural: schedulers
singular: scheduler
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
type: object
properties:
defaultNodeSelector:
description: 'defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod''s selector. For example, defaultNodeSelector: "type=user-node,region=east" would set nodeSelector field in pod spec to "type=user-node,region=east" to all pods created in all namespaces. Namespaces having project-wide node selectors won''t be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: "type=user-node,region=west" means that the default of "type=user-node,region=east" set in defaultNodeSelector would not be applied.'
type: string
mastersSchedulable:
description: 'MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.'
type: boolean
policy:
description: 'DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced config map
type: string
profile:
description: "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods. \n Valid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\""
type: string
enum:
- ""
- LowNodeUtilization
- HighNodeUtilization
- NoScoring
status:
description: status holds observed values from the cluster. They may not be overridden.
type: object
served: true
storage: true
subresources:
status: {}

Some files were not shown because too many files have changed in this diff Show More