From 3bdcf1c55aef506ed617e44fbb10d4b70ed9ed42 Mon Sep 17 00:00:00 2001 From: Gregory Kopels Date: Tue, 19 Nov 2024 16:28:50 +0200 Subject: [PATCH] machineconfgiuration: sync types --- .../configs/machineconfiguration-config.yaml | 8 + .../machineconfiguration.go | 87 + .../machineconfiguration/mctypes/Makefile | 3 + .../machineconfiguration/mctypes/doc.go | 7 + .../AAA_ungated.yaml | 34 + .../AAA_ungated.yaml | 42 + .../AAA_ungated.yaml | 45 + .../AAA_ungated.yaml | 14 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 16 + .../machineconfiguration/mctypes/register.go | 82 + .../AAA_ungated.yaml | 130 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 41 + .../AWSEFSDriverVolumeMetrics.yaml | 108 + .../VSphereDriverConfiguration.yaml | 71 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 298 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 21 + .../AAA_ungated.yaml | 17 + .../EtcdBackendQuota.yaml | 149 + .../HardwareSpeed.yaml | 63 + .../AAA_ungated.yaml | 561 ++ .../IngressControllerLBOpenStack.yaml | 92 + .../IngressControllerLBSubnetsAWS.yaml | 599 ++ .../SetEIPForNLBIngressController.yaml | 569 ++ .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 17 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 16 + .../ManagedBootImages.yaml | 118 + .../NodeDisruptionPolicy.yaml | 118 + .../AAA_ungated.yaml | 978 +++ .../AdditionalRoutingCapabilities.yaml | 48 + .../NetworkLiveMigration.yaml | 101 + .../RouteAdvertisements.yaml | 53 + .../olms.operator.openshift.io/NewOLM.yaml | 28 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 16 + .../AAA_ungated.yaml | 113 + .../machineconfiguration/mctypes/types.go | 286 + .../mctypes/types_authentication.go | 69 + .../mctypes/types_cloudcredential.go | 93 + .../mctypes/types_config.go | 61 + .../mctypes/types_console.go | 479 ++ .../mctypes/types_csi_cluster_driver.go | 394 ++ .../mctypes/types_csi_snapshot.go | 61 + .../machineconfiguration/mctypes/types_dns.go | 530 ++ .../mctypes/types_etcd.go | 98 + .../mctypes/types_ingress.go | 2070 +++++++ .../mctypes/types_insights.go | 156 + .../mctypes/types_kubeapiserver.go | 83 + .../mctypes/types_kubecontrollermanager.go | 68 + .../types_kubestorageversionmigrator.go | 57 + .../mctypes/types_machineconfiguration.go | 509 ++ .../mctypes/types_network.go | 870 +++ .../machineconfiguration/mctypes/types_olm.go | 59 + .../mctypes/types_openshiftapiserver.go | 60 + .../types_openshiftcontrollermanager.go | 57 + .../mctypes/types_scheduler.go | 60 + .../mctypes/types_serviceca.go | 59 + .../mctypes/types_servicecatalogapiserver.go | 54 + .../types_servicecatalogcontrollermanager.go | 54 + .../mctypes/types_storage.go | 80 + ...000_10_config-operator_01_configs.crd.yaml | 214 + ...e-manager_01_olms-CustomNoUpgrade.crd.yaml | 216 + ...nager_01_olms-DevPreviewNoUpgrade.crd.yaml | 216 + ...ager_01_olms-TechPreviewNoUpgrade.crd.yaml | 216 + ..._12_etcd_01_etcds-CustomNoUpgrade.crd.yaml | 323 + .../0000_12_etcd_01_etcds-Default.crd.yaml | 310 + ...etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml | 323 + ...tcd_01_etcds-TechPreviewNoUpgrade.crd.yaml | 323 + ..._kube-apiserver_01_kubeapiservers.crd.yaml | 312 + ...manager_01_kubecontrollermanagers.crd.yaml | 301 + ..._kube-scheduler_01_kubeschedulers.crd.yaml | 292 + ...-apiserver_01_openshiftapiservers.crd.yaml | 213 + ...ud-credential_00_cloudcredentials.crd.yaml | 230 + ...or_00_kubestorageversionmigrators.crd.yaml | 208 + ...authentication_01_authentications.crd.yaml | 218 + .../0000_50_console_01_consoles.crd.yaml | 953 +++ ..._50_ingress_00_ingresscontrollers.crd.yaml | 3174 ++++++++++ ..._50_insights_00_insightsoperators.crd.yaml | 379 ++ ...er_02_openshiftcontrollermanagers.crd.yaml | 210 + .../0000_50_service-ca_02_servicecas.crd.yaml | 211 + .../0000_50_storage_01_storages.crd.yaml | 227 + .../0000_70_dns_00_dnses.crd.yaml | 614 ++ ...twork_01_networks-CustomNoUpgrade.crd.yaml | 1025 ++++ ...00_70_network_01_networks-Default.crd.yaml | 969 +++ ...k_01_networks-DevPreviewNoUpgrade.crd.yaml | 1025 ++++ ..._01_networks-TechPreviewNoUpgrade.crd.yaml | 1025 ++++ ...troller_01_csisnapshotcontrollers.crd.yaml | 211 + ...e-config_01_machineconfigurations.crd.yaml | 1119 ++++ ...0_csi-driver_01_clustercsidrivers.crd.yaml | 488 ++ .../mctypes/zz_generated.crd-manifests/doc.go | 1 + .../mctypes/zz_generated.deepcopy.go | 5330 +++++++++++++++++ ..._generated.featuregated-crd-manifests.yaml | 455 ++ .../AAA_ungated.yaml | 221 + .../AAA_ungated.yaml | 231 + .../AAA_ungated.yaml | 395 ++ .../AWSEFSDriverVolumeMetrics.yaml | 439 ++ .../VSphereDriverConfiguration.yaml | 424 ++ .../AAA_ungated.yaml | 215 + .../AAA_ungated.yaml | 954 +++ .../AAA_ungated.yaml | 212 + .../AAA_ungated.yaml | 593 ++ .../AAA_ungated.yaml | 297 + .../EtcdBackendQuota.yaml | 310 + .../HardwareSpeed.yaml | 310 + .../AAA_ungated.yaml | 2739 +++++++++ .../IngressControllerLBSubnetsAWS.yaml | 3037 ++++++++++ .../SetEIPForNLBIngressController.yaml | 2857 +++++++++ .../AAA_ungated.yaml | 376 ++ .../AAA_ungated.yaml | 313 + .../AAA_ungated.yaml | 302 + .../AAA_ungated.yaml | 293 + .../AAA_ungated.yaml | 209 + .../AAA_ungated.yaml | 196 + .../ManagedBootImages.yaml | 320 + .../NodeDisruptionPolicy.yaml | 996 +++ .../AAA_ungated.yaml | 964 +++ .../AdditionalRoutingCapabilities.yaml | 1004 ++++ .../NetworkLiveMigration.yaml | 969 +++ .../RouteAdvertisements.yaml | 980 +++ .../olms.operator.openshift.io/NewOLM.yaml | 216 + .../AAA_ungated.yaml | 214 + .../AAA_ungated.yaml | 211 + .../AAA_ungated.yaml | 212 + .../AAA_ungated.yaml | 228 + .../zz_generated.swagger_doc_generated.go | 2077 +++++++ 134 files changed, 55851 insertions(+) create mode 100644 internal/sync/configs/machineconfiguration-config.yaml create mode 100644 pkg/machineconfiguration/machineconfiguration.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/Makefile create mode 100644 pkg/schemes/machineconfiguration/mctypes/doc.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/dnses.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/insightsoperators.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/register.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/authentications.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/cloudcredentials.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/AWSEFSDriverVolumeMetrics.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/VSphereDriverConfiguration.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/configs.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/consoles.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/csisnapshotcontrollers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/dnses.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/EtcdBackendQuota.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/HardwareSpeed.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/IngressControllerLBOpenStack.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/insightsoperators.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/kubestorageversionmigrators.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/ManagedBootImages.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/NodeDisruptionPolicy.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/NetworkLiveMigration.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/RouteAdvertisements.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/olms.operator.openshift.io/NewOLM.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/openshiftapiservers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/openshiftcontrollermanagers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/servicecas.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/tests/storages.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/types.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_authentication.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_cloudcredential.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_config.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_console.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_csi_cluster_driver.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_csi_snapshot.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_dns.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_etcd.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_ingress.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_insights.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_kubeapiserver.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_kubecontrollermanager.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_kubestorageversionmigrator.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_machineconfiguration.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_network.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_olm.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_openshiftapiserver.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_openshiftcontrollermanager.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_scheduler.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_serviceca.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_servicecatalogapiserver.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_servicecatalogcontrollermanager.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/types_storage.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-CustomNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-DevPreviewNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-TechPreviewNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/doc.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.deepcopy.go create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/authentications.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/cloudcredentials.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AWSEFSDriverVolumeMetrics.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/VSphereDriverConfiguration.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/configs.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/consoles.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/csisnapshotcontrollers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/dnses.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/EtcdBackendQuota.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/HardwareSpeed.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/insightsoperators.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubestorageversionmigrators.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/ManagedBootImages.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/NodeDisruptionPolicy.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/NetworkLiveMigration.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/RouteAdvertisements.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/olms.operator.openshift.io/NewOLM.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/openshiftapiservers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/openshiftcontrollermanagers.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/servicecas.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/storages.operator.openshift.io/AAA_ungated.yaml create mode 100644 pkg/schemes/machineconfiguration/mctypes/zz_generated.swagger_doc_generated.go diff --git a/internal/sync/configs/machineconfiguration-config.yaml b/internal/sync/configs/machineconfiguration-config.yaml new file mode 100644 index 000000000..626e5b991 --- /dev/null +++ b/internal/sync/configs/machineconfiguration-config.yaml @@ -0,0 +1,8 @@ +--- +- name: machineconfiguration + sync: true + repo_link: "https://github.com/openshift/api/" + branch: master + remote_api_directory: operator/v1 + local_api_directory: schemes/machineconfiguration/mctypes +... diff --git a/pkg/machineconfiguration/machineconfiguration.go b/pkg/machineconfiguration/machineconfiguration.go new file mode 100644 index 000000000..1f18c7077 --- /dev/null +++ b/pkg/machineconfiguration/machineconfiguration.go @@ -0,0 +1,87 @@ +package machineconfiguration + +import ( + "context" + "github.com/golang/glog" + "github.com/openshift-kni/eco-goinfra/pkg/clients" + machineconfigurationv1 "github.com/openshift/api/operator/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + runtimeClient "sigs.k8s.io/controller-runtime/pkg/client" +) + +// APIGroup represents metallb api group. +const ( + APIGroup = "operator.openshift.io" + APIVersion = "v1" +) + +// MCBuilder provides struct for a MachineConfiguration object. +type MCBuilder struct { + Definition *machineconfigurationv1.MachineConfiguration + Object *machineconfigurationv1.MachineConfiguration + apiClient runtimeClient.Client +} + +// NewMachineConfigurationBuilder creates a new instance of machineconfiguration. +func NewMachineConfigurationBuilder(apiClient *clients.Settings, name string) *MCBuilder { + + err := apiClient.AttachScheme(machineconfigurationv1.AddToScheme) + if err != nil { + glog.V(100).Infof("Failed to add metallb scheme to client schemes") + + return nil + } + + return &MCBuilder{ + apiClient: apiClient, + Definition: &machineconfigurationv1.MachineConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + }, + } +} + +// Get retrieves existing machineconfiguration from cluster if found. +func (builder *MCBuilder) Get() (*machineconfigurationv1.MachineConfiguration, error) { + glog.V(100).Infof("Pulling existing machineSet name") + + machineConfig := &machineconfigurationv1.MachineConfiguration{} + err := builder.apiClient.Get(context.TODO(), + runtimeClient.ObjectKey{Name: builder.Definition.Name}, machineConfig) + + return machineConfig, err +} + +// Pull pulls existing machineconfiguration from cluster. +func Pull(apiClient *clients.Settings, name string) (b *MCBuilder, err error) { + glog.V(100).Infof("Pulling existing machineSet name %s ", name) + + err = apiClient.AttachScheme(machineconfigurationv1.AddToScheme) + if err != nil { + glog.V(100).Infof("Failed to add machineconfiguration scheme to client schemes") + + return nil, err + } + + builder := MCBuilder{ + apiClient: apiClient, + Definition: &machineconfigurationv1.MachineConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + }, + } + + builder.Definition = builder.Object + + return &MCBuilder{}, nil +} + +// GetMachineConfigurationGVR returns bgppeer's GroupVersionResource which could be used for Clean function. +func GetMachineConfigurationGVR() schema.GroupVersionResource { + return schema.GroupVersionResource{ + Group: APIGroup, Version: APIVersion, Resource: "machinesets", + } +} diff --git a/pkg/schemes/machineconfiguration/mctypes/Makefile b/pkg/schemes/machineconfiguration/mctypes/Makefile new file mode 100644 index 000000000..77f5d3409 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="operator.openshift.io/v1" diff --git a/pkg/schemes/machineconfiguration/mctypes/doc.go b/pkg/schemes/machineconfiguration/mctypes/doc.go new file mode 100644 index 000000000..aabdc7393 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/doc.go @@ -0,0 +1,7 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true + +// +kubebuilder:validation:Optional +// +groupName=operator.openshift.io +package mctypes diff --git a/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..d7f1abfd4 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + feature-gate.release.openshift.io/: "true" + name: clustercsidrivers.operator.openshift.io +spec: + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + metadata: + properties: + name: + enum: + - ebs.csi.aws.com + - efs.csi.aws.com + - disk.csi.azure.com + - file.csi.azure.com + - filestore.csi.storage.gke.io + - pd.csi.storage.gke.io + - cinder.csi.openstack.org + - csi.vsphere.vmware.com + - manila.csi.openstack.org + - csi.ovirt.org + - csi.kubevirt.io + - csi.sharedresource.openshift.io + - diskplugin.csi.alibabacloud.com + - vpc.block.csi.ibm.io + - powervs.csi.ibm.com + - secrets-store.csi.k8s.io + - smb.csi.k8s.io + type: string diff --git a/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/dnses.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/dnses.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..37eea8bd1 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/dnses.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,42 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + feature-gate.release.openshift.io/: "true" + name: dnses.operator.openshift.io +spec: + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + upstreamResolvers: + default: {} + properties: + upstreams: + items: + anyOf: + - not: + required: + - address + - port + properties: + type: + enum: + - "" + - SystemResolvConf + - optional: + - port + properties: + type: + enum: + - Network + required: + - address + properties: + address: + anyOf: + - format: ipv4 + - format: ipv6 diff --git a/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..a404d61c8 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + feature-gate.release.openshift.io/: "true" + name: ingresscontrollers.operator.openshift.io +spec: + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + logging: + properties: + access: + properties: + destination: + properties: + syslog: + oneOf: + - properties: + address: + format: ipv4 + - properties: + address: + format: ipv6 + tuningOptions: + anyOf: + - properties: + maxConnections: + enum: + - -1 + - 0 + - properties: + maxConnections: + format: int32 + maximum: 2000000 + minimum: 2000 + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.availableReplicas diff --git a/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/insightsoperators.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/insightsoperators.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..01c7fccbf --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/insightsoperators.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + feature-gate.release.openshift.io/: "true" + name: insightsoperators.operator.openshift.io +spec: + versions: + - name: v1 + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.availableReplicas diff --git a/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..0a410f204 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + feature-gate.release.openshift.io/: "true" + name: kubeapiservers.operator.openshift.io +spec: + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + managementState: + pattern: ^(Managed|Force)$ diff --git a/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..b457041aa --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + feature-gate.release.openshift.io/: "true" + name: kubecontrollermanagers.operator.openshift.io +spec: + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + managementState: + pattern: ^(Managed|Force)$ diff --git a/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..9e36f1ca7 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/manual-override-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + feature-gate.release.openshift.io/: "true" + name: kubeschedulers.operator.openshift.io +spec: + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + managementState: + pattern: ^(Managed|Force)$ diff --git a/pkg/schemes/machineconfiguration/mctypes/register.go b/pkg/schemes/machineconfiguration/mctypes/register.go new file mode 100644 index 000000000..d8d5b7c12 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/register.go @@ -0,0 +1,82 @@ +package mctypes + +import ( + configv1 "github.com/openshift/api/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "operator.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes, configv1.Install) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func addKnownTypes(scheme *runtime.Scheme) error { + metav1.AddToGroupVersion(scheme, GroupVersion) + + scheme.AddKnownTypes(GroupVersion, + &Authentication{}, + &AuthenticationList{}, + &DNS{}, + &DNSList{}, + &CloudCredential{}, + &CloudCredentialList{}, + &ClusterCSIDriver{}, + &ClusterCSIDriverList{}, + &Console{}, + &ConsoleList{}, + &CSISnapshotController{}, + &CSISnapshotControllerList{}, + &Etcd{}, + &EtcdList{}, + &KubeAPIServer{}, + &KubeAPIServerList{}, + &KubeControllerManager{}, + &KubeControllerManagerList{}, + &KubeScheduler{}, + &KubeSchedulerList{}, + &KubeStorageVersionMigrator{}, + &KubeStorageVersionMigratorList{}, + &MachineConfiguration{}, + &MachineConfigurationList{}, + &Network{}, + &NetworkList{}, + &OpenShiftAPIServer{}, + &OpenShiftAPIServerList{}, + &OpenShiftControllerManager{}, + &OpenShiftControllerManagerList{}, + &OLM{}, + &OLMList{}, + &ServiceCA{}, + &ServiceCAList{}, + &ServiceCatalogAPIServer{}, + &ServiceCatalogAPIServerList{}, + &ServiceCatalogControllerManager{}, + &ServiceCatalogControllerManagerList{}, + &IngressController{}, + &IngressControllerList{}, + &InsightsOperator{}, + &InsightsOperatorList{}, + &Storage{}, + &StorageList{}, + ) + + return nil +} diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/authentications.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/authentications.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..4cb6acb12 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/authentications.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,130 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Authentication" +crdName: authentications.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal Authentication + initial: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + spec: {} # No spec is required for a Authentication + expected: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + spec: + logLevel: Normal + operatorLogLevel: Normal + onUpdate: + - name: Can add latest revision after creation + initial: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + updated: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 0 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 0 + - name: Can update latestRevision to the same value + initial: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 6 + updated: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 6 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 6 + - name: Can increase latestRevision + initial: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 6 + updated: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 16 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 16 + - name: Cannot decrease latestRevision + initial: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 6 + updated: | + apiVersion: operator.openshift.io/v1 + kind: Authentication + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + status: + latestAvailableRevision: 5 + expectedStatusError: must only increase diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/cloudcredentials.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/cloudcredentials.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..c3e710feb --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/cloudcredentials.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "CloudCredential" +crdName: cloudcredentials.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal CloudCredential + initial: | + apiVersion: operator.openshift.io/v1 + kind: CloudCredential + spec: {} # No spec is required for a CloudCredential + expected: | + apiVersion: operator.openshift.io/v1 + kind: CloudCredential + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..f9370ef9c --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,41 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "ClusterCSIDriver" +crdName: clustercsidrivers.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal ClusterCSIDriver + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: {} # No spec is required for a ClusterCSIDriver + expected: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: IBM Cloud CSIDriverType must have a defined IBM Cloud spec + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + driverConfig: + driverType: IBMCloud + expectedError: "Invalid value: \"object\": ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" + - name: IBM Cloud spec must have an EncryptionKeyCRN defined + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + driverConfig: + driverType: IBMCloud + ibmcloud: {} + expectedError: "spec.driverConfig.ibmcloud.encryptionKeyCRN: Required value, : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/AWSEFSDriverVolumeMetrics.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/AWSEFSDriverVolumeMetrics.yaml new file mode 100644 index 000000000..27a568aae --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/AWSEFSDriverVolumeMetrics.yaml @@ -0,0 +1,108 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "ClusterCSIDriver" +crdName: clustercsidrivers.operator.openshift.io +featureGate: AWSEFSDriverVolumeMetrics +tests: + onCreate: + - name: Should be able to create a minimal ClusterCSIDriver + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: efs.csi.aws.com + spec: {} # No spec is required for a ClusterCSIDriver + expected: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: efs.csi.aws.com + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to create ClusterCSIDriver with AWS EFS volume metrics disabled + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: efs.csi.aws.com + spec: + driverConfig: + driverType: AWS + aws: + efsVolumeMetrics: + state: Disabled + logLevel: Normal + operatorLogLevel: Normal + expected: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: efs.csi.aws.com + spec: + driverConfig: + driverType: AWS + aws: + efsVolumeMetrics: + state: Disabled + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to create ClusterCSIDriver with AWS EFS volume metrics enabled as RecursiveWalk + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: efs.csi.aws.com + spec: + driverConfig: + driverType: AWS + aws: + efsVolumeMetrics: + state: RecursiveWalk + logLevel: Normal + operatorLogLevel: Normal + expected: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: efs.csi.aws.com + spec: + driverConfig: + driverType: AWS + aws: + efsVolumeMetrics: + state: RecursiveWalk + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to create ClusterCSIDriver with AWS EFS volume metrics enabled as RecursiveWalk and custom config + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: efs.csi.aws.com + spec: + driverConfig: + driverType: AWS + aws: + efsVolumeMetrics: + state: RecursiveWalk + recursiveWalk: + refreshPeriodMinutes: 100 + fsRateLimit: 10 + logLevel: Normal + operatorLogLevel: Normal + expected: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: efs.csi.aws.com + spec: + driverConfig: + driverType: AWS + aws: + efsVolumeMetrics: + state: RecursiveWalk + recursiveWalk: + refreshPeriodMinutes: 100 + fsRateLimit: 10 + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/VSphereDriverConfiguration.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/VSphereDriverConfiguration.yaml new file mode 100644 index 000000000..c6ac527d5 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/clustercsidrivers.operator.openshift.io/VSphereDriverConfiguration.yaml @@ -0,0 +1,71 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "ClusterCSIDriver" +crdName: clustercsidrivers.operator.openshift.io +featureGate: VSphereDriverConfiguration +tests: + onCreate: + - name: Should be able to create ClusterCSIDriver with snapshot options + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + driverConfig: + driverType: vSphere + vSphere: + globalMaxSnapshotsPerBlockVolume: 1 + granularMaxSnapshotsPerBlockVolumeInVSAN: 2 + granularMaxSnapshotsPerBlockVolumeInVVOL: 3 + logLevel: Normal + operatorLogLevel: Normal + expected: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + driverConfig: + driverType: vSphere + vSphere: + globalMaxSnapshotsPerBlockVolume: 1 + granularMaxSnapshotsPerBlockVolumeInVSAN: 2 + granularMaxSnapshotsPerBlockVolumeInVVOL: 3 + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to create a minimal ClusterCSIDriver + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: {} # No spec is required for a ClusterCSIDriver + expected: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: IBM Cloud CSIDriverType must have a defined IBM Cloud spec + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + driverConfig: + driverType: IBMCloud + expectedError: "Invalid value: \"object\": ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" + - name: IBM Cloud spec must have an EncryptionKeyCRN defined + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + driverConfig: + driverType: IBMCloud + ibmcloud: {} + expectedError: "spec.driverConfig.ibmcloud.encryptionKeyCRN: Required value, : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/configs.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/configs.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..376377dd1 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/configs.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Config" +crdName: configs.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal Config + initial: | + apiVersion: operator.openshift.io/v1 + kind: Config + spec: {} # No spec is required for a Config + expected: | + apiVersion: operator.openshift.io/v1 + kind: Config + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/consoles.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/consoles.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..a59212c95 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/consoles.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,298 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Console" +crdName: consoles.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal Console + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: {} # No spec is required for a Console + expected: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to customize perspectives + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + perspectives: + - id: dev + visibility: + state: Enabled + - id: admin + visibility: + state: Disabled + expected: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + logLevel: Normal + operatorLogLevel: Normal + customization: + perspectives: + - id: dev + visibility: + state: Enabled + - id: admin + visibility: + state: Disabled + - name: Should throw an error for incorrect value of state in perspectives + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + perspectives: + - id: dev + visibility: + state: Enables + expectedError: "spec.customization.perspectives[0].visibility.state: Unsupported value: \"Enables\": supported values: \"Enabled\", \"Disabled\", \"AccessReview\"" + - name: Should be able to add pinned resources to a perspective + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + perspectives: + - id: dev + visibility: + state: Enabled + pinnedResources: + - group: "" + resource: configmaps + version: v1 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + logLevel: Normal + operatorLogLevel: Normal + customization: + perspectives: + - id: dev + visibility: + state: Enabled + pinnedResources: + - group: "" + resource: configmaps + version: v1 + - name: Should not be able to add pinned resources to "admin" perspective + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + perspectives: + - id: admin + visibility: + state: Enabled + pinnedResources: + - group: "" + resource: configmaps + version: v1 + expectedError: "pinnedResources is allowed only for dev and forbidden for other perspectives" + - name: Should throw an error if "group" is missing from the pinnedResources + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + perspectives: + - id: dev + visibility: + state: Enabled + pinnedResources: + - resource: configmaps + version: v1 + expectedError: "spec.customization.perspectives[0].pinnedResources[0].group: Required value" + - name: Should throw an error if the value of "version" in the pinnedResources doesnot match the required regex + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + perspectives: + - id: dev + visibility: + state: Enabled + pinnedResources: + - group: "" + resource: configmaps + version: v' + expectedError: "spec.customization.perspectives[0].pinnedResources[0].version in body should match '^[a-z0-9]+$'" + - name: Should throw an error if the value of "group" in the pinnedResources doesnot match the required regex + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + perspectives: + - id: dev + visibility: + state: Enabled + pinnedResources: + - group: .apps. + resource: deployments + version: v1 + expectedError: "spec.customization.perspectives[0].pinnedResources[0].group in body should match '^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'" + - name: Should throw an error if the value of "resource" in the pinnedResources doesnot match the required regex + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + perspectives: + - id: dev + visibility: + state: Enabled + pinnedResources: + - group: apps + resource: Deployment + version: v1 + expectedError: "spec.customization.perspectives[0].pinnedResources[0].resource in body should match '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'" + - name: Should be able to add https urls + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + ingress: + consoleURL: "https://testingress.com" + clientDownloadsURL: "https://testingress.com" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + logLevel: Normal + operatorLogLevel: Normal + ingress: + consoleURL: "https://testingress.com" + clientDownloadsURL: "https://testingress.com" + - name: Should be able to add empty urls + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + ingress: + consoleURL: "" + clientDownloadsURL: "" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + logLevel: Normal + operatorLogLevel: Normal + ingress: + consoleURL: "" + clientDownloadsURL: "" + - name: Should throw an error if the value of console url has http scheme + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + ingress: + consoleURL: "http://testingress.com" + expectedError: "spec.ingress.consoleURL: Invalid value: \"string\": console url scheme must be https" + - name: Should throw an error if the value of client downloads url has http scheme + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + ingress: + clientDownloadsURL: "http://testingress.com" + expectedError: "spec.ingress.clientDownloadsURL: Invalid value: \"string\": client downloads url scheme must be https" + - name: Should throw an error if console url is invalid + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + ingress: + consoleURL: "https://\ntestingress.com" + expectedError: "spec.ingress.consoleURL: Invalid value: \"string\": console url must be a valid absolute URL" + - name: Should throw an error if client downloads url is invalid + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + ingress: + clientDownloadsURL: "https://\ntestingress.com" + expectedError: "spec.ingress.clientDownloadsURL: Invalid value: \"string\": client downloads url must be a valid absolute URL" + - name: Should throw an invalid url error if console url is invalid and has no scheme + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + ingress: + consoleURL: "\ntestingress.com" + expectedError: "spec.ingress.consoleURL: Invalid value: \"string\": console url must be a valid absolute URL" + - name: Should throw an invalid error if client downloads url is invalid and has no scheme + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + ingress: + clientDownloadsURL: "\ntestingress.com" + expectedError: "spec.ingress.clientDownloadsURL: Invalid value: \"string\": client downloads url must be a valid absolute URL" + - name: Should be able to disable the LightspeedButton console capability + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + capabilities: + - name: LightspeedButton + visibility: + state: Disabled + expected: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + logLevel: Normal + operatorLogLevel: Normal + customization: + capabilities: + - name: LightspeedButton + visibility: + state: Disabled + - name: Should throw an error for adding duplicate capability + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + capabilities: + - name: LightspeedButton + visibility: + state: Enabled + - name: LightspeedButton + visibility: + state: Enabled + expectedError: "Duplicate value: map[string]interface {}{\"name\":\"LightspeedButton\"" + - name: Should throw an error for incorrect value of name in capabilities + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + customization: + capabilities: + - name: LightspeedBurton + visibility: + state: Enabled + expectedError: "spec.customization.capabilities[0].name: Unsupported value: \"LightspeedBurton\": supported values: \"LightspeedButton\"" + - name: Should throw an error for incorrect value of state in capabilities + initial: | + apiVersion: operator.openshift.io/v1 + kind: Console + spec: + logLevel: Normal + operatorLogLevel: Normal + customization: + capabilities: + - name: LightspeedButton + visibility: + state: Enables + expectedError: "spec.customization.capabilities[0].visibility.state: Unsupported value: \"Enables\": supported values: \"Enabled\", \"Disabled\"" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/csisnapshotcontrollers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/csisnapshotcontrollers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..d1d017821 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/csisnapshotcontrollers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "CSISnapshotController" +crdName: csisnapshotcontrollers.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal CSISnapshotController + initial: | + apiVersion: operator.openshift.io/v1 + kind: CSISnapshotController + spec: {} # No spec is required for a CSISnapshotController + expected: | + apiVersion: operator.openshift.io/v1 + kind: CSISnapshotController + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/dnses.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/dnses.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..5f4a5039f --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/dnses.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "DNS" +crdName: dnses.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal DNS + initial: | + apiVersion: operator.openshift.io/v1 + kind: DNS + spec: {} # No spec is required for a DNS + expected: | + apiVersion: operator.openshift.io/v1 + kind: DNS + spec: + logLevel: Normal + operatorLogLevel: Normal + upstreamResolvers: + policy: Sequential + upstreams: + - port: 53 + type: SystemResolvConf diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..acb41cdd5 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,17 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Etcd" +crdName: etcds.operator.openshift.io +featureGate: -EtcdBackendQuota +tests: + onCreate: + - name: Should be able to create a minimal Etcd + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: {} # No spec is required for a Etcd + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/EtcdBackendQuota.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/EtcdBackendQuota.yaml new file mode 100644 index 000000000..40f41a070 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/EtcdBackendQuota.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Etcd" +crdName: etcds.operator.openshift.io +featureGate: EtcdBackendQuota +tests: + onCreate: + - name: Should be able to create with 8 BackendQuotaGiB + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib8 + spec: + backendQuotaGiB: 8 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: default + spec: + logLevel: Normal + operatorLogLevel: Normal + backendQuotaGiB: 8 + - name: Should be able to create with 16 BackendQuotaGiB + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib16 + spec: + backendQuotaGiB: 16 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib16 + spec: + logLevel: Normal + operatorLogLevel: Normal + backendQuotaGiB: 16 + - name: Should be able to create with 20 BackendQuotaGiB + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib20 + spec: + backendQuotaGiB: 20 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib20 + spec: + logLevel: Normal + operatorLogLevel: Normal + backendQuotaGiB: 20 + - name: Should be able to create with 32 BackendQuotaGiB + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib32 + spec: + backendQuotaGiB: 32 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib32 + spec: + logLevel: Normal + operatorLogLevel: Normal + backendQuotaGiB: 32 + - name: Should not be able to create with less than 8 BackendQuotaGiB + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib6 + spec: + backendQuotaGiB: 6 + expectedError: "spec.backendQuotaGiB: Invalid value: 6: spec.backendQuotaGiB in body should be greater than or equal to 8" + - name: Should not be able to create with more than 32 BackendQuotaGiB + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib40 + spec: + backendQuotaGiB: 40 + expectedError: "spec.backendQuotaGiB: Invalid value: 40: spec.backendQuotaGiB in body should be less than or equal to 32" + onUpdate: + - name: Should be able to create with default then upgrade to 16 + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: default + spec: + backendQuotaGiB: 8 + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib16 + spec: + backendQuotaGiB: 16 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib16 + spec: + logLevel: Normal + operatorLogLevel: Normal + backendQuotaGiB: 16 + - name: Should not be allowed to try to decrease BackendQuotaGiB + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib16 + spec: + backendQuotaGiB: 16 + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib8 + spec: + backendQuotaGiB: 8 + expectedError: etcd backendQuotaGiB may not be decreased + - name: Should not be allowed to upgrade to more than 32 BackendQuotaGiB + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib16 + spec: + backendQuotaGiB: 16 + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + metadata: + name: gib40 + spec: + backendQuotaGiB: 40 + expectedError: "spec.backendQuotaGiB: Invalid value: 40: spec.backendQuotaGiB in body should be less than or equal to 32" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/HardwareSpeed.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/HardwareSpeed.yaml new file mode 100644 index 000000000..cbac2b08f --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/etcds.operator.openshift.io/HardwareSpeed.yaml @@ -0,0 +1,63 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Etcd" +crdName: etcds.operator.openshift.io +featureGate: -EtcdBackendQuota +tests: + onCreate: + - name: Should be able to create with Standard hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Standard + - name: Should be able to create with Slower hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Slower + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Slower + onUpdate: + - name: Should be able to create with Standard, then set to Slower + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Slower + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Slower + - name: Should not be allowed to try to set invalid hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: foo + expectedError: Unsupported value diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..95e115f59 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,561 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "IngressController" +crdName: ingresscontrollers.operator.openshift.io +featureGate: SetEIPForNLBIngressController +tests: + onCreate: + - name: Should be able to create a minimal IngressController + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: {} # No spec is required for a IngressController + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + - name: Should be able to create an IngressController with valid Actions + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + - name: Should not allow to set/delete HSTS header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: Strict-Transport-Security + action: + type: Delete + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "strict-transport-security header may not be modified via header actions" + - name: Should not allow to set/delete Proxy header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Proxy + action: + type: Set + set: + value: example.xyz + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "proxy header may not be modified via header actions" + - name: Should not allow to set/delete Host header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Host + action: + type: Set + set: + value: example.xyz + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "host header may not be modified via header actions" + - name: Should not allow to set/delete cookie header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Cookie + action: + type: Set + set: + value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "cookie header may not be modified via header actions" + - name: Should not allow to set/delete set-cookie header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: Set-Cookie + action: + type: Set + set: + value: "sessionId=e8bb43229de9; Domain=foo.example.com" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "set-cookie header may not be modified via header actions" + - name: Should not allow to set/delete dynamic headers with unclosed braces. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-unclosed-braces + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + - name: expires + action: + type: Set + set: + value: "%[req.hdr(host),lower" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response header values with not allowed sample fetchers. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Target + action: + type: Set + set: + value: "%[req.hdrs(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow empty value in response. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow empty value in request. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-Frame-Options + action: + type: Set + set: + value: + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow to set dynamic response header values with not allowed converters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Source + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,bogus]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values containing sample fetcher res.hdr. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-Target + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response headers value containing sample fetcher req.hdr. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Source + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed converters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,hello]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed sample fetchers. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der1234,base64]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should be required to specify the set field when the discriminant type is Set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + expectedError: "set is required when type is Set, and forbidden otherwise" + - name: Should be able to add set field only when discriminant type is Set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + set: + value: DENY + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should be able to create an IngressController with valid nominal connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: 10s + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + tuningOptions: + connectTimeout: 10s + - name: Should be able to create an IngressController with valid composite connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: 100ms300μs + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + tuningOptions: + connectTimeout: 100ms300μs + - name: Should be able to create an IngressController with valid fraction connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: 1.5m + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + tuningOptions: + connectTimeout: 1.5m + - name: Should not be able to create an IngressController with invalid unit connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: 3d + expectedError: "IngressController.operator.openshift.io \"default\" is invalid: spec.tuningOptions.connectTimeout: Invalid value: \"3d\": spec.tuningOptions.connectTimeout in body should match '^(0|([0-9]+(\\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$'" + - name: Should not be able to create an IngressController with invalid space connect timeout + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tuningOptions: + connectTimeout: "4 s" + expectedError: "IngressController.operator.openshift.io \"default\" is invalid: spec.tuningOptions.connectTimeout: Invalid value: \"4 s\": spec.tuningOptions.connectTimeout in body should match '^(0|([0-9]+(\\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$'" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/IngressControllerLBOpenStack.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/IngressControllerLBOpenStack.yaml new file mode 100644 index 000000000..0945413ab --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/IngressControllerLBOpenStack.yaml @@ -0,0 +1,92 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Ingress" +crdName: ingresscontrollers.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal ingresscontroller with an internal load balancer on OpenStack. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: Internal + providerParameters: + type: OpenStack + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: Internal + providerParameters: + type: OpenStack + - name: Should be able to create a minimal ingresscontroller with an external load balancer on OpenStack. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: OpenStack + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: OpenStack + - name: Should be able to create a minimal ingresscontroller with an external load balancer and a floating IP on OpenStack. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: OpenStack + openstack: + floatingIP: "1.2.3.4" + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: OpenStack + openstack: + floatingIP: "1.2.3.4" + - name: Should not be able to create ingresscontroller with internal load balancer and a floating IP on OpenStack. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: Internal + providerParameters: + type: OpenStack + openstack: + floatingIP: "1.2.3.4" + expectedError: "cannot specify a floating ip when scope is internal" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml new file mode 100644 index 000000000..438cbeeba --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml @@ -0,0 +1,599 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Ingress" +crdName: ingresscontrollers.operator.openshift.io +featureGate: IngressControllerLBSubnetsAWS +tests: + onCreate: + - name: Should be able to create a minimal ingresscontroller with an CLB with subnets using IDs and names. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + names: + - subnetA + - subnetB + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + names: + - subnetA + - subnetB + - name: Should be able to create a minimal ingresscontroller with an NLB with subnets using IDs and names. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + names: + - subnetA + - subnetB + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + names: + - subnetA + - subnetB + - name: Should not be able to create ingresscontroller with duplicate subnets ids. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + - subnet-0fcf8e0392f0910d5 + expectedError: "subnet ids cannot contain duplicates" + - name: Should not be able to create ingresscontroller with duplicate subnets names. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + names: + - subnetA + - subnetA + expectedError: "subnet names cannot contain duplicates" + - name: Should not be able to create ingresscontroller with subnets names that contain commas. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + names: + - subnetA, + expectedError: "subnet name cannot contain a comma" + - name: Should not be able to create ingresscontroller with subnets names that start with subnet-. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + names: + - subnet-0fcf8e0392f0910d5 + expectedError: "subnet name cannot start with 'subnet-'" + - name: Should be able to create ingresscontroller with case sensitive subnet names. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + names: + - subnetA + - subneta + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + names: + - subnetA + - subneta + - name: Should not be able to create ingresscontroller with empty subnet id. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - '' + expectedError: "Invalid value: \"\": spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets.ids[0] in body should be at least 24 chars long" + - name: Should not be able to create ingresscontroller with empty subnet name. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + names: + - '' + expectedError: "Invalid value: \"\": spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets.names[0] in body should be at least 1 chars long" + - name: Should not be able to create ingresscontroller with more than 10 subnets combined. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-00000000000000001 + - subnet-00000000000000002 + - subnet-00000000000000003 + - subnet-00000000000000004 + - subnet-00000000000000005 + names: + - subnet1 + - subnet2 + - subnet3 + - subnet4 + - subnet5 + - subnet6 + expectedError: "the total number of subnets cannot exceed 10" + - name: Should not be able to create ingresscontroller with more than 10 subnets ids. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-00000000000000001 + - subnet-00000000000000002 + - subnet-00000000000000003 + - subnet-00000000000000004 + - subnet-00000000000000005 + - subnet-00000000000000006 + - subnet-00000000000000007 + - subnet-00000000000000008 + - subnet-00000000000000009 + - subnet-00000000000000010 + - subnet-00000000000000011 + expectedError: "spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets.ids: Too many: 11: must have at most 10 items" + - name: Should not be able to create ingresscontroller with more than 10 subnets names. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + names: + - subnet00000000000000001 + - subnet00000000000000002 + - subnet00000000000000003 + - subnet00000000000000004 + - subnet00000000000000005 + - subnet00000000000000006 + - subnet00000000000000007 + - subnet00000000000000008 + - subnet00000000000000009 + - subnet00000000000000010 + - subnet00000000000000011 + expectedError: "spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets.names: Too many: 11: must have at most 10 items" + - name: Should not be able to create ingresscontroller with spec.endpointPublishingStrategy.loadBalancer.providerParameters.classicLoadBalancer.aws.subnets specified, but no ids or names. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: {} + expectedError: "must specify at least 1 subnet name or id" + - name: Should not be able to create ingresscontroller with spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets specified, but empty ids and names. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: [] + names: [] + expectedError: "must specify at least 1 subnet name or id" + - name: Should not be able to create ingresscontroller with subnet id less than 24 characters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-0000000000000000 + expectedError: "Invalid value: \"subnet-0000000000000000\": spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets.ids[0] in body should be at least 24 chars long" + - name: Should not be able to create ingresscontroller with subnet id more than 24 characters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-000000000000000010 + expectedError: "spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets.ids[0]: Too long: may not be longer than 24" + - name: Should not be able to create ingresscontroller with subnet id that doesn't start with subnet-. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnot-00000000000000001 + expectedError: "spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets.ids[0] in body should match '^subnet-[0-9A-Za-z]+$'" + - name: Should not be able to create ingresscontroller with subnet id that contains non-alphanumeric characters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-~!@#$%^&*()-=_+;1 + expectedError: "spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.classicLoadBalancer.subnets.ids[0] in body should match '^subnet-[0-9A-Za-z]+$'" + onUpdate: + - name: Subnets should be mutable. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-00000000000000001 + names: + - subnetA + - subnetB + - subnetC + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-00000000000000002 + names: + - subnetA + - subnetB + - subnetC + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-00000000000000002 + names: + - subnetA + - subnetB + - subnetC + - name: Subnets should be able to be removed once set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-00000000000000001 + - subnet-00000000000000002 + names: + - subnetA + - subnetB + - subnetC + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + - name: Should be able to add subnets after IC creation. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: Classic + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-00000000000000001 + - subnet-00000000000000002 + names: + - subnetA + - subnetB + - subnetC + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + type: LoadBalancerService + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: Classic + classicLoadBalancer: + subnets: + ids: + - subnet-00000000000000001 + - subnet-00000000000000002 + names: + - subnetA + - subnetB + - subnetC diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml new file mode 100644 index 000000000..86c56a07e --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml @@ -0,0 +1,569 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "IngressController" +crdName: ingresscontrollers.operator.openshift.io +featureGate: SetEIPForNLBIngressController +tests: + onCreate: + - name: Should be able to create a minimal IngressController + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: {} # No spec is required for a IngressController + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + - name: Should allow to set NLB parameters when LBType is NLB. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + type: LoadBalancerService + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + type: LoadBalancerService + - name: Should not allow to set eip allocations when scope is Internal. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: Internal + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-12345 + - eipalloc-12346 + type: LoadBalancerService + expectedError: "eipAllocations are forbidden when the scope is Internal." + - name: Should not allow to set eip allocations with an empty value. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - '' + type: LoadBalancerService + expectedError: "Invalid value: \"\": spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.eipAllocations[0] in body should be at least 26 chars long" + - name: Should not be able to create ingresscontroller if the value of eipAllocations is more than 26 characters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1234533333333333333333333 + - eipalloc-1234644444444444444444444 + type: LoadBalancerService + expectedError: "[spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.eipAllocations[0]: Too long: may not be longer than 26, spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.eipAllocations[1]: Too long: may not be longer than 26," + - name: Should not be able to create ingresscontroller if the number of eipAllocations is more than 10. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-12345 + - eipalloc-12346 + - eipalloc-12347 + - eipalloc-12348 + - eipalloc-12349 + - eipalloc-12341 + - eiplloac-12342 + - eipalloc-12343 + - eipalloc-12344 + - eipalloc-12340 + - eipalloc-12350 + type: LoadBalancerService + expectedError: "spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.eipAllocations: Too many: 11: must have at most 10 items" + - name: Should not be able to create ingresscontroller if the value of eipAllocations is not unique. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1234 + - eipalloc-1234 + type: LoadBalancerService + expectedError: "spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.eipAllocations: Invalid value: \"array\": eipAllocations cannot contain duplicates" + - name: Should not be able to create ingresscontroller if the value of eipAllocations has comma. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1,34567890abcdefe + type: LoadBalancerService + expectedError: "eipAllocations must be 'eipalloc-' followed by exactly 17 hexadecimal characters (0-9, a-f, A-F)" + - name: Should not be able to create ingresscontroller if the value of eipAllocations does not start with eipalloc-. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - "12345678901233566812342345" + type: LoadBalancerService + expectedError: "eipAllocations should start with 'eipalloc-'" + - name: Should not be able to create ingresscontroller if the value of eipAllocations after eipalloc- does not have a hexadecimal character. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1234567890abcdefg + type: LoadBalancerService + expectedError: "eipAllocations must be 'eipalloc-' followed by exactly 17 hexadecimal characters (0-9, a-f, A-F)" + - name: Should not be able to create an ingress controller in which the value of eipAllocations has a valid hexadecimal part followed by an extra hexadecimal part. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-0123456789abcdef0-0123456 + type: LoadBalancerService + expectedError: "IngressController.operator.openshift.io \"default-eip\" is invalid: [spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer.eipAllocations[0]: Too long: may not be longer than 26" + - name: Should not be able to create an ingress controller in which the value of eipAllocations has a short hexadecimal part followed by an extra hexadecimal part. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-eip + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-012345678-0123456 + type: LoadBalancerService + expectedError: "eipAllocations must be 'eipalloc-' followed by exactly 17 hexadecimal characters (0-9, a-f, A-F)" + - name: Should not allow ingress controller creation if sum of number subnets name and id provided is not equal to the number of eipAllocations. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + names: + - subnetA + - subnetB + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + type: LoadBalancerService + expectedError: "IngressController.operator.openshift.io \"eiptestnlb\" is invalid: spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer: Invalid value: \"object\": number of subnets must be equal to number of eipAllocations" + - name: Should not allow ingress controller creation if number of subnets names provided is not equal to the number of eipAllocations. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + names: + - subnetA + - subnetB + eipAllocations: + - eipalloc-1234567890abcdefa + type: LoadBalancerService + expectedError: "IngressController.operator.openshift.io \"eiptestnlb\" is invalid: spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer: Invalid value: \"object\": number of subnets must be equal to number of eipAllocations" + - name: Should not allow ingress controller creation if number of ids provided is not equal to the number of eipAllocations. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + type: LoadBalancerService + expectedError: "IngressController.operator.openshift.io \"eiptestnlb\" is invalid: spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.networkLoadBalancer: Invalid value: \"object\": number of subnets must be equal to number of eipAllocations" + - name: Should allow to set NLB parameters when LBType is NLB and eipAllocations are equal to the sum of subnets names and ids. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + names: + - subnetA + - subnetB + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + - eipalloc-1234567890abcdefc + type: LoadBalancerService + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + names: + - subnetA + - subnetB + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + - eipalloc-1234567890abcdefc + type: LoadBalancerService + - name: Should allow to set NLB parameters when LBType is NLB and eipAllocations are equal to the number of subnets. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + names: + - subnetA + - subnetB + - subnetC + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + - eipalloc-1234567890abcdefc + type: LoadBalancerService + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + names: + - subnetA + - subnetB + - subnetC + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + - eipalloc-1234567890abcdefc + type: LoadBalancerService + - name: Should allow to set NLB parameters when LBType is NLB and eipAllocations are equal to the number of ids. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + - subnet-0fcf8e0392f0910d6 + - subnet-0fcf8e0392f0910d7 + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + - eipalloc-1234567890abcdefc + type: LoadBalancerService + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + subnets: + ids: + - subnet-0fcf8e0392f0910d5 + - subnet-0fcf8e0392f0910d6 + - subnet-0fcf8e0392f0910d7 + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + - eipalloc-1234567890abcdefc + type: LoadBalancerService + onUpdate: + - name: EIPAllocations should be mutable + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + endpointPublishingStrategy: + loadBalancer: + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1234567890abcdefc + - eipalloc-1234567890abcdefb + type: LoadBalancerService + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + type: LoadBalancerService + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: eiptestnlb + namespace: openshift-ingress-operator + spec: + httpEmptyRequestsPolicy: Respond + endpointPublishingStrategy: + loadBalancer: + dnsManagementPolicy: Managed + scope: External + providerParameters: + type: AWS + aws: + type: NLB + networkLoadBalancer: + eipAllocations: + - eipalloc-1234567890abcdefa + - eipalloc-1234567890abcdefb + type: LoadBalancerService \ No newline at end of file diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/insightsoperators.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/insightsoperators.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..ee1423e5c --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/insightsoperators.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "InsightsOperator" +crdName: insightsoperators.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal InsightsOperator + initial: | + apiVersion: operator.openshift.io/v1 + kind: InsightsOperator + spec: {} # No spec is required for a InsightsOperator + expected: | + apiVersion: operator.openshift.io/v1 + kind: InsightsOperator + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..5e9d68e02 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "KubeAPIServer" +crdName: kubeapiservers.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal KubeAPIServer + initial: | + apiVersion: operator.openshift.io/v1 + kind: KubeAPIServer + spec: {} # No spec is required for a KubeAPIServer + expected: | + apiVersion: operator.openshift.io/v1 + kind: KubeAPIServer + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..bdcc1c037 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,17 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "KubeControllerManager" +crdName: kubecontrollermanagers.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal KubeControllerManager + initial: | + apiVersion: operator.openshift.io/v1 + kind: KubeControllerManager + spec: {} # No spec is required for a KubeControllerManager + expected: | + apiVersion: operator.openshift.io/v1 + kind: KubeControllerManager + spec: + logLevel: Normal + operatorLogLevel: Normal + useMoreSecureServiceCA: false diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..744f8923e --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "KubeScheduler" +crdName: kubeschedulers.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal KubeScheduler + initial: | + apiVersion: operator.openshift.io/v1 + kind: KubeScheduler + spec: {} # No spec is required for a KubeScheduler + expected: | + apiVersion: operator.openshift.io/v1 + kind: KubeScheduler + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/kubestorageversionmigrators.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/kubestorageversionmigrators.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..e750300ab --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/kubestorageversionmigrators.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "KubeStorageVersionMigrator" +crdName: kubestorageversionmigrators.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal KubeStorageVersionMigrator + initial: | + apiVersion: operator.openshift.io/v1 + kind: KubeStorageVersionMigrator + spec: {} # No spec is required for a KubeStorageVersionMigrator + expected: | + apiVersion: operator.openshift.io/v1 + kind: KubeStorageVersionMigrator + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..ca0f6623c --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "MachineConfiguration" +crdName: machineconfigurations.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal MachineConfiguration + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: {} # No spec is required for a MachineConfiguration + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/ManagedBootImages.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/ManagedBootImages.yaml new file mode 100644 index 000000000..9c22fe4c3 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/ManagedBootImages.yaml @@ -0,0 +1,118 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "MachineConfiguration" +crdName: machineconfigurations.operator.openshift.io +featureGate: ManagedBootImages +tests: + onCreate: + - name: Should be able to create a minimal MachineConfiguration + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: {} # No spec is required for a MachineConfiguration + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to create an empty ManagedBootImages configuration knob + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: [] + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + managedBootImages: + machineManagers: [] + - name: Should be able to create a ManagedBootImages configuration knob that opts in all MachineSets + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + - name: Should be able to create a ManagedBootImages configuration knob that opts in MachineSets in partial mode + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: Partial + partial: + machineResourceSelector: + matchLabels: {} + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: Partial + partial: + machineResourceSelector: + matchLabels: {} + - name: Should not be able to add partial field if machineManager.selection.mode is not set to Partial + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + partial: + machineResourceSelector: + matchLabels: {} + expectedError: "Partial is required when type is partial, and forbidden otherwise" + - name: Only one unique pair of resource/apigroup is allowed in machineManagers + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: Partial + partial: + machineResourceSelector: + matchLabels: {} + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + expectedError: "spec.managedBootImages.machineManagers[1]: Duplicate value: map[string]interface {}{\"apiGroup\":\"machine.openshift.io\", \"resource\":\"machinesets\"}" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/NodeDisruptionPolicy.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/NodeDisruptionPolicy.yaml new file mode 100644 index 000000000..f4d0180c6 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/machineconfigurations.operator.openshift.io/NodeDisruptionPolicy.yaml @@ -0,0 +1,118 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "MachineConfiguration" +crdName: machineconfigurations.operator.openshift.io +featureGate: NodeDisruptionPolicy +tests: + onCreate: + - name: Should be able to create a minimal MachineConfiguration + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: {} # No spec is required for a MachineConfiguration + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to create an empty ManagedBootImages configuration knob + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: [] + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + managedBootImages: + machineManagers: [] + - name: Should be able to create a ManagedBootImages configuration knob that opts in all MachineSets + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + - name: Should be able to create a ManagedBootImages configuration knob that opts in MachineSets in partial mode + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: Partial + partial: + machineResourceSelector: + matchLabels: {} + expected: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + logLevel: Normal + operatorLogLevel: Normal + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: Partial + partial: + machineResourceSelector: + matchLabels: {} + - name: Should not be able to add partial field if machineManager.selection.mode is not set to Partial + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + partial: + machineResourceSelector: + matchLabels: {} + expectedError: "Partial is required when type is partial, and forbidden otherwise" + - name: Only one unique pair of resource/apigroup is allowed in machineManagers + initial: | + apiVersion: operator.openshift.io/v1 + kind: MachineConfiguration + spec: + managedBootImages: + machineManagers: + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: Partial + partial: + machineResourceSelector: + matchLabels: {} + - resource: machinesets + apiGroup: machine.openshift.io + selection: + mode: All + expectedError: "spec.managedBootImages.machineManagers[1]: Duplicate value: map[string]interface {}{\"apiGroup\":\"machine.openshift.io\", \"resource\":\"machinesets\"}" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..9291acaa3 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,978 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Network" +crdName: networks.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal Network + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: {} # No spec is required for a Network + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to pass a valid IPV4 CIDR to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: "169.254.168.0/29" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipv4: + internalMasqueradeSubnet: "169.254.168.0/29" + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should not be able to pass CIDR with a subnet larger than /29 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.10/32 + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" + - name: Should not be able to pass CIDR with a subnet smaller than /0 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.10/-1 + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" + - name: Should not be able to add an IP address with the incorrect number of octets to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10/24 + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv4.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should not be able to add an IP address with leading zeros in an octet to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.010.10/24 + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv4.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should not be able to add an IP address with with zero for the first octet to internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 0.10.10.10/24 + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv4.internalMasqueradeSubnet: Invalid value: \"string\": first IP address octet must not be 0" + - name: Should not be able to add an IP address with an octet greater than 255 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.256/24 + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv4.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should be able to pass a valid IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + routingViaHost: false + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to pass a valid shorthand IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should not be able to pass invalid IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "foo" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /125 inclusive" + - name: Should not be able to add an IP address with the more than 8 octets to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:6789:abcd/125 + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to add a dual IP address to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:1.2.3.4/125 + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass a double elided IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd::ef01::2345:6789/20" + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: "Should not be able to pass a complete IPV6 CIDR with a :: expander to v6InternalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::abcd:ef01:2345:6789/125" + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass a IPV6 CIDR without enough segments to v6InternalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345/125" + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: "Should not be able to pass an invalid IPV6 CIDR with a segment that contains invalid values" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "xbcd:ef01:2345:6789::2345:6789/20" + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: "Should not be able to pass an invalid IPV6 CIDR with a segment that is 5 characters long" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:eff01:2345:6789::2345:6789/20" + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipv6.internalMasqueradeSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: "IPsec - Empty ipsecConfig is allowed in initial state" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "IPsec - Populated ipsecConfig is allowed" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Full + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Full + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "IPsec - Start without setting ipsecConfig" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: {} + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "IPsec - empty string is not allowed" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: "" + expectedError: "Unsupported value: \"\": supported values: \"Disabled\", \"External\", \"Full\"" + - name: Should be able to pass a valid IPV4 CIDR to IPV4 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalTransitSwitchSubnet: "169.254.168.0/29" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + ipv4: + internalTransitSwitchSubnet: "169.254.168.0/29" + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: Should not be able to pass CIDR with a subnet larger than /30 to IPV4 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalTransitSwitchSubnet: "169.254.168.0/-1" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /30 inclusive" + - name: Should not be able to pass CIDR with a subnet smaller than /0 to IPV4 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalTransitSwitchSubnet: "169.254.168.0/31" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /30 inclusive" + - name: Should not be able to add an IP address with the incorrect number of octets to IPV4 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalTransitSwitchSubnet: "10.10.10/24" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should not be able to add an IP address with leading zeros in an octet to IPV4 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalTransitSwitchSubnet: "10.10.010.10/24" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should not be able to add an IP address with zero for the first octet to IPV4 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalTransitSwitchSubnet: "0.10.10.10/24" + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.ipv4.internalTransitSwitchSubnet: Invalid value: \"string\": first IP address octet must not be 0" + - name: Should not be able to add an IP address with an octet greater than 255 to IPV4 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalTransitSwitchSubnet: "10.10.256.10/24" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should be able to pass a valid IPV6 CIDR to IPV6 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + ipv6: + internalTransitSwitchSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: Should be able to pass a valid shorthand IPV6 CIDR to IPV6 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: "abcd:ef01:2345:6789::2345:6789/20" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + ipv6: + internalTransitSwitchSubnet: "abcd:ef01:2345:6789::2345:6789/20" + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: Should not be able to pass an invalid IPV6 CIDR to IPV6 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: "foo" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /125 inclusive" + - name: Should not be able to add an IP address with more than 8 octets to IPV6 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:6789:abcd/125 + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.ipv6.internalTransitSwitchSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to add a dual IP address to IPV6 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:1.2.3.4/125 + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should be able to pass a double elided IPV6 CIDR to IPV6 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: "abcd::ef01::2345:6789/20" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass a complete IPV6 CIDR with a '::' expander to internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: "abcd:ef01:2345:6789::abcd:ef01:2345:6789/125" + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.ipv6.internalTransitSwitchSubnet: Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass an invalid IPV6 CIDR with a segment that contains invalid values to IPV6 internalTransitSwitchSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: "xbcd:ef01:2345:6789::2345:6789/20" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass an invalid IPV6 CIDR with a segment that is 5 characters long + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalTransitSwitchSubnet: "abcd:eff01:2345:6789::2345:6789/20" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should be able to pass a valid IPV4 CIDR to IPV4 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalJoinSubnet: "169.254.168.0/29" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + ipv4: + internalJoinSubnet: "169.254.168.0/29" + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: Should not be able to pass CIDR with a subnet larger than /30 to IPV4 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalJoinSubnet: "169.254.168.0/-1" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /30 inclusive" + - name: Should not be able to pass CIDR with a subnet smaller than /0 to IPV4 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalJoinSubnet: "169.254.168.0/31" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /30 inclusive" + - name: Should not be able to add an IP address with the incorrect number of octets to IPV4 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalJoinSubnet: "10.10.10/24" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should not be able to add an IP address with leading zeros in an octet to IPV4 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalJoinSubnet: "10.10.010.10/24" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should not be able to add an IP address with zero for the first octet to IPV4 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalJoinSubnet: "0.10.10.10/24" + expectedError: "spec.defaultNetwork.ovnKubernetesConfig.ipv4.internalJoinSubnet: Invalid value: \"string\": first IP address octet must not be 0" + - name: Should not be able to add an IP address with an octet greater than 255 to IPV4 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv4: + internalJoinSubnet: "10.10.256.10/24" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV4 CIDR format" + - name: Should be able to pass a valid IPV6 CIDR to IPV6 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + ipv6: + internalJoinSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: Should be able to pass a valid shorthand IPV6 CIDR to IPV6 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: "abcd:ef01:2345:6789::2345:6789/20" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + ipv6: + internalJoinSubnet: "abcd:ef01:2345:6789::2345:6789/20" + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: Should not be able to pass an invalid IPV6 CIDR to IPV6 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: "foo" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /125 inclusive" + - name: Should not be able to add an IP address with more than 8 octets to IPV6 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:6789:abcd/125 + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to add a dual IP address to IPV6 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:1.2.3.4/125 + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should be able to pass a double elided IPV6 CIDR to IPV6 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: "abcd::ef01::2345:6789/20" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass a complete IPV6 CIDR with a '::' expander to internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: "abcd:ef01:2345:6789::abcd:ef01:2345:6789/125" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass an invalid IPV6 CIDR with a segment that contains invalid values to IPV6 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: "xbcd:ef01:2345:6789::2345:6789/20" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass an invalid IPV6 CIDR with a segment that is 5 characters long + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: "abcd:eff01:2345:6789::2345:6789/20" + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + - name: Should not be able to pass an IPV4 CIDR to IPV6 internalJoinSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipv6: + internalJoinSubnet: 1.1.1.1/24 + expectedError: "Invalid value: \"string\": Subnet must be in valid IPV6 CIDR format" + # Due to a limitation with current K8s capabilities, we have to implement custom ratcheting validation with + # XValidation rules. However, when oldSelf is not present, our rule will not be evaluated. Given that our + # rule is applied to the spec:, if the resource is not present, the rule will not be evaluated at all due to the + # absence of oldSelf. + # Therefore, it *is* possible to create a Network CR with an invalid configuration, albeit in practice, the + # Network CR would already exist unless admins explicitly delete and recreate it. + - name: "Should be able to pass an invalid ipForwarding value on create due to limitations with xValidation (FIXME)" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "invalid" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "invalid" + routingViaHost: false + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: "Should be able to pass a valid ipForwarding value on create" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "Global" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "Global" + routingViaHost: false + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + onUpdate: + - name: "IPsec - Removing ipsecConfig.mode is not allowed" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Full + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + expectedError: "ipsecConfig.mode is required" + - name: "IPsec - Disabling IPsec" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Full + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "IPsec - Empty ipsecConfig when changing other parameters" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + mtu: 5888 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: {} + mtu: 5888 + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: "Should not allow an empty spec Network operator to update ipForwarding to an invalid value" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: {} + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "invalid" + expectedError: "invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" + - name: "Should not allow network operator to update ipForwarding from a valid to an invalid value" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "Global" + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "invalid" + expectedError: "invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" + - name: "Should not allow network operator to update ipForwarding from a valid to an empty (invalid) value" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "Global" + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "" + expectedError: "invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" + - name: "Should allow network operator to update ipForwarding to a valid value" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "Global" + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "Restricted" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "Restricted" + routingViaHost: false + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: "Should allow network operator to keep an old invalid ipForwarding value" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "invalid" + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "invalid" + disableNetworkDiagnostics: true + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "invalid" + routingViaHost: false + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: true + logLevel: "Normal" + operatorLogLevel: "Normal" + - name: "Should allow network operator to remove ipForwarding value" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: "Global" + updated: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: {} + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipsecConfig: + mode: Disabled + disableNetworkDiagnostics: false + logLevel: "Normal" + operatorLogLevel: "Normal" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml new file mode 100644 index 000000000..282131203 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml @@ -0,0 +1,48 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Network" +crdName: networks.operator.openshift.io +featureGate: AdditionalRoutingCapabilities +tests: + onCreate: + - name: Should be able to create a minimal Network + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: {} # No spec is required for a Network + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should enable FRR advanced routing provider + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + additionalRoutingCapabilities: + providers: + - FRR + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + additionalRoutingCapabilities: + providers: + - FRR + - name: Should fail with an invalid routing capability provider + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + additionalRoutingCapabilities: + providers: + - invalid + expectedError: "spec.additionalRoutingCapabilities.providers[0]: Unsupported value: \"invalid\": supported values: \"FRR\", " diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/NetworkLiveMigration.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/NetworkLiveMigration.yaml new file mode 100644 index 000000000..c1f56684a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/NetworkLiveMigration.yaml @@ -0,0 +1,101 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Network" +crdName: networks.operator.openshift.io +featureGate: NetworkLiveMigration +tests: + onCreate: + - name: Should be able to create migration mode + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + migration: + mode: Live + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + migration: + mode: Live + - name: Should be able to create mtu migration without setting the migration mode + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + migration: + mtu: + network: + from: 1450 + to: 1400 + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + migration: + mtu: + network: + from: 1450 + to: 1400 + - name: Should be able to create networkType migration in in offline migration mode + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + migration: + networkType: OVNKubernetes + mode: Offline + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + migration: + networkType: OVNKubernetes + mode: Offline + - name: Should throw an error when mtu and networkType migration is created in offline migration mode + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + migration: + networkType: OVNKubernetes + mtu: + network: + from: 1450 + to: 1400 + mode: Offline + expectedError: "networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" + - name: Should be able to create mtu and networkType migration in live migration mode + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + migration: + networkType: OVNKubernetes + mtu: + network: + from: 1450 + to: 1400 + mode: Live + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + migration: + networkType: OVNKubernetes + mtu: + network: + from: 1450 + to: 1400 + mode: Live diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/RouteAdvertisements.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/RouteAdvertisements.yaml new file mode 100644 index 000000000..5f97a40f4 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/networks.operator.openshift.io/RouteAdvertisements.yaml @@ -0,0 +1,53 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Network" +crdName: networks.operator.openshift.io +featureGate: RouteAdvertisements +tests: + onCreate: + - name: Should be able to create a minimal Network + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: {} # No spec is required for a Network + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should enable ovn-kubernetes route advertisements + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + additionalRoutingCapabilities: + providers: + - FRR + defaultNetwork: + ovnKubernetesConfig: + routeAdvertisements: Enabled + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + additionalRoutingCapabilities: + providers: + - FRR + defaultNetwork: + ovnKubernetesConfig: + ipsecConfig: + mode: Disabled + routeAdvertisements: Enabled + - name: Should fail if ovn-kubernetes route advertisements is enabled without 'FRR' routing capability provider enabled + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + routeAdvertisements: Enabled + expectedError: "Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/olms.operator.openshift.io/NewOLM.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/olms.operator.openshift.io/NewOLM.yaml new file mode 100644 index 000000000..b9786b176 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/olms.operator.openshift.io/NewOLM.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "OLM" +crdName: olms.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal OLM + initial: | + apiVersion: operator.openshift.io/v1 + kind: OLM + metadata: + name: cluster + spec: {} # No spec is required for an OLM + expected: | + apiVersion: operator.openshift.io/v1 + kind: OLM + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: Should reject an OLM with an invalid name + initial: | + apiVersion: operator.openshift.io/v1 + kind: OLM + metadata: + name: foo + spec: {} # No spec is required for an OLM + expectedError: "Invalid value: \"object\": olm is a singleton, .metadata.name must be 'cluster'" diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/openshiftapiservers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/openshiftapiservers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..6310d76ac --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/openshiftapiservers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "OpenShiftAPIServer" +crdName: openshiftapiservers.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal OpenShiftAPIServer + initial: | + apiVersion: operator.openshift.io/v1 + kind: OpenShiftAPIServer + spec: {} # No spec is required for a OpenShiftAPIServer + expected: | + apiVersion: operator.openshift.io/v1 + kind: OpenShiftAPIServer + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/openshiftcontrollermanagers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/openshiftcontrollermanagers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..2aa8258fd --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/openshiftcontrollermanagers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "OpenShiftControllerManager" +crdName: openshiftcontrollermanagers.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal OpenShiftControllerManager + initial: | + apiVersion: operator.openshift.io/v1 + kind: OpenShiftControllerManager + spec: {} # No spec is required for a OpenShiftControllerManager + expected: | + apiVersion: operator.openshift.io/v1 + kind: OpenShiftControllerManager + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/servicecas.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/servicecas.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..4b4041853 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/servicecas.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "ServiceCA" +crdName: servicecas.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal ServiceCA + initial: | + apiVersion: operator.openshift.io/v1 + kind: ServiceCA + spec: {} # No spec is required for a ServiceCA + expected: | + apiVersion: operator.openshift.io/v1 + kind: ServiceCA + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/tests/storages.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/tests/storages.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..53667ce24 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/tests/storages.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,113 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "Storage" +crdName: storages.operator.openshift.io +tests: + onCreate: + - name: Should be able to create a minimal Storage + initial: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: {} # No spec is required for a Storage + expected: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + logLevel: Normal + operatorLogLevel: Normal + onCreate: + - name: Should allow creating Storage with vsphere migration enabled + initial: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: CSIWithMigrationDriver + expected: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: CSIWithMigrationDriver + logLevel: Normal + operatorLogLevel: Normal + onCreate: + - name: Should not allow creating Storage with vsphere migration disabled + initial: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: LegacyDeprecatedInTreeDriver + expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" + onUpdate: + - name: Should allow enabling CSI migration for vSphere + initial: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: {} # No spec is required + updated: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: CSIWithMigrationDriver + expected: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: CSIWithMigrationDriver + logLevel: Normal + operatorLogLevel: Normal + - name: Should not allow disabling CSI migration for vSphere + initial: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: {} # No spec is required + updated: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: LegacyDeprecatedInTreeDriver + expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" + - name: Should not allow changing CSIWithMigrationDriver to LegacyDeprecatedInTreeDriver + initial: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: CSIWithMigrationDriver + updated: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: LegacyDeprecatedInTreeDriver + expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" + - name: Should allow changing CSIWithMigrationDriver to empty string + initial: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: CSIWithMigrationDriver + updated: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: "" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: "" + logLevel: Normal + operatorLogLevel: Normal + - name: Should allow unsetting VSphereStorageDriver once it is set + initial: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: CSIWithMigrationDriver + updated: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: {} + expected: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/pkg/schemes/machineconfiguration/mctypes/types.go b/pkg/schemes/machineconfiguration/mctypes/types.go new file mode 100644 index 000000000..6f28b853e --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types.go @@ -0,0 +1,286 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// MyOperatorResource is an example operator configuration type +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:internal +type MyOperatorResource struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // +kubebuilder:validation:Required + // +required + Spec MyOperatorResourceSpec `json:"spec"` + Status MyOperatorResourceStatus `json:"status"` +} + +type MyOperatorResourceSpec struct { + OperatorSpec `json:",inline"` +} + +type MyOperatorResourceStatus struct { + OperatorStatus `json:",inline"` +} + +// +kubebuilder:validation:Pattern=`^(Managed|Unmanaged|Force|Removed)$` +type ManagementState string + +var ( + // Force means that the operator is actively managing its resources but will not block an upgrade + // if unmet prereqs exist. This state puts the operator at risk for unsuccessful upgrades + Force ManagementState = "Force" + // Managed means that the operator is actively managing its resources and trying to keep the component active. + // It will only upgrade the component if it is safe to do so + Managed ManagementState = "Managed" + // Unmanaged means that the operator will not take any action related to the component + // Some operators might not support this management state as it might damage the cluster and lead to manual recovery. + Unmanaged ManagementState = "Unmanaged" + // Removed means that the operator is actively managing its resources and trying to remove all traces of the component + // Some operators (like kube-apiserver-operator) might not support this management state as removing the API server will + // brick the cluster. + Removed ManagementState = "Removed" +) + +// OperatorSpec contains common fields operators need. It is intended to be anonymous included +// inside of the Spec struct for your particular operator. +type OperatorSpec struct { + // managementState indicates whether and how the operator should manage the component + ManagementState ManagementState `json:"managementState"` + + // logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + // simple way to manage coarse grained logging choices that operators have to interpret for their operands. + // + // Valid values are: "Normal", "Debug", "Trace", "TraceAll". + // Defaults to "Normal". + // +optional + // +kubebuilder:default=Normal + LogLevel LogLevel `json:"logLevel,omitempty"` + + // operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + // simple way to manage coarse grained logging choices that operators have to interpret for themselves. + // + // Valid values are: "Normal", "Debug", "Trace", "TraceAll". + // Defaults to "Normal". + // +optional + // +kubebuilder:default=Normal + OperatorLogLevel LogLevel `json:"operatorLogLevel,omitempty"` + + // unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + // Red Hat does not support the use of this field. + // Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + // Seek guidance from the Red Hat support before using this field. + // Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + // +optional + // +nullable + // +kubebuilder:pruning:PreserveUnknownFields + UnsupportedConfigOverrides runtime.RawExtension `json:"unsupportedConfigOverrides"` + + // observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + // it is an input to the level for the operator + // +optional + // +nullable + // +kubebuilder:pruning:PreserveUnknownFields + ObservedConfig runtime.RawExtension `json:"observedConfig"` +} + +// +kubebuilder:validation:Enum="";Normal;Debug;Trace;TraceAll +type LogLevel string + +var ( + // Normal is the default. Normal, working log information, everything is fine, but helpful notices for auditing or common operations. In kube, this is probably glog=2. + Normal LogLevel = "Normal" + + // Debug is used when something went wrong. Even common operations may be logged, and less helpful but more quantity of notices. In kube, this is probably glog=4. + Debug LogLevel = "Debug" + + // Trace is used when something went really badly and even more verbose logs are needed. Logging every function call as part of a common operation, to tracing execution of a query. In kube, this is probably glog=6. + Trace LogLevel = "Trace" + + // TraceAll is used when something is broken at the level of API content/decoding. It will dump complete body content. If you turn this on in a production cluster + // prepare from serious performance issues and massive amounts of logs. In kube, this is probably glog=8. + TraceAll LogLevel = "TraceAll" +) + +type OperatorStatus struct { + // observedGeneration is the last generation change you've dealt with + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // conditions is a list of conditions and their status + // +listType=map + // +listMapKey=type + // +optional + Conditions []OperatorCondition `json:"conditions,omitempty"` + + // version is the level this availability applies to + // +optional + Version string `json:"version,omitempty"` + + // readyReplicas indicates how many replicas are ready and at the desired state + ReadyReplicas int32 `json:"readyReplicas"` + + // latestAvailableRevision is the deploymentID of the most recent deployment + // +optional + // +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="must only increase" + LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` + + // generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + // +listType=map + // +listMapKey=group + // +listMapKey=resource + // +listMapKey=namespace + // +listMapKey=name + // +optional + Generations []GenerationStatus `json:"generations,omitempty"` +} + +// GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. +type GenerationStatus struct { + // group is the group of the thing you're tracking + // +kubebuilder:validation:Required + Group string `json:"group"` + + // resource is the resource type of the thing you're tracking + // +kubebuilder:validation:Required + Resource string `json:"resource"` + + // namespace is where the thing you're tracking is + // +kubebuilder:validation:Required + Namespace string `json:"namespace"` + + // name is the name of the thing you're tracking + // +kubebuilder:validation:Required + Name string `json:"name"` + + // TODO: Add validation for lastGeneration. The value for this field should generally increase, except when the associated + // resource has been deleted and re-created. To accurately validate this field, we should introduce a new UID field and only + // enforce an increasing value in lastGeneration when the UID remains unchanged. A change in the UID indicates that the resource + // was re-created, allowing the lastGeneration value to reset or decrease. + + // lastGeneration is the last generation of the workload controller involved + LastGeneration int64 `json:"lastGeneration"` + + // hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + Hash string `json:"hash"` +} + +var ( + // Available indicates that the operand is present and accessible in the cluster + OperatorStatusTypeAvailable = "Available" + // Progressing indicates that the operator is trying to transition the operand to a different state + OperatorStatusTypeProgressing = "Progressing" + // Degraded indicates that the operator (not the operand) is unable to fulfill the user intent + OperatorStatusTypeDegraded = "Degraded" + // PrereqsSatisfied indicates that the things this operator depends on are present and at levels compatible with the + // current and desired states. + OperatorStatusTypePrereqsSatisfied = "PrereqsSatisfied" + // Upgradeable indicates that the operator configuration itself (not prereqs) can be auto-upgraded by the CVO + OperatorStatusTypeUpgradeable = "Upgradeable" +) + +// OperatorCondition is just the standard condition fields. +type OperatorCondition struct { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + Type string `json:"type" protobuf:"bytes,1,opt,name=type"` + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + Status ConditionStatus `json:"status"` + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` + + Reason string `json:"reason,omitempty"` + + Message string `json:"message,omitempty"` +} + +type ConditionStatus string + +const ( + ConditionTrue ConditionStatus = "True" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) + +// StaticPodOperatorSpec is spec for controllers that manage static pods. +type StaticPodOperatorSpec struct { + OperatorSpec `json:",inline"` + + // forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + // This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + // this time instead of failing again on the same config. + ForceRedeploymentReason string `json:"forceRedeploymentReason"` + + // failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + // -1 = unlimited, 0 or unset = 5 (default) + FailedRevisionLimit int32 `json:"failedRevisionLimit,omitempty"` + // succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + // -1 = unlimited, 0 or unset = 5 (default) + SucceededRevisionLimit int32 `json:"succeededRevisionLimit,omitempty"` +} + +// StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual +// node status must be tracked. +type StaticPodOperatorStatus struct { + OperatorStatus `json:",inline"` + + // latestAvailableRevisionReason describe the detailed reason for the most recent deployment + // +optional + LatestAvailableRevisionReason string `json:"latestAvailableRevisionReason,omitempty"` + + // nodeStatuses track the deployment values and errors across individual nodes + // +listType=map + // +listMapKey=nodeName + // +optional + NodeStatuses []NodeStatus `json:"nodeStatuses,omitempty"` +} + +// NodeStatus provides information about the current state of a particular node managed by this operator. +type NodeStatus struct { + // nodeName is the name of the node + // +kubebuilder:validation:Required + NodeName string `json:"nodeName"` + + // currentRevision is the generation of the most recently successful deployment + CurrentRevision int32 `json:"currentRevision"` + // targetRevision is the generation of the deployment we're trying to apply + TargetRevision int32 `json:"targetRevision,omitempty"` + + // lastFailedRevision is the generation of the deployment we tried and failed to deploy. + LastFailedRevision int32 `json:"lastFailedRevision,omitempty"` + // lastFailedTime is the time the last failed revision failed the last time. + LastFailedTime *metav1.Time `json:"lastFailedTime,omitempty"` + // lastFailedReason is a machine readable failure reason string. + LastFailedReason string `json:"lastFailedReason,omitempty"` + // lastFailedCount is how often the installer pod of the last failed revision failed. + LastFailedCount int `json:"lastFailedCount,omitempty"` + // lastFallbackCount is how often a fallback to a previous revision happened. + LastFallbackCount int `json:"lastFallbackCount,omitempty"` + // lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. + // +listType=atomic + LastFailedRevisionErrors []string `json:"lastFailedRevisionErrors,omitempty"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_authentication.go b/pkg/schemes/machineconfiguration/mctypes/types_authentication.go new file mode 100644 index 000000000..52812b31a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_authentication.go @@ -0,0 +1,69 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=authentications,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=authentication,operatorOrdering=01 +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true + +// Authentication provides information to configure an operator to manage authentication. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type Authentication struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +kubebuilder:validation:Required + // +required + Spec AuthenticationSpec `json:"spec,omitempty"` + // +optional + Status AuthenticationStatus `json:"status,omitempty"` +} + +type AuthenticationSpec struct { + OperatorSpec `json:",inline"` +} + +type AuthenticationStatus struct { + // OAuthAPIServer holds status specific only to oauth-apiserver + // +optional + OAuthAPIServer OAuthAPIServerStatus `json:"oauthAPIServer,omitempty"` + + OperatorStatus `json:",inline"` +} + +type OAuthAPIServerStatus struct { + // LatestAvailableRevision is the latest revision used as suffix of revisioned + // secrets like encryption-config. A new revision causes a new deployment of pods. + // +optional + // +kubebuilder:validation:Minimum=0 + LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// AuthenticationList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type AuthenticationList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Authentication `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_cloudcredential.go b/pkg/schemes/machineconfiguration/mctypes/types_cloudcredential.go new file mode 100644 index 000000000..26ca0f414 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_cloudcredential.go @@ -0,0 +1,93 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=cloudcredentials,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/692 +// +openshift:capability=CloudCredential +// +openshift:file-pattern=cvoRunLevel=0000_40,operatorName=cloud-credential,operatorOrdering=00 + +// CloudCredential provides a means to configure an operator to manage CredentialsRequests. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type CloudCredential struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +kubebuilder:validation:Required + // +required + Spec CloudCredentialSpec `json:"spec"` + // +optional + Status CloudCredentialStatus `json:"status"` +} + +// CloudCredentialsMode is the specified mode the cloud-credential-operator +// should reconcile CredentialsRequest with +// +kubebuilder:validation:Enum="";Manual;Mint;Passthrough +type CloudCredentialsMode string + +const ( + // CloudCredentialsModeManual tells cloud-credential-operator to not reconcile any CredentialsRequests + // (primarily used for the disconnected VPC use-cases). + CloudCredentialsModeManual CloudCredentialsMode = "Manual" + + // CloudCredentialsModeMint tells cloud-credential-operator to reconcile all CredentialsRequests + // by minting new users/credentials. + CloudCredentialsModeMint CloudCredentialsMode = "Mint" + + // CloudCredentialsModePassthrough tells cloud-credential-operator to reconcile all CredentialsRequests + // by copying the cloud-specific secret data. + CloudCredentialsModePassthrough CloudCredentialsMode = "Passthrough" + + // CloudCredentialsModeDefault puts CCO into the default mode of operation (per-cloud/platform defaults): + // AWS/Azure/GCP: dynamically determine cluster's cloud credential capabilities to affect + // processing of CredentialsRequests + // All other clouds/platforms (OpenStack, oVirt, vSphere, etc): run in "passthrough" mode + CloudCredentialsModeDefault CloudCredentialsMode = "" +) + +// CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator. +type CloudCredentialSpec struct { + OperatorSpec `json:",inline"` + // CredentialsMode allows informing CCO that it should not attempt to dynamically + // determine the root cloud credentials capabilities, and it should just run in + // the specified mode. + // It also allows putting the operator into "manual" mode if desired. + // Leaving the field in default mode runs CCO so that the cluster's cloud credentials + // will be dynamically probed for capabilities (on supported clouds/platforms). + // Supported modes: + // AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" + // Others: Do not set value as other platforms only support running in "Passthrough" + // +optional + CredentialsMode CloudCredentialsMode `json:"credentialsMode,omitempty"` +} + +// CloudCredentialStatus defines the observed status of the cloud-credential-operator. +type CloudCredentialStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type CloudCredentialList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []CloudCredential `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_config.go b/pkg/schemes/machineconfiguration/mctypes/types_config.go new file mode 100644 index 000000000..eb359ce39 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_config.go @@ -0,0 +1,61 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=configs,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/612 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 + +// Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components +// on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type Config struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the Config Operator. + // +kubebuilder:validation:Required + // +required + Spec ConfigSpec `json:"spec"` + + // status defines the observed status of the Config Operator. + // +optional + Status ConfigStatus `json:"status"` +} + +type ConfigSpec struct { + OperatorSpec `json:",inline"` +} + +type ConfigStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ConfigList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ConfigList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []Config `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_console.go b/pkg/schemes/machineconfiguration/mctypes/types_console.go new file mode 100644 index 000000000..e951c3719 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_console.go @@ -0,0 +1,479 @@ +package mctypes + +import ( + configv1 "github.com/openshift/api/config/v1" + authorizationv1 "k8s.io/api/authorization/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoles,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/486 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=console,operatorOrdering=01 + +// Console provides a means to configure an operator to manage the console. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type Console struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +kubebuilder:validation:Required + // +required + Spec ConsoleSpec `json:"spec,omitempty"` + // +optional + Status ConsoleStatus `json:"status,omitempty"` +} + +// ConsoleSpec is the specification of the desired behavior of the Console. +type ConsoleSpec struct { + OperatorSpec `json:",inline"` + // customization is used to optionally provide a small set of + // customization options to the web console. + // +optional + Customization ConsoleCustomization `json:"customization"` + // providers contains configuration for using specific service providers. + Providers ConsoleProviders `json:"providers"` + // route contains hostname and secret reference that contains the serving certificate. + // If a custom route is specified, a new route will be created with the + // provided hostname, under which console will be available. + // In case of custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. + // The default console route will be maintained to reserve the default hostname + // for console if the custom route is removed. + // If not specified, default route will be used. + // DEPRECATED + // +optional + Route ConsoleConfigRoute `json:"route"` + // plugins defines a list of enabled console plugin names. + // +optional + Plugins []string `json:"plugins,omitempty"` + // ingress allows to configure the alternative ingress for the console. + // This field is intended for clusters without ingress capability, + // where access to routes is not possible. + // +optional + Ingress Ingress `json:"ingress"` +} + +// ConsoleConfigRoute holds information on external route access to console. +// DEPRECATED +type ConsoleConfigRoute struct { + // hostname is the desired custom domain under which console will be available. + Hostname string `json:"hostname"` + // secret points to secret in the openshift-config namespace that contains custom + // certificate and key and needs to be created manually by the cluster admin. + // Referenced Secret is required to contain following key value pairs: + // - "tls.crt" - to specifies custom certificate + // - "tls.key" - to specifies private key of the custom certificate + // If the custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // +optional + Secret configv1.SecretNameReference `json:"secret"` +} + +// ConsoleStatus defines the observed status of the Console. +type ConsoleStatus struct { + OperatorStatus `json:",inline"` +} + +// ConsoleProviders defines a list of optional additional providers of +// functionality to the console. +type ConsoleProviders struct { + // statuspage contains ID for statuspage.io page that provides status info about. + // +optional + Statuspage *StatuspageProvider `json:"statuspage,omitempty"` +} + +// StatuspageProvider provides identity for statuspage account. +type StatuspageProvider struct { + // pageID is the unique ID assigned by Statuspage for your page. This must be a public page. + PageID string `json:"pageID"` +} + +// ConsoleCapabilityName defines name of UI capability in the console UI. +type ConsoleCapabilityName string + +const ( + // lightspeedButton is the name for the Lightspeed button HTML element. + LightspeedButton ConsoleCapabilityName = "LightspeedButton" + + // gettingStartedBanner is the name of the 'Getting started resources' banner in the console UI Overview page. + GettingStartedBanner ConsoleCapabilityName = "GettingStartedBanner" +) + +// CapabilityState defines the state of the capability in the console UI. +type CapabilityState string + +const ( + // "Enabled" means that the capability will be rendered in the console UI. + CapabilityEnabled CapabilityState = "Enabled" + // "Disabled" means that the capability will not be rendered in the console UI. + CapabilityDisabled CapabilityState = "Disabled" +) + +// CapabilityVisibility defines the criteria to enable/disable a capability. +// +union +type CapabilityVisibility struct { + // state defines if the capability is enabled or disabled in the console UI. + // Enabling the capability in the console UI is represented by the "Enabled" value. + // Disabling the capability in the console UI is represented by the "Disabled" value. + // +unionDiscriminator + // +kubebuilder:validation:Enum:="Enabled";"Disabled" + // +kubebuilder:validation:Required + State CapabilityState `json:"state"` +} + +// Capabilities contains set of UI capabilities and their state in the console UI. +type Capability struct { + // name is the unique name of a capability. + // Available capabilities are LightspeedButton and GettingStartedBanner. + // +kubebuilder:validation:Enum:="LightspeedButton";"GettingStartedBanner" + // +kubebuilder:validation:Required + Name ConsoleCapabilityName `json:"name"` + // visibility defines the visibility state of the capability. + // +kubebuilder:validation:Required + Visibility CapabilityVisibility `json:"visibility"` +} + +// ConsoleCustomization defines a list of optional configuration for the console UI. +type ConsoleCustomization struct { + // capabilities defines an array of capabilities that can be interacted with in the console UI. + // Each capability defines a visual state that can be interacted with the console to render in the UI. + // Available capabilities are LightspeedButton and GettingStartedBanner. + // Each of the available capabilities may appear only once in the list. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=2 + // +listType=map + // +listMapKey=name + // +optional + Capabilities []Capability `json:"capabilities,omitempty"` + // brand is the default branding of the web console which can be overridden by + // providing the brand field. There is a limited set of specific brand options. + // This field controls elements of the console such as the logo. + // Invalid value will prevent a console rollout. + // +kubebuilder:validation:Enum:=openshift;okd;online;ocp;dedicated;azure;OpenShift;OKD;Online;OCP;Dedicated;Azure;ROSA + Brand Brand `json:"brand,omitempty"` + // documentationBaseURL links to external documentation are shown in various sections + // of the web console. Providing documentationBaseURL will override the default + // documentation URL. + // Invalid value will prevent a console rollout. + // +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$` + DocumentationBaseURL string `json:"documentationBaseURL,omitempty"` + // customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog + // instead of the normal OpenShift product name. + // +optional + CustomProductName string `json:"customProductName,omitempty"` + // customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a + // ConfigMap in the openshift-config namespace. This can be created with a command like + // 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. + // Image size must be less than 1 MB due to constraints on the ConfigMap size. + // The ConfigMap key should include a file extension so that the console serves the file + // with the correct MIME type. + // Recommended logo specifications: + // Dimensions: Max height of 68px and max width of 200px + // SVG format preferred + // +optional + CustomLogoFile configv1.ConfigMapFileReference `json:"customLogoFile,omitempty"` + // developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs). + // +kubebuilder:validation:Optional + // +optional + DeveloperCatalog DeveloperConsoleCatalogCustomization `json:"developerCatalog,omitempty"` + // projectAccess allows customizing the available list of ClusterRoles in the Developer perspective + // Project access page which can be used by a project admin to specify roles to other users and + // restrict access within the project. If set, the list will replace the default ClusterRole options. + // +kubebuilder:validation:Optional + // +optional + ProjectAccess ProjectAccess `json:"projectAccess,omitempty"` + // quickStarts allows customization of available ConsoleQuickStart resources in console. + // +kubebuilder:validation:Optional + // +optional + QuickStarts QuickStarts `json:"quickStarts,omitempty"` + // addPage allows customizing actions on the Add page in developer perspective. + // +kubebuilder:validation:Optional + // +optional + AddPage AddPage `json:"addPage,omitempty"` + // perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown. + // +listType=map + // +listMapKey=id + // +optional + Perspectives []Perspective `json:"perspectives"` +} + +// ProjectAccess contains options for project access roles +type ProjectAccess struct { + // availableClusterRoles is the list of ClusterRole names that are assignable to users + // through the project access tab. + // +kubebuilder:validation:Optional + // +optional + AvailableClusterRoles []string `json:"availableClusterRoles,omitempty"` +} + +// CatalogTypesState defines the state of the catalog types based on which the types will be enabled or disabled. +type CatalogTypesState string + +const ( + CatalogTypeEnabled CatalogTypesState = "Enabled" + CatalogTypeDisabled CatalogTypesState = "Disabled" +) + +// DeveloperConsoleCatalogTypes defines the state of the sub-catalog types. +// +kubebuilder:validation:XValidation:rule="self.state == 'Enabled' ? true : !has(self.enabled)",message="enabled is forbidden when state is not Enabled" +// +kubebuilder:validation:XValidation:rule="self.state == 'Disabled' ? true : !has(self.disabled)",message="disabled is forbidden when state is not Disabled" +// +union +type DeveloperConsoleCatalogTypes struct { + // state defines if a list of catalog types should be enabled or disabled. + // +unionDiscriminator + // +kubebuilder:validation:Enum:="Enabled";"Disabled"; + // +kubebuilder:default:="Enabled" + // +default="Enabled" + // +kubebuilder:validation:Required + State CatalogTypesState `json:"state,omitempty"` + // enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. + // Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available + // in the console on the cluster configuration page, or when editing the YAML in the console. + // Example: "Devfile", "HelmChart", "BuilderImage" + // If the list is non-empty, a new type will not be shown to the user until it is added to list. + // If the list is empty the complete developer catalog will be shown. + // +listType=set + // +unionMember,optional + Enabled *[]string `json:"enabled,omitempty"` + // disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. + // Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available + // in the console on the cluster configuration page, or when editing the YAML in the console. + // Example: "Devfile", "HelmChart", "BuilderImage" + // If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden. + // +listType=set + // +unionMember,optional + Disabled *[]string `json:"disabled,omitempty"` +} + +// DeveloperConsoleCatalogCustomization allow cluster admin to configure developer catalog. +type DeveloperConsoleCatalogCustomization struct { + // categories which are shown in the developer catalog. + // +kubebuilder:validation:Optional + // +optional + Categories []DeveloperConsoleCatalogCategory `json:"categories,omitempty"` + // types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. + // When omitted, all the sub-catalog types will be shown. + // +optional + Types DeveloperConsoleCatalogTypes `json:"types,omitempty"` +} + +// DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category. +type DeveloperConsoleCatalogCategoryMeta struct { + // ID is an identifier used in the URL to enable deep linking in console. + // ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=32 + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9-_]+$` + // +required + ID string `json:"id"` + // label defines a category display label. It is required and must have 1-64 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +required + Label string `json:"label"` + // tags is a list of strings that will match the category. A selected category + // show all items which has at least one overlapping tag between category and item. + // +kubebuilder:validation:Optional + // +optional + Tags []string `json:"tags,omitempty"` +} + +// DeveloperConsoleCatalogCategory for the developer console catalog. +type DeveloperConsoleCatalogCategory struct { + // defines top level category ID, label and filter tags. + DeveloperConsoleCatalogCategoryMeta `json:",inline"` + // subcategories defines a list of child categories. + // +kubebuilder:validation:Optional + // +optional + Subcategories []DeveloperConsoleCatalogCategoryMeta `json:"subcategories,omitempty"` +} + +// QuickStarts allow cluster admins to customize available ConsoleQuickStart resources. +type QuickStarts struct { + // disabled is a list of ConsoleQuickStart resource names that are not shown to users. + // +kubebuilder:validation:Optional + // +optional + Disabled []string `json:"disabled,omitempty"` +} + +// AddPage allows customizing actions on the Add page in developer perspective. +type AddPage struct { + // disabledActions is a list of actions that are not shown to users. + // Each action in the list is represented by its ID. + // +kubebuilder:validation:Optional + // +kubebuilder:validation:MinItems=1 + // +optional + DisabledActions []string `json:"disabledActions,omitempty"` +} + +// PerspectiveState defines the visibility state of the perspective. "Enabled" means the perspective is shown. +// "Disabled" means the Perspective is hidden. +// "AccessReview" means access review check is required to show or hide a Perspective. +type PerspectiveState string + +const ( + PerspectiveEnabled PerspectiveState = "Enabled" + PerspectiveDisabled PerspectiveState = "Disabled" + PerspectiveAccessReview PerspectiveState = "AccessReview" +) + +// ResourceAttributesAccessReview defines the visibility of the perspective depending on the access review checks. +// `required` and `missing` can work together esp. in the case where the cluster admin +// wants to show another perspective to users without specific permissions. Out of `required` and `missing` atleast one property should be non-empty. +// +kubebuilder:validation:MinProperties:=1 +type ResourceAttributesAccessReview struct { + // required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list. + // +optional + Required []authorizationv1.ResourceAttributes `json:"required"` + // missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list. + // +optional + Missing []authorizationv1.ResourceAttributes `json:"missing"` +} + +// PerspectiveVisibility defines the criteria to show/hide a perspective +// +kubebuilder:validation:XValidation:rule="self.state == 'AccessReview' ? has(self.accessReview) : !has(self.accessReview)",message="accessReview configuration is required when state is AccessReview, and forbidden otherwise" +// +union +type PerspectiveVisibility struct { + // state defines the perspective is enabled or disabled or access review check is required. + // +unionDiscriminator + // +kubebuilder:validation:Enum:="Enabled";"Disabled";"AccessReview" + // +kubebuilder:validation:Required + State PerspectiveState `json:"state"` + // accessReview defines required and missing access review checks. + // +optional + AccessReview *ResourceAttributesAccessReview `json:"accessReview,omitempty"` +} + +// Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown +// +kubebuilder:validation:XValidation:rule="has(self.id) && self.id != 'dev'? !has(self.pinnedResources) : true",message="pinnedResources is allowed only for dev and forbidden for other perspectives" +// +optional +type Perspective struct { + // id defines the id of the perspective. + // Example: "dev", "admin". + // The available perspective ids can be found in the code snippet section next to the yaml editor. + // Incorrect or unknown ids will be ignored. + // +kubebuilder:validation:Required + ID string `json:"id"` + // visibility defines the state of perspective along with access review checks if needed for that perspective. + // +kubebuilder:validation:Required + Visibility PerspectiveVisibility `json:"visibility"` + // pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. + // The list of available Kubernetes resources could be read via `kubectl api-resources`. + // The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. + // Incorrect or unknown resources will be ignored. + // +kubebuilder:validation:MaxItems=100 + // +optional + PinnedResources *[]PinnedResourceReference `json:"pinnedResources,omitempty"` +} + +// PinnedResourceReference includes the group, version and type of resource +type PinnedResourceReference struct { + // group is the API Group of the Resource. + // Enter empty string for the core group. + // This value should consist of only lowercase alphanumeric characters, hyphens and periods. + // Example: "", "apps", "build.openshift.io", etc. + // +kubebuilder:validation:Pattern:="^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + // +kubebuilder:validation:Required + Group string `json:"group"` + // version is the API Version of the Resource. + // This value should consist of only lowercase alphanumeric characters. + // Example: "v1", "v1beta1", etc. + // +kubebuilder:validation:Pattern:="^[a-z0-9]+$" + // +kubebuilder:validation:Required + Version string `json:"version"` + // resource is the type that is being referenced. + // It is normally the plural form of the resource kind in lowercase. + // This value should consist of only lowercase alphanumeric characters and hyphens. + // Example: "deployments", "deploymentconfigs", "pods", etc. + // +kubebuilder:validation:Pattern:="^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + // +kubebuilder:validation:Required + Resource string `json:"resource"` +} + +// Brand is a specific supported brand within the console. +type Brand string + +const ( + // Legacy branding for OpenShift + BrandOpenShiftLegacy Brand = "openshift" + // Legacy branding for The Origin Community Distribution of Kubernetes + BrandOKDLegacy Brand = "okd" + // Legacy branding for OpenShift Online + BrandOnlineLegacy Brand = "online" + // Legacy branding for OpenShift Container Platform + BrandOCPLegacy Brand = "ocp" + // Legacy branding for OpenShift Dedicated + BrandDedicatedLegacy Brand = "dedicated" + // Legacy branding for Azure Red Hat OpenShift + BrandAzureLegacy Brand = "azure" + // Branding for OpenShift + BrandOpenShift Brand = "OpenShift" + // Branding for The Origin Community Distribution of Kubernetes + BrandOKD Brand = "OKD" + // Branding for OpenShift Online + BrandOnline Brand = "Online" + // Branding for OpenShift Container Platform + BrandOCP Brand = "OCP" + // Branding for OpenShift Dedicated + BrandDedicated Brand = "Dedicated" + // Branding for Azure Red Hat OpenShift + BrandAzure Brand = "Azure" + // Branding for Red Hat OpenShift Service on AWS + BrandROSA Brand = "ROSA" +) + +// Ingress allows cluster admin to configure alternative ingress for the console. +type Ingress struct { + // consoleURL is a URL to be used as the base console address. + // If not specified, the console route hostname will be used. + // This field is required for clusters without ingress capability, + // where access to routes is not possible. + // Make sure that appropriate ingress is set up at this URL. + // The console operator will monitor the URL and may go degraded + // if it's unreachable for an extended period. + // Must use the HTTPS scheme. + // +optional + // +kubebuilder:validation:XValidation:rule="size(self) == 0 || isURL(self)",message="console url must be a valid absolute URL" + // +kubebuilder:validation:XValidation:rule="size(self) == 0 || url(self).getScheme() == 'https'",message="console url scheme must be https" + // +kubebuilder:validation:MaxLength=1024 + ConsoleURL string `json:"consoleURL"` + // clientDownloadsURL is a URL to be used as the address to download client binaries. + // If not specified, the downloads route hostname will be used. + // This field is required for clusters without ingress capability, + // where access to routes is not possible. + // The console operator will monitor the URL and may go degraded + // if it's unreachable for an extended period. + // Must use the HTTPS scheme. + // +optional + // +kubebuilder:validation:XValidation:rule="size(self) == 0 || isURL(self)",message="client downloads url must be a valid absolute URL" + // +kubebuilder:validation:XValidation:rule="size(self) == 0 || url(self).getScheme() == 'https'",message="client downloads url scheme must be https" + // +kubebuilder:validation:MaxLength=1024 + ClientDownloadsURL string `json:"clientDownloadsURL"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ConsoleList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Console `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_csi_cluster_driver.go b/pkg/schemes/machineconfiguration/mctypes/types_csi_cluster_driver.go new file mode 100644 index 000000000..2cec82d5f --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_csi_cluster_driver.go @@ -0,0 +1,394 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ClusterCSIDriver is used to manage and configure CSI driver installed by default +// in OpenShift. An example configuration may look like: +// apiVersion: operator.openshift.io/v1 +// kind: "ClusterCSIDriver" +// metadata: +// name: "ebs.csi.aws.com" +// spec: +// logLevel: Debug + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clustercsidrivers,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/701 +// +openshift:file-pattern=cvoRunLevel=0000_90,operatorName=csi-driver,operatorOrdering=01 + +// ClusterCSIDriver object allows management and configuration of a CSI driver operator +// installed by default in OpenShift. Name of the object must be name of the CSI driver +// it operates. See CSIDriverName type for list of allowed values. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ClusterCSIDriver struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ClusterCSIDriverSpec `json:"spec"` + + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status ClusterCSIDriverStatus `json:"status"` +} + +// CSIDriverName is the name of the CSI driver +type CSIDriverName string + +// +kubebuilder:validation:Enum="";Managed;Unmanaged;Removed +// StorageClassStateName defines various configuration states for storageclass management +// and reconciliation by CSI operator. +type StorageClassStateName string + +const ( + // ManagedStorageClass means that the operator is actively managing its storage classes. + // Most manual changes made by cluster admin to storageclass will be wiped away by CSI + // operator if StorageClassState is set to Managed. + ManagedStorageClass StorageClassStateName = "Managed" + // UnmanagedStorageClass means that the operator is not actively managing storage classes. + // If StorageClassState is Unmanaged then CSI operator will not be actively reconciling storage class + // it previously created. This can be useful if cluster admin wants to modify storage class installed + // by CSI operator. + UnmanagedStorageClass StorageClassStateName = "Unmanaged" + // RemovedStorageClass instructs the operator to remove the storage class. + // If StorageClassState is Removed - CSI operator will delete storage classes it created + // previously. This can be useful in clusters where cluster admins want to prevent + // creation of dynamically provisioned volumes but still need rest of the features + // provided by CSI operator and driver. + RemovedStorageClass StorageClassStateName = "Removed" +) + +// If you are adding a new driver name here, ensure that 0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch file is also updated with new driver name. +const ( + AWSEBSCSIDriver CSIDriverName = "ebs.csi.aws.com" + AWSEFSCSIDriver CSIDriverName = "efs.csi.aws.com" + AzureDiskCSIDriver CSIDriverName = "disk.csi.azure.com" + AzureFileCSIDriver CSIDriverName = "file.csi.azure.com" + GCPFilestoreCSIDriver CSIDriverName = "filestore.csi.storage.gke.io" + GCPPDCSIDriver CSIDriverName = "pd.csi.storage.gke.io" + CinderCSIDriver CSIDriverName = "cinder.csi.openstack.org" + VSphereCSIDriver CSIDriverName = "csi.vsphere.vmware.com" + ManilaCSIDriver CSIDriverName = "manila.csi.openstack.org" + OvirtCSIDriver CSIDriverName = "csi.ovirt.org" + KubevirtCSIDriver CSIDriverName = "csi.kubevirt.io" + SharedResourcesCSIDriver CSIDriverName = "csi.sharedresource.openshift.io" + AlibabaDiskCSIDriver CSIDriverName = "diskplugin.csi.alibabacloud.com" + IBMVPCBlockCSIDriver CSIDriverName = "vpc.block.csi.ibm.io" + IBMPowerVSBlockCSIDriver CSIDriverName = "powervs.csi.ibm.com" + SecretsStoreCSIDriver CSIDriverName = "secrets-store.csi.k8s.io" + SambaCSIDriver CSIDriverName = "smb.csi.k8s.io" +) + +// ClusterCSIDriverSpec is the desired behavior of CSI driver operator +type ClusterCSIDriverSpec struct { + OperatorSpec `json:",inline"` + // StorageClassState determines if CSI operator should create and manage storage classes. + // If this field value is empty or Managed - CSI operator will continuously reconcile + // storage class and create if necessary. + // If this field value is Unmanaged - CSI operator will not reconcile any previously created + // storage class. + // If this field value is Removed - CSI operator will delete the storage class it created previously. + // When omitted, this means the user has no opinion and the platform chooses a reasonable default, + // which is subject to change over time. + // The current default behaviour is Managed. + // +optional + StorageClassState StorageClassStateName `json:"storageClassState,omitempty"` + + // driverConfig can be used to specify platform specific driver configuration. + // When omitted, this means no opinion and the platform is left to choose reasonable + // defaults. These defaults are subject to change over time. + // +optional + DriverConfig CSIDriverConfigSpec `json:"driverConfig"` +} + +// CSIDriverType indicates type of CSI driver being configured. +// +kubebuilder:validation:Enum="";AWS;Azure;GCP;IBMCloud;vSphere +type CSIDriverType string + +const ( + AWSDriverType CSIDriverType = "AWS" + AzureDriverType CSIDriverType = "Azure" + GCPDriverType CSIDriverType = "GCP" + IBMCloudDriverType CSIDriverType = "IBMCloud" + VSphereDriverType CSIDriverType = "vSphere" +) + +// CSIDriverConfigSpec defines configuration spec that can be +// used to optionally configure a specific CSI Driver. +// +kubebuilder:validation:XValidation:rule="has(self.driverType) && self.driverType == 'IBMCloud' ? has(self.ibmcloud) : !has(self.ibmcloud)",message="ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" +// +union +type CSIDriverConfigSpec struct { + // driverType indicates type of CSI driver for which the + // driverConfig is being applied to. + // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + // Consumers should treat unknown values as a NO-OP. + // +kubebuilder:validation:Required + // +unionDiscriminator + DriverType CSIDriverType `json:"driverType"` + + // aws is used to configure the AWS CSI driver. + // +optional + AWS *AWSCSIDriverConfigSpec `json:"aws,omitempty"` + + // azure is used to configure the Azure CSI driver. + // +optional + Azure *AzureCSIDriverConfigSpec `json:"azure,omitempty"` + + // gcp is used to configure the GCP CSI driver. + // +optional + GCP *GCPCSIDriverConfigSpec `json:"gcp,omitempty"` + + // ibmcloud is used to configure the IBM Cloud CSI driver. + // +optional + IBMCloud *IBMCloudCSIDriverConfigSpec `json:"ibmcloud,omitempty"` + + // vsphere is used to configure the vsphere CSI driver. + // +optional + VSphere *VSphereCSIDriverConfigSpec `json:"vSphere,omitempty"` +} + +// AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver. +type AWSCSIDriverConfigSpec struct { + // kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, + // rather than the default KMS key used by AWS. + // The value may be either the ARN or Alias ARN of a KMS key. + // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` + // +optional + KMSKeyARN string `json:"kmsKeyARN,omitempty"` + + // efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver. + // +openshift:enable:FeatureGate=AWSEFSDriverVolumeMetrics + // +optional + EFSVolumeMetrics *AWSEFSVolumeMetrics `json:"efsVolumeMetrics,omitempty"` +} + +// AWSEFSVolumeMetricsState defines the modes for collecting volume metrics in the AWS EFS CSI Driver. +// This can either enable recursive collection of volume metrics or disable metric collection entirely. +// +kubebuilder:validation:Enum:="RecursiveWalk";"Disabled" +type AWSEFSVolumeMetricsState string + +const ( + // AWSEFSVolumeMetricsRecursiveWalk indicates that volume metrics collection in the AWS EFS CSI Driver + // is performed by recursively walking through the files in the volume. + AWSEFSVolumeMetricsRecursiveWalk AWSEFSVolumeMetricsState = "RecursiveWalk" + + // AWSEFSVolumeMetricsDisabled indicates that volume metrics collection in the AWS EFS CSI Driver is disabled. + AWSEFSVolumeMetricsDisabled AWSEFSVolumeMetricsState = "Disabled" +) + +// AWSEFSVolumeMetrics defines the configuration for volume metrics in the EFS CSI Driver. +// +union +type AWSEFSVolumeMetrics struct { + // state defines the state of metric collection in the AWS EFS CSI Driver. + // This field is required and must be set to one of the following values: Disabled or RecursiveWalk. + // Disabled means no metrics collection will be performed. This is the default value. + // RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. + // This process may result in high CPU and memory usage, depending on the volume size. + // +unionDiscriminator + // +kubebuilder:validation:Required + State AWSEFSVolumeMetricsState `json:"state"` + + // recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver + // when the state is set to RecursiveWalk. + // +unionMember + // +optional + RecursiveWalk *AWSEFSVolumeMetricsRecursiveWalkConfig `json:"recursiveWalk,omitempty"` +} + +// AWSEFSVolumeMetricsRecursiveWalkConfig defines options for volume metrics in the EFS CSI Driver. +type AWSEFSVolumeMetricsRecursiveWalkConfig struct { + // refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. + // When omitted, this means no opinion and the platform is left to choose a reasonable + // default, which is subject to change over time. The current default is 240. + // The valid range is from 1 to 43200 minutes (30 days). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=43200 + // +optional + RefreshPeriodMinutes int32 `json:"refreshPeriodMinutes,omitempty"` + + // fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. + // When omitted, this means no opinion and the platform is left to choose a reasonable + // default, which is subject to change over time. The current default is 5. + // The valid range is from 1 to 100 goroutines. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=100 + // +optional + FSRateLimit int32 `json:"fsRateLimit,omitempty"` +} + +// AzureDiskEncryptionSet defines the configuration for a disk encryption set. +type AzureDiskEncryptionSet struct { + // subscriptionID defines the Azure subscription that contains the disk encryption set. + // The value should meet the following conditions: + // 1. It should be a 128-bit number. + // 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. + // 3. It should be displayed in five groups separated by hyphens (-). + // 4. The first group should be 8 characters long. + // 5. The second, third, and fourth groups should be 4 characters long. + // 6. The fifth group should be 12 characters long. + // An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378 + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength:=36 + // +kubebuilder:validation:Pattern:=`^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$` + SubscriptionID string `json:"subscriptionID"` + + // resourceGroup defines the Azure resource group that contains the disk encryption set. + // The value should consist of only alphanumberic characters, + // underscores (_), parentheses, hyphens and periods. + // The value should not end in a period and be at most 90 characters in + // length. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength:=90 + // +kubebuilder:validation:Pattern:=`^[\w\.\-\(\)]*[\w\-\(\)]$` + ResourceGroup string `json:"resourceGroup"` + + // name is the name of the disk encryption set that will be set on the default storage class. + // The value should consist of only alphanumberic characters, + // underscores (_), hyphens, and be at most 80 characters in length. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength:=80 + // +kubebuilder:validation:Pattern:=`^[a-zA-Z0-9\_-]+$` + Name string `json:"name"` +} + +// AzureCSIDriverConfigSpec defines properties that can be configured for the Azure CSI driver. +type AzureCSIDriverConfigSpec struct { + // diskEncryptionSet sets the cluster default storage class to encrypt volumes with a + // customer-managed encryption set, rather than the default platform-managed keys. + // +optional + DiskEncryptionSet *AzureDiskEncryptionSet `json:"diskEncryptionSet,omitempty"` +} + +// GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key +type GCPKMSKeyReference struct { + // name is the name of the customer-managed encryption key to be used for disk encryption. + // The value should correspond to an existing KMS key and should + // consist of only alphanumeric characters, hyphens (-) and underscores (_), + // and be at most 63 characters in length. + // +kubebuilder:validation:Pattern:=`^[a-zA-Z0-9\_-]+$` + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Required + Name string `json:"name"` + + // keyRing is the name of the KMS Key Ring which the KMS Key belongs to. + // The value should correspond to an existing KMS key ring and should + // consist of only alphanumeric characters, hyphens (-) and underscores (_), + // and be at most 63 characters in length. + // +kubebuilder:validation:Pattern:=`^[a-zA-Z0-9\_-]+$` + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Required + KeyRing string `json:"keyRing"` + + // projectID is the ID of the Project in which the KMS Key Ring exists. + // It must be 6 to 30 lowercase letters, digits, or hyphens. + // It must start with a letter. Trailing hyphens are prohibited. + // +kubebuilder:validation:Pattern:=`^[a-z][a-z0-9-]+[a-z0-9]$` + // +kubebuilder:validation:MinLength:=6 + // +kubebuilder:validation:MaxLength:=30 + // +kubebuilder:validation:Required + ProjectID string `json:"projectID"` + + // location is the GCP location in which the Key Ring exists. + // The value must match an existing GCP location, or "global". + // Defaults to global, if not set. + // +kubebuilder:validation:Pattern:=`^[a-zA-Z0-9\_-]+$` + // +optional + Location string `json:"location,omitempty"` +} + +// GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver. +type GCPCSIDriverConfigSpec struct { + // kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied + // encryption keys, rather than the default keys managed by GCP. + // +optional + KMSKey *GCPKMSKeyReference `json:"kmsKey,omitempty"` +} + +// IBMCloudCSIDriverConfigSpec defines the properties that can be configured for the IBM Cloud CSI driver. +type IBMCloudCSIDriverConfigSpec struct { + // encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use + // for disk encryption of volumes for the default storage classes. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength:=154 + // +kubebuilder:validation:MinLength:=144 + // +kubebuilder:validation:Pattern:=`^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$` + EncryptionKeyCRN string `json:"encryptionKeyCRN"` +} + +// VSphereCSIDriverConfigSpec defines properties that +// can be configured for vsphere CSI driver. +type VSphereCSIDriverConfigSpec struct { + // topologyCategories indicates tag categories with which + // vcenter resources such as hostcluster or datacenter were tagged with. + // If cluster Infrastructure object has a topology, values specified in + // Infrastructure object will be used and modifications to topologyCategories + // will be rejected. + // +listType=atomic + // +optional + TopologyCategories []string `json:"topologyCategories,omitempty"` + + // globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of + // datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. + // Snapshots can not be disabled using this parameter. + // Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 + // Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32 + // +openshift:enable:FeatureGate=VSphereDriverConfiguration + // +optional + GlobalMaxSnapshotsPerBlockVolume *uint32 `json:"globalMaxSnapshotsPerBlockVolume,omitempty"` + + // granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It + // overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + // Snapshots for VSAN can not be disabled using this parameter. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32 + // +openshift:enable:FeatureGate=VSphereDriverConfiguration + // +optional + GranularMaxSnapshotsPerBlockVolumeInVSAN *uint32 `json:"granularMaxSnapshotsPerBlockVolumeInVSAN,omitempty"` + + // granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. + // It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + // Snapshots for VVOL can not be disabled using this parameter. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32 + // +openshift:enable:FeatureGate=VSphereDriverConfiguration + // +optional + GranularMaxSnapshotsPerBlockVolumeInVVOL *uint32 `json:"granularMaxSnapshotsPerBlockVolumeInVVOL,omitempty"` +} + +// ClusterCSIDriverStatus is the observed status of CSI driver operator +type ClusterCSIDriverStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterCSIDriverList contains a list of ClusterCSIDriver +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ClusterCSIDriverList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + Items []ClusterCSIDriver `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_csi_snapshot.go b/pkg/schemes/machineconfiguration/mctypes/types_csi_snapshot.go new file mode 100644 index 000000000..62b31e03c --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_csi_snapshot.go @@ -0,0 +1,61 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=csisnapshotcontrollers,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/562 +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=csi-snapshot-controller,operatorOrdering=01 + +// CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type CSISnapshotController struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec CSISnapshotControllerSpec `json:"spec"` + + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status CSISnapshotControllerStatus `json:"status"` +} + +// CSISnapshotControllerSpec is the specification of the desired behavior of the CSISnapshotController operator. +type CSISnapshotControllerSpec struct { + OperatorSpec `json:",inline"` +} + +// CSISnapshotControllerStatus defines the observed status of the CSISnapshotController operator. +type CSISnapshotControllerStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CSISnapshotControllerList contains a list of CSISnapshotControllers. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type CSISnapshotControllerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + Items []CSISnapshotController `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_dns.go b/pkg/schemes/machineconfiguration/mctypes/types_dns.go new file mode 100644 index 000000000..97b66ebfa --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_dns.go @@ -0,0 +1,530 @@ +package mctypes + +import ( + v1 "github.com/openshift/api/config/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=dnses,scope=Cluster +// +kubebuilder:subresource:status +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_70,operatorName=dns,operatorOrdering=00 + +// DNS manages the CoreDNS component to provide a name resolution service +// for pods and services in the cluster. +// +// This supports the DNS-based service discovery specification: +// https://github.com/kubernetes/dns/blob/master/docs/specification.md +// +// More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type DNS struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the specification of the desired behavior of the DNS. + Spec DNSSpec `json:"spec,omitempty"` + // status is the most recently observed status of the DNS. + Status DNSStatus `json:"status,omitempty"` +} + +// DNSSpec is the specification of the desired behavior of the DNS. +type DNSSpec struct { + // servers is a list of DNS resolvers that provide name query delegation for one or + // more subdomains outside the scope of the cluster domain. If servers consists of + // more than one Server, longest suffix match will be used to determine the Server. + // + // For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", + // and the name query is for "www.a.foo.com", it will be routed to the Server with Zone + // "a.foo.com". + // + // If this field is nil, no servers are created. + // + // +optional + Servers []Server `json:"servers,omitempty"` + + // upstreamResolvers defines a schema for configuring CoreDNS + // to proxy DNS messages to upstream resolvers for the case of the + // default (".") server + // + // If this field is not specified, the upstream used will default to + // /etc/resolv.conf, with policy "sequential" + // + // +optional + UpstreamResolvers UpstreamResolvers `json:"upstreamResolvers"` + + // nodePlacement provides explicit control over the scheduling of DNS + // pods. + // + // Generally, it is useful to run a DNS pod on every node so that DNS + // queries are always handled by a local DNS pod instead of going over + // the network to a DNS pod on another node. However, security policies + // may require restricting the placement of DNS pods to specific nodes. + // For example, if a security policy prohibits pods on arbitrary nodes + // from communicating with the API, a node selector can be specified to + // restrict DNS pods to nodes that are permitted to communicate with the + // API. Conversely, if running DNS pods on nodes with a particular + // taint is desired, a toleration can be specified for that taint. + // + // If unset, defaults are used. See nodePlacement for more details. + // + // +optional + NodePlacement DNSNodePlacement `json:"nodePlacement,omitempty"` + + // managementState indicates whether the DNS operator should manage cluster + // DNS + // +optional + ManagementState ManagementState `json:"managementState,omitempty"` + + // operatorLogLevel controls the logging level of the DNS Operator. + // Valid values are: "Normal", "Debug", "Trace". + // Defaults to "Normal". + // setting operatorLogLevel: Trace will produce extremely verbose logs. + // +optional + // +kubebuilder:default=Normal + OperatorLogLevel DNSLogLevel `json:"operatorLogLevel,omitempty"` + + // logLevel describes the desired logging verbosity for CoreDNS. + // Any one of the following values may be specified: + // * Normal logs errors from upstream resolvers. + // * Debug logs errors, NXDOMAIN responses, and NODATA responses. + // * Trace logs errors and all responses. + // Setting logLevel: Trace will produce extremely verbose logs. + // Valid values are: "Normal", "Debug", "Trace". + // Defaults to "Normal". + // +optional + // +kubebuilder:default=Normal + LogLevel DNSLogLevel `json:"logLevel,omitempty"` + + // cache describes the caching configuration that applies to all server blocks listed in the Corefile. + // This field allows a cluster admin to optionally configure: + // * positiveTTL which is a duration for which positive responses should be cached. + // * negativeTTL which is a duration for which negative responses should be cached. + // If this is not configured, OpenShift will configure positive and negative caching with a default value that is + // subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is + // 30 seconds or as noted in the respective Corefile for your version of OpenShift. + // +optional + Cache DNSCache `json:"cache,omitempty"` +} + +// DNSCache defines the fields for configuring DNS caching. +type DNSCache struct { + // positiveTTL is optional and specifies the amount of time that a positive response should be cached. + // + // If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This + // field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, + // e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. + // If the configured value is less than 1s, the default value will be used. + // If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted + // otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject + // to change. + // +kubebuilder:validation:Pattern=^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + // +kubebuilder:validation:Type:=string + // +optional + PositiveTTL metav1.Duration `json:"positiveTTL,omitempty"` + + // negativeTTL is optional and specifies the amount of time that a negative response should be cached. + // + // If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This + // field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, + // e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. + // If the configured value is less than 1s, the default value will be used. + // If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted + // otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject + // to change. + // +kubebuilder:validation:Pattern=^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + // +kubebuilder:validation:Type:=string + // +optional + NegativeTTL metav1.Duration `json:"negativeTTL,omitempty"` +} + +// +kubebuilder:validation:Enum:=Normal;Debug;Trace +type DNSLogLevel string + +var ( + // Normal is the default. Normal, working log information, everything is fine, but helpful notices for auditing or common operations. In kube, this is probably glog=2. + DNSLogLevelNormal DNSLogLevel = "Normal" + + // Debug is used when something went wrong. Even common operations may be logged, and less helpful but more quantity of notices. In kube, this is probably glog=4. + DNSLogLevelDebug DNSLogLevel = "Debug" + + // Trace is used when something went really badly and even more verbose logs are needed. Logging every function call as part of a common operation, to tracing execution of a query. In kube, this is probably glog=6. + DNSLogLevelTrace DNSLogLevel = "Trace" +) + +// Server defines the schema for a server that runs per instance of CoreDNS. +type Server struct { + // name is required and specifies a unique name for the server. Name must comply + // with the Service Name Syntax of rfc6335. + Name string `json:"name"` + // zones is required and specifies the subdomains that Server is authoritative for. + // Zones must conform to the rfc1123 definition of a subdomain. Specifying the + // cluster domain (i.e., "cluster.local") is invalid. + Zones []string `json:"zones"` + // forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages + // to upstream resolvers. + ForwardPlugin ForwardPlugin `json:"forwardPlugin"` +} + +// DNSTransport indicates what type of connection should be used. +// +kubebuilder:validation:Enum=TLS;Cleartext;"" +type DNSTransport string + +const ( + // TLSTransport indicates that TLS should be used for the connection. + TLSTransport DNSTransport = "TLS" + + // CleartextTransport indicates that no encryption should be used for + // the connection. + CleartextTransport DNSTransport = "Cleartext" +) + +// DNSTransportConfig groups related configuration parameters used for configuring +// forwarding to upstream resolvers that support DNS-over-TLS. +// +union +type DNSTransportConfig struct { + // transport allows cluster administrators to opt-in to using a DNS-over-TLS + // connection between cluster DNS and an upstream resolver(s). Configuring + // TLS as the transport at this level without configuring a CABundle will + // result in the system certificates being used to verify the serving + // certificate of the upstream resolver(s). + // + // Possible values: + // "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject + // to change over time. The current default is "Cleartext". + // "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality + // as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, + // or wants to switch from "TLS" to "Cleartext" explicitly. + // "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, + // you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default + // per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. + // + // +optional + // +unionDiscriminator + Transport DNSTransport `json:"transport,omitempty"` + + // tls contains the additional configuration options to use when Transport is set to "TLS". + TLS *DNSOverTLSConfig `json:"tls,omitempty"` +} + +// DNSOverTLSConfig describes optional DNSTransportConfig fields that should be captured. +type DNSOverTLSConfig struct { + // serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is + // set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the + // TLS certificate installed in the upstream resolver(s). + // + // + --- + // + Inspired by the DNS1123 patterns in Kubernetes: https://github.com/kubernetes/kubernetes/blob/7c46f40bdf89a437ecdbc01df45e235b5f6d9745/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go#L178-L218 + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + ServerName string `json:"serverName"` + + // caBundle references a ConfigMap that must contain either a single + // CA Certificate or a CA Bundle. This allows cluster administrators to provide their + // own CA or CA bundle for validating the certificate of upstream resolvers. + // + // 1. The configmap must contain a `ca-bundle.crt` key. + // 2. The value must be a PEM encoded CA certificate or CA bundle. + // 3. The administrator must create this configmap in the openshift-config namespace. + // 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. + // + // +optional + CABundle v1.ConfigMapNameReference `json:"caBundle,omitempty"` +} + +// ForwardingPolicy is the policy to use when forwarding DNS requests. +// +kubebuilder:validation:Enum=Random;RoundRobin;Sequential +type ForwardingPolicy string + +const ( + // RandomForwardingPolicy picks a random upstream server for each query. + RandomForwardingPolicy ForwardingPolicy = "Random" + + // RoundRobinForwardingPolicy picks upstream servers in a round-robin order, moving to the next server for each new query. + RoundRobinForwardingPolicy ForwardingPolicy = "RoundRobin" + + // SequentialForwardingPolicy tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + SequentialForwardingPolicy ForwardingPolicy = "Sequential" +) + +// ForwardPlugin defines a schema for configuring the CoreDNS forward plugin. +type ForwardPlugin struct { + // upstreams is a list of resolvers to forward name queries for subdomains of Zones. + // Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream + // returns an error during the exchange, another resolver is tried from Upstreams. The + // Upstreams are selected in the order specified in Policy. Each upstream is represented + // by an IP address or IP:port if the upstream listens on a port other than 53. + // + // A maximum of 15 upstreams is allowed per ForwardPlugin. + // + // +kubebuilder:validation:MaxItems=15 + Upstreams []string `json:"upstreams"` + + // policy is used to determine the order in which upstream servers are selected for querying. + // Any one of the following values may be specified: + // + // * "Random" picks a random upstream server for each query. + // * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. + // * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + // + // The default value is "Random" + // + // +optional + // +kubebuilder:default:="Random" + Policy ForwardingPolicy `json:"policy,omitempty"` + + // transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use + // when forwarding DNS requests to an upstream resolver. + // + // The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS + // requests to an upstream resolver. + // + // +optional + TransportConfig DNSTransportConfig `json:"transportConfig,omitempty"` + + // protocolStrategy specifies the protocol to use for upstream DNS + // requests. + // Valid values for protocolStrategy are "TCP" and omitted. + // When omitted, this means no opinion and the platform is left to choose + // a reasonable default, which is subject to change over time. + // The current default is to use the protocol of the original client request. + // "TCP" specifies that the platform should use TCP for all upstream DNS requests, + // even if the client request uses UDP. + // "TCP" is useful for UDP-specific issues such as those created by + // non-compliant upstream resolvers, but may consume more bandwidth or + // increase DNS response time. Note that protocolStrategy only affects + // the protocol of DNS requests that CoreDNS makes to upstream resolvers. + // It does not affect the protocol of DNS requests between clients and + // CoreDNS. + // + // +optional + ProtocolStrategy ProtocolStrategy `json:"protocolStrategy"` +} + +// UpstreamResolvers defines a schema for configuring the CoreDNS forward plugin in the +// specific case of the default (".") server. +// It defers from ForwardPlugin in the default values it accepts: +// * At least one upstream should be specified. +// * the default policy is Sequential +type UpstreamResolvers struct { + // Upstreams is a list of resolvers to forward name queries for the "." domain. + // Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream + // returns an error during the exchange, another resolver is tried from Upstreams. The + // Upstreams are selected in the order specified in Policy. + // + // A maximum of 15 upstreams is allowed per ForwardPlugin. + // If no Upstreams are specified, /etc/resolv.conf is used by default + // + // +optional + // +kubebuilder:validation:MaxItems=15 + // +kubebuilder:default={{"type":"SystemResolvConf"}} + Upstreams []Upstream `json:"upstreams"` + + // Policy is used to determine the order in which upstream servers are selected for querying. + // Any one of the following values may be specified: + // + // * "Random" picks a random upstream server for each query. + // * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. + // * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + // + // The default value is "Sequential" + // + // +optional + // +kubebuilder:default="Sequential" + Policy ForwardingPolicy `json:"policy,omitempty"` + + // transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use + // when forwarding DNS requests to an upstream resolver. + // + // The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS + // requests to an upstream resolver. + // + // +optional + TransportConfig DNSTransportConfig `json:"transportConfig,omitempty"` + + // protocolStrategy specifies the protocol to use for upstream DNS + // requests. + // Valid values for protocolStrategy are "TCP" and omitted. + // When omitted, this means no opinion and the platform is left to choose + // a reasonable default, which is subject to change over time. + // The current default is to use the protocol of the original client request. + // "TCP" specifies that the platform should use TCP for all upstream DNS requests, + // even if the client request uses UDP. + // "TCP" is useful for UDP-specific issues such as those created by + // non-compliant upstream resolvers, but may consume more bandwidth or + // increase DNS response time. Note that protocolStrategy only affects + // the protocol of DNS requests that CoreDNS makes to upstream resolvers. + // It does not affect the protocol of DNS requests between clients and + // CoreDNS. + // + // +optional + ProtocolStrategy ProtocolStrategy `json:"protocolStrategy"` +} + +// Upstream can either be of type SystemResolvConf, or of type Network. +// +// - For an Upstream of type SystemResolvConf, no further fields are necessary: +// The upstream will be configured to use /etc/resolv.conf. +// - For an Upstream of type Network, a NetworkResolver field needs to be defined +// with an IP address or IP:port if the upstream listens on a port other than 53. +type Upstream struct { + + // Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. + // Type accepts 2 possible values: SystemResolvConf or Network. + // + // * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: + // /etc/resolv.conf will be used + // * When Network is used, the Upstream structure must contain at least an Address + // + // +kubebuilder:validation:Required + // +required + Type UpstreamType `json:"type"` + + // Address must be defined when Type is set to Network. It will be ignored otherwise. + // It must be a valid ipv4 or ipv6 address. + // + // +optional + // +kubebuilder:validation:Optional + Address string `json:"address,omitempty"` + + // Port may be defined when Type is set to Network. It will be ignored otherwise. + // Port must be between 65535 + // + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 + // +kubebuilder:validation:Optional + // +kubebuilder:default=53 + Port uint32 `json:"port,omitempty"` +} + +// +kubebuilder:validation:Enum=SystemResolvConf;Network;"" +type UpstreamType string + +const ( + SystemResolveConfType UpstreamType = "SystemResolvConf" + NetworkResolverType UpstreamType = "Network" +) + +// ProtocolStrategy is a preference for the protocol to use for DNS queries. +// + --- +// + When consumers observe an unknown value, they should use the default strategy. +// +kubebuilder:validation:Enum:=TCP;"" +type ProtocolStrategy string + +var ( + // ProtocolStrategyDefault specifies no opinion for DNS protocol. + // If empty, the default behavior of CoreDNS is used. Currently, this means that CoreDNS uses the protocol of the + // originating client request as the upstream protocol. + // Note that the default behavior of CoreDNS is subject to change. + ProtocolStrategyDefault ProtocolStrategy = "" + + // ProtocolStrategyTCP instructs CoreDNS to always use TCP, regardless of the originating client's request protocol. + ProtocolStrategyTCP ProtocolStrategy = "TCP" +) + +// DNSNodePlacement describes the node scheduling configuration for DNS pods. +type DNSNodePlacement struct { + // nodeSelector is the node selector applied to DNS pods. + // + // If empty, the default is used, which is currently the following: + // + // kubernetes.io/os: linux + // + // This default is subject to change. + // + // If set, the specified selector is used and replaces the default. + // + // +optional + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // tolerations is a list of tolerations applied to DNS pods. + // + // If empty, the DNS operator sets a toleration for the + // "node-role.kubernetes.io/master" taint. This default is subject to + // change. Specifying tolerations without including a toleration for + // the "node-role.kubernetes.io/master" taint may be risky as it could + // lead to an outage if all worker nodes become unavailable. + // + // Note that the daemon controller adds some tolerations as well. See + // https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + // + // +optional + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` +} + +const ( + // Available indicates the DNS controller daemonset is available. + DNSAvailable = "Available" +) + +// DNSStatus defines the observed status of the DNS. +type DNSStatus struct { + // clusterIP is the service IP through which this DNS is made available. + // + // In the case of the default DNS, this will be a well known IP that is used + // as the default nameserver for pods that are using the default ClusterFirst DNS policy. + // + // In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list + // or used explicitly when performing name resolution from within the cluster. + // Example: dig foo.com @ + // + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // + // +kubebuilder:validation:Required + // +required + ClusterIP string `json:"clusterIP"` + + // clusterDomain is the local cluster DNS domain suffix for DNS services. + // This will be a subdomain as defined in RFC 1034, + // section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 + // Example: "cluster.local" + // + // More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service + // + // +kubebuilder:validation:Required + // +required + ClusterDomain string `json:"clusterDomain"` + + // conditions provide information about the state of the DNS on the cluster. + // + // These are the supported DNS conditions: + // + // * Available + // - True if the following conditions are met: + // * DNS controller daemonset is available. + // - False if any of those conditions are unsatisfied. + // + // +patchMergeKey=type + // +patchStrategy=merge + // +optional + Conditions []OperatorCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// DNSList contains a list of DNS +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type DNSList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + Items []DNS `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_etcd.go b/pkg/schemes/machineconfiguration/mctypes/types_etcd.go new file mode 100644 index 000000000..eb129ad8a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_etcd.go @@ -0,0 +1,98 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=etcds,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/752 +// +openshift:file-pattern=cvoRunLevel=0000_12,operatorName=etcd,operatorOrdering=01 + +// Etcd provides information to configure an operator to manage etcd. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type Etcd struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // +kubebuilder:validation:Required + // +required + Spec EtcdSpec `json:"spec"` + // +optional + Status EtcdStatus `json:"status"` +} + +type EtcdSpec struct { + StaticPodOperatorSpec `json:",inline"` + // HardwareSpeed allows user to change the etcd tuning profile which configures + // the latency parameters for heartbeat interval and leader election timeouts + // allowing the cluster to tolerate longer round-trip-times between etcd members. + // Valid values are "", "Standard" and "Slower". + // "" means no opinion and the platform is left to choose a reasonable default + // which is subject to change without notice. + // +kubebuilder:validation:Optional + // +openshift:enable:FeatureGate=HardwareSpeed + // +optional + HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` + + // backendQuotaGiB sets the etcd backend storage size limit in gibibytes. + // The value should be an integer not less than 8 and not more than 32. + // When not specified, the default value is 8. + // +kubebuilder:default:=8 + // +kubebuilder:validation:Minimum=8 + // +kubebuilder:validation:Maximum=32 + // +kubebuilder:validation:XValidation:rule="self>=oldSelf",message="etcd backendQuotaGiB may not be decreased" + // +openshift:enable:FeatureGate=EtcdBackendQuota + // +default=8 + // +optional + BackendQuotaGiB int32 `json:"backendQuotaGiB,omitempty"` +} + +type EtcdStatus struct { + StaticPodOperatorStatus `json:",inline"` + HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` +} + +const ( + // StandardHardwareSpeed provides the normal tolerances for hardware speed and latency. + // Currently sets (values subject to change at any time): + // ETCD_HEARTBEAT_INTERVAL: 100ms + // ETCD_LEADER_ELECTION_TIMEOUT: 1000ms + StandardHardwareSpeed ControlPlaneHardwareSpeed = "Standard" + // SlowerHardwareSpeed provides more tolerance for slower hardware and/or higher latency networks. + // Sets (values subject to change): + // ETCD_HEARTBEAT_INTERVAL: 5x Standard + // ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard + SlowerHardwareSpeed ControlPlaneHardwareSpeed = "Slower" +) + +// ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels +// +enum +// +kubebuilder:validation:Enum:="";Standard;Slower +type ControlPlaneHardwareSpeed string + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KubeAPISOperatorConfigList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type EtcdList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []Etcd `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_ingress.go b/pkg/schemes/machineconfiguration/mctypes/types_ingress.go new file mode 100644 index 000000000..52d04dbda --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_ingress.go @@ -0,0 +1,2070 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + + corev1 "k8s.io/api/core/v1" + + configv1 "github.com/openshift/api/config/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.availableReplicas,selectorpath=.status.selector +// +kubebuilder:resource:path=ingresscontrollers,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/616 +// +openshift:capability=Ingress +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=ingress,operatorOrdering=00 + +// IngressController describes a managed ingress controller for the cluster. The +// controller can service OpenShift Route and Kubernetes Ingress resources. +// +// When an IngressController is created, a new ingress controller deployment is +// created to allow external traffic to reach the services that expose Ingress +// or Route resources. Updating this resource may lead to disruption for public +// facing network connections as a new ingress controller revision may be rolled +// out. +// +// https://kubernetes.io/docs/concepts/services-networking/ingress-controllers +// +// Whenever possible, sensible defaults for the platform are used. See each +// field for more details. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type IngressController struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the specification of the desired behavior of the IngressController. + Spec IngressControllerSpec `json:"spec,omitempty"` + // status is the most recently observed status of the IngressController. + Status IngressControllerStatus `json:"status,omitempty"` +} + +// IngressControllerSpec is the specification of the desired behavior of the +// IngressController. +type IngressControllerSpec struct { + // domain is a DNS name serviced by the ingress controller and is used to + // configure multiple features: + // + // * For the LoadBalancerService endpoint publishing strategy, domain is + // used to configure DNS records. See endpointPublishingStrategy. + // + // * When using a generated default certificate, the certificate will be valid + // for domain and its subdomains. See defaultCertificate. + // + // * The value is published to individual Route statuses so that end-users + // know where to target external DNS records. + // + // domain must be unique among all IngressControllers, and cannot be + // updated. + // + // If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. + // + // +optional + Domain string `json:"domain,omitempty"` + + // httpErrorCodePages specifies a configmap with custom error pages. + // The administrator must create this configmap in the openshift-config namespace. + // This configmap should have keys in the format "error-page-.http", + // where is an HTTP error code. + // For example, "error-page-503.http" defines an error page for HTTP 503 responses. + // Currently only error pages for 503 and 404 responses can be customized. + // Each value in the configmap should be the full response, including HTTP headers. + // Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http + // If this field is empty, the ingress controller uses the default error pages. + HttpErrorCodePages configv1.ConfigMapNameReference `json:"httpErrorCodePages,omitempty"` + + // replicas is the desired number of ingress controller replicas. If unset, + // the default depends on the value of the defaultPlacement field in the + // cluster config.openshift.io/v1/ingresses status. + // + // The value of replicas is set based on the value of a chosen field in the + // Infrastructure CR. If defaultPlacement is set to ControlPlane, the + // chosen field will be controlPlaneTopology. If it is set to Workers the + // chosen field will be infrastructureTopology. Replicas will then be set to 1 + // or 2 based whether the chosen field's value is SingleReplica or + // HighlyAvailable, respectively. + // + // These defaults are subject to change. + // + // +optional + Replicas *int32 `json:"replicas,omitempty"` + + // endpointPublishingStrategy is used to publish the ingress controller + // endpoints to other networks, enable load balancer integrations, etc. + // + // If unset, the default is based on + // infrastructure.config.openshift.io/cluster .status.platform: + // + // AWS: LoadBalancerService (with External scope) + // Azure: LoadBalancerService (with External scope) + // GCP: LoadBalancerService (with External scope) + // IBMCloud: LoadBalancerService (with External scope) + // AlibabaCloud: LoadBalancerService (with External scope) + // Libvirt: HostNetwork + // + // Any other platform types (including None) default to HostNetwork. + // + // endpointPublishingStrategy cannot be updated. + // + // +optional + EndpointPublishingStrategy *EndpointPublishingStrategy `json:"endpointPublishingStrategy,omitempty"` + + // defaultCertificate is a reference to a secret containing the default + // certificate served by the ingress controller. When Routes don't specify + // their own certificate, defaultCertificate is used. + // + // The secret must contain the following keys and data: + // + // tls.crt: certificate file contents + // tls.key: key file contents + // + // If unset, a wildcard certificate is automatically generated and used. The + // certificate is valid for the ingress controller domain (and subdomains) and + // the generated certificate's CA will be automatically integrated with the + // cluster's trust store. + // + // If a wildcard certificate is used and shared by multiple + // HTTP/2 enabled routes (which implies ALPN) then clients + // (i.e., notably browsers) are at liberty to reuse open + // connections. This means a client can reuse a connection to + // another route and that is likely to fail. This behaviour is + // generally known as connection coalescing. + // + // The in-use certificate (whether generated or user-specified) will be + // automatically integrated with OpenShift's built-in OAuth server. + // + // +optional + DefaultCertificate *corev1.LocalObjectReference `json:"defaultCertificate,omitempty"` + + // namespaceSelector is used to filter the set of namespaces serviced by the + // ingress controller. This is useful for implementing shards. + // + // If unset, the default is no filtering. + // + // +optional + NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` + + // routeSelector is used to filter the set of Routes serviced by the ingress + // controller. This is useful for implementing shards. + // + // If unset, the default is no filtering. + // + // +optional + RouteSelector *metav1.LabelSelector `json:"routeSelector,omitempty"` + + // nodePlacement enables explicit control over the scheduling of the ingress + // controller. + // + // If unset, defaults are used. See NodePlacement for more details. + // + // +optional + NodePlacement *NodePlacement `json:"nodePlacement,omitempty"` + + // tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. + // + // If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + // + // Note that when using the Old, Intermediate, and Modern profile types, the effective + // profile configuration is subject to change between releases. For example, given + // a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade + // to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress + // controller, resulting in a rollout. + // + // +optional + TLSSecurityProfile *configv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + + // clientTLS specifies settings for requesting and verifying client + // certificates, which can be used to enable mutual TLS for + // edge-terminated and reencrypt routes. + // + // +optional + ClientTLS ClientTLS `json:"clientTLS"` + + // routeAdmission defines a policy for handling new route claims (for example, + // to allow or deny claims across namespaces). + // + // If empty, defaults will be applied. See specific routeAdmission fields + // for details about their defaults. + // + // +optional + RouteAdmission *RouteAdmissionPolicy `json:"routeAdmission,omitempty"` + + // logging defines parameters for what should be logged where. If this + // field is empty, operational logs are enabled but access logs are + // disabled. + // + // +optional + Logging *IngressControllerLogging `json:"logging,omitempty"` + + // httpHeaders defines policy for HTTP headers. + // + // If this field is empty, the default values are used. + // + // +optional + HTTPHeaders *IngressControllerHTTPHeaders `json:"httpHeaders,omitempty"` + + // httpEmptyRequestsPolicy describes how HTTP connections should be + // handled if the connection times out before a request is received. + // Allowed values for this field are "Respond" and "Ignore". If the + // field is set to "Respond", the ingress controller sends an HTTP 400 + // or 408 response, logs the connection (if access logging is enabled), + // and counts the connection in the appropriate metrics. If the field + // is set to "Ignore", the ingress controller closes the connection + // without sending a response, logging the connection, or incrementing + // metrics. The default value is "Respond". + // + // Typically, these connections come from load balancers' health probes + // or Web browsers' speculative connections ("preconnect") and can be + // safely ignored. However, these requests may also be caused by + // network errors, and so setting this field to "Ignore" may impede + // detection and diagnosis of problems. In addition, these requests may + // be caused by port scans, in which case logging empty requests may aid + // in detecting intrusion attempts. + // + // +optional + // +kubebuilder:default:="Respond" + HTTPEmptyRequestsPolicy HTTPEmptyRequestsPolicy `json:"httpEmptyRequestsPolicy,omitempty"` + + // tuningOptions defines parameters for adjusting the performance of + // ingress controller pods. All fields are optional and will use their + // respective defaults if not set. See specific tuningOptions fields for + // more details. + // + // Setting fields within tuningOptions is generally not recommended. The + // default values are suitable for most configurations. + // + // +optional + TuningOptions IngressControllerTuningOptions `json:"tuningOptions,omitempty"` + + // unsupportedConfigOverrides allows specifying unsupported + // configuration options. Its use is unsupported. + // + // +optional + // +nullable + // +kubebuilder:pruning:PreserveUnknownFields + UnsupportedConfigOverrides runtime.RawExtension `json:"unsupportedConfigOverrides"` + + // httpCompression defines a policy for HTTP traffic compression. + // By default, there is no HTTP compression. + // + // +optional + HTTPCompression HTTPCompressionPolicy `json:"httpCompression,omitempty"` +} + +// httpCompressionPolicy turns on compression for the specified MIME types. +// +// This field is optional, and its absence implies that compression should not be enabled +// globally in HAProxy. +// +// If httpCompressionPolicy exists, compression should be enabled only for the specified +// MIME types. +type HTTPCompressionPolicy struct { + // mimeTypes is a list of MIME types that should have compression applied. + // This list can be empty, in which case the ingress controller does not apply compression. + // + // Note: Not all MIME types benefit from compression, but HAProxy will still use resources + // to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) + // formats benefit from compression, but formats that are already compressed (image, + // audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing + // again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 + // + // +listType=set + MimeTypes []CompressionMIMEType `json:"mimeTypes,omitempty"` +} + +// CompressionMIMEType defines the format of a single MIME type. +// E.g. "text/css; charset=utf-8", "text/html", "text/*", "image/svg+xml", +// "application/octet-stream", "X-custom/customsub", etc. +// +// The format should follow the Content-Type definition in RFC 1341: +// Content-Type := type "/" subtype *[";" parameter] +// - The type in Content-Type can be one of: +// application, audio, image, message, multipart, text, video, or a custom +// type preceded by "X-" and followed by a token as defined below. +// - The token is a string of at least one character, and not containing white +// space, control characters, or any of the characters in the tspecials set. +// - The tspecials set contains the characters ()<>@,;:\"/[]?.= +// - The subtype in Content-Type is also a token. +// - The optional parameter/s following the subtype are defined as: +// token "=" (token / quoted-string) +// - The quoted-string, as defined in RFC 822, is surrounded by double quotes +// and can contain white space plus any character EXCEPT \, ", and CR. +// It can also contain any single ASCII character as long as it is escaped by \. +// +// +kubebuilder:validation:Pattern=`^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$` +type CompressionMIMEType string + +// NodePlacement describes node scheduling configuration for an ingress +// controller. +type NodePlacement struct { + // nodeSelector is the node selector applied to ingress controller + // deployments. + // + // If set, the specified selector is used and replaces the default. + // + // If unset, the default depends on the value of the defaultPlacement + // field in the cluster config.openshift.io/v1/ingresses status. + // + // When defaultPlacement is Workers, the default is: + // + // kubernetes.io/os: linux + // node-role.kubernetes.io/worker: '' + // + // When defaultPlacement is ControlPlane, the default is: + // + // kubernetes.io/os: linux + // node-role.kubernetes.io/master: '' + // + // These defaults are subject to change. + // + // Note that using nodeSelector.matchExpressions is not supported. Only + // nodeSelector.matchLabels may be used. This is a limitation of the + // Kubernetes API: the pod spec does not allow complex expressions for + // node selectors. + // + // +optional + NodeSelector *metav1.LabelSelector `json:"nodeSelector,omitempty"` + + // tolerations is a list of tolerations applied to ingress controller + // deployments. + // + // The default is an empty list. + // + // See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + // + // +optional + // +listType=atomic + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` +} + +// EndpointPublishingStrategyType is a way to publish ingress controller endpoints. +// +kubebuilder:validation:Enum=LoadBalancerService;HostNetwork;Private;NodePortService +type EndpointPublishingStrategyType string + +const ( + // LoadBalancerService publishes the ingress controller using a Kubernetes + // LoadBalancer Service. + LoadBalancerServiceStrategyType EndpointPublishingStrategyType = "LoadBalancerService" + + // HostNetwork publishes the ingress controller on node ports where the + // ingress controller is deployed. + HostNetworkStrategyType EndpointPublishingStrategyType = "HostNetwork" + + // Private does not publish the ingress controller. + PrivateStrategyType EndpointPublishingStrategyType = "Private" + + // NodePortService publishes the ingress controller using a Kubernetes NodePort Service. + NodePortServiceStrategyType EndpointPublishingStrategyType = "NodePortService" +) + +// LoadBalancerScope is the scope at which a load balancer is exposed. +// +kubebuilder:validation:Enum=Internal;External +type LoadBalancerScope string + +var ( + // InternalLoadBalancer is a load balancer that is exposed only on the + // cluster's private network. + InternalLoadBalancer LoadBalancerScope = "Internal" + + // ExternalLoadBalancer is a load balancer that is exposed on the + // cluster's public network (which is typically on the Internet). + ExternalLoadBalancer LoadBalancerScope = "External" +) + +// CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" +// or "fd00::/8"). +// +kubebuilder:validation:Pattern=`(^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$)` +// + --- +// + The regex for the IPv4 CIDR range was taken from other CIDR fields in the OpenShift API +// + and the one for the IPv6 CIDR range was taken from +// + https://blog.markhatton.co.uk/2011/03/15/regular-expressions-for-ip-addresses-cidr-ranges-and-hostnames/ +// + The resulting regex is an OR of both regexes. +type CIDR string + +// LoadBalancerStrategy holds parameters for a load balancer. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=SetEIPForNLBIngressController,rule="!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)",message="eipAllocations are forbidden when the scope is Internal." +// +kubebuilder:validation:XValidation:rule=`!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) || self.providerParameters.openstack.floatingIP == ""`,message="cannot specify a floating ip when scope is internal" +type LoadBalancerStrategy struct { + // scope indicates the scope at which the load balancer is exposed. + // Possible values are "External" and "Internal". + // + // +kubebuilder:validation:Required + // +required + Scope LoadBalancerScope `json:"scope"` + + // allowedSourceRanges specifies an allowlist of IP address ranges to which + // access to the load balancer should be restricted. Each range must be + // specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + // specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + // which allows all source addresses. + // + // To facilitate migration from earlier versions of OpenShift that did + // not have the allowedSourceRanges field, you may set the + // service.beta.kubernetes.io/load-balancer-source-ranges annotation on + // the "router-" service in the + // "openshift-ingress" namespace, and this annotation will take + // effect if allowedSourceRanges is empty on OpenShift 4.12. + // + // +nullable + // +optional + // +listType=atomic + AllowedSourceRanges []CIDR `json:"allowedSourceRanges,omitempty"` + + // providerParameters holds desired load balancer information specific to + // the underlying infrastructure provider. + // + // If empty, defaults will be applied. See specific providerParameters + // fields for details about their defaults. + // + // +optional + ProviderParameters *ProviderLoadBalancerParameters `json:"providerParameters,omitempty"` + + // dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + // associated with the load balancer service will be managed by + // the ingress operator. It defaults to Managed. + // Valid values are: Managed and Unmanaged. + // + // +kubebuilder:default:="Managed" + // +kubebuilder:validation:Required + // +default="Managed" + DNSManagementPolicy LoadBalancerDNSManagementPolicy `json:"dnsManagementPolicy,omitempty"` +} + +// LoadBalancerDNSManagementPolicy is a policy for configuring how +// ingresscontrollers manage DNS. +// +// +kubebuilder:validation:Enum=Managed;Unmanaged +type LoadBalancerDNSManagementPolicy string + +const ( + // ManagedLoadBalancerDNS specifies that the operator manages + // a wildcard DNS record for the ingresscontroller. + ManagedLoadBalancerDNS LoadBalancerDNSManagementPolicy = "Managed" + // UnmanagedLoadBalancerDNS specifies that the operator does not manage + // any wildcard DNS record for the ingresscontroller. + UnmanagedLoadBalancerDNS LoadBalancerDNSManagementPolicy = "Unmanaged" +) + +// ProviderLoadBalancerParameters holds desired load balancer information +// specific to the underlying infrastructure provider. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'OpenStack' ? true : !has(self.openstack)",message="openstack is not permitted when type is not OpenStack" +// +union +type ProviderLoadBalancerParameters struct { + // type is the underlying infrastructure provider for the load balancer. + // Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + // "OpenStack", and "VSphere". + // + // +unionDiscriminator + // +kubebuilder:validation:Required + // +required + Type LoadBalancerProviderType `json:"type"` + + // aws provides configuration settings that are specific to AWS + // load balancers. + // + // If empty, defaults will be applied. See specific aws fields for + // details about their defaults. + // + // +optional + AWS *AWSLoadBalancerParameters `json:"aws,omitempty"` + + // gcp provides configuration settings that are specific to GCP + // load balancers. + // + // If empty, defaults will be applied. See specific gcp fields for + // details about their defaults. + // + // +optional + GCP *GCPLoadBalancerParameters `json:"gcp,omitempty"` + + // ibm provides configuration settings that are specific to IBM Cloud + // load balancers. + // + // If empty, defaults will be applied. See specific ibm fields for + // details about their defaults. + // + // +optional + IBM *IBMLoadBalancerParameters `json:"ibm,omitempty"` + + // openstack provides configuration settings that are specific to OpenStack + // load balancers. + // + // If empty, defaults will be applied. See specific openstack fields for + // details about their defaults. + // + // +optional + OpenStack *OpenStackLoadBalancerParameters `json:"openstack,omitempty"` +} + +// LoadBalancerProviderType is the underlying infrastructure provider for the +// load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", +// "OpenStack", and "VSphere". +// +// +kubebuilder:validation:Enum=AWS;Azure;BareMetal;GCP;Nutanix;OpenStack;VSphere;IBM +type LoadBalancerProviderType string + +const ( + AWSLoadBalancerProvider LoadBalancerProviderType = "AWS" + AzureLoadBalancerProvider LoadBalancerProviderType = "Azure" + GCPLoadBalancerProvider LoadBalancerProviderType = "GCP" + OpenStackLoadBalancerProvider LoadBalancerProviderType = "OpenStack" + VSphereLoadBalancerProvider LoadBalancerProviderType = "VSphere" + IBMLoadBalancerProvider LoadBalancerProviderType = "IBM" + BareMetalLoadBalancerProvider LoadBalancerProviderType = "BareMetal" + AlibabaCloudLoadBalancerProvider LoadBalancerProviderType = "AlibabaCloud" + NutanixLoadBalancerProvider LoadBalancerProviderType = "Nutanix" +) + +// AWSLoadBalancerParameters provides configuration settings that are +// specific to AWS load balancers. +// +union +type AWSLoadBalancerParameters struct { + // type is the type of AWS load balancer to instantiate for an ingresscontroller. + // + // Valid values are: + // + // * "Classic": A Classic Load Balancer that makes routing decisions at either + // the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + // the following for additional details: + // + // https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + // + // * "NLB": A Network Load Balancer that makes routing decisions at the + // transport layer (TCP/SSL). See the following for additional details: + // + // https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + // + // +unionDiscriminator + // +kubebuilder:validation:Required + // +required + Type AWSLoadBalancerType `json:"type"` + + // classicLoadBalancerParameters holds configuration parameters for an AWS + // classic load balancer. Present only if type is Classic. + // + // +optional + ClassicLoadBalancerParameters *AWSClassicLoadBalancerParameters `json:"classicLoadBalancer,omitempty"` + + // networkLoadBalancerParameters holds configuration parameters for an AWS + // network load balancer. Present only if type is NLB. + // + // +optional + NetworkLoadBalancerParameters *AWSNetworkLoadBalancerParameters `json:"networkLoadBalancer,omitempty"` +} + +// AWSLoadBalancerType is the type of AWS load balancer to instantiate. +// +kubebuilder:validation:Enum=Classic;NLB +type AWSLoadBalancerType string + +const ( + AWSClassicLoadBalancer AWSLoadBalancerType = "Classic" + AWSNetworkLoadBalancer AWSLoadBalancerType = "NLB" +) + +// AWSSubnets contains a list of references to AWS subnets by +// ID or name. +// +kubebuilder:validation:XValidation:rule=`has(self.ids) && has(self.names) ? size(self.ids + self.names) <= 10 : true`,message="the total number of subnets cannot exceed 10" +// +kubebuilder:validation:XValidation:rule=`has(self.ids) && self.ids.size() > 0 || has(self.names) && self.names.size() > 0`,message="must specify at least 1 subnet name or id" +type AWSSubnets struct { + // ids specifies a list of AWS subnets by subnet ID. + // Subnet IDs must start with "subnet-", consist only + // of alphanumeric characters, must be exactly 24 + // characters long, must be unique, and the total + // number of subnets specified by ids and names + // must not exceed 10. + // + // +optional + // +listType=atomic + // +kubebuilder:validation:XValidation:rule=`self.all(x, self.exists_one(y, x == y))`,message="subnet ids cannot contain duplicates" + // + Note: Though it may seem redundant, MaxItems is necessary to prevent exceeding of the cost budget for the validation rules. + // +kubebuilder:validation:MaxItems=10 + IDs []AWSSubnetID `json:"ids,omitempty"` + + // names specifies a list of AWS subnets by subnet name. + // Subnet names must not start with "subnet-", must not + // include commas, must be under 256 characters in length, + // must be unique, and the total number of subnets + // specified by ids and names must not exceed 10. + // + // +optional + // +listType=atomic + // +kubebuilder:validation:XValidation:rule=`self.all(x, self.exists_one(y, x == y))`,message="subnet names cannot contain duplicates" + // + Note: Though it may seem redundant, MaxItems is necessary to prevent exceeding of the cost budget for the validation rules. + // +kubebuilder:validation:MaxItems=10 + Names []AWSSubnetName `json:"names,omitempty"` +} + +// AWSSubnetID is a reference to an AWS subnet ID. +// +kubebuilder:validation:MinLength=24 +// +kubebuilder:validation:MaxLength=24 +// +kubebuilder:validation:Pattern=`^subnet-[0-9A-Za-z]+$` +type AWSSubnetID string + +// AWSSubnetName is a reference to an AWS subnet name. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=256 +// +kubebuilder:validation:XValidation:rule=`!self.contains(',')`,message="subnet name cannot contain a comma" +// +kubebuilder:validation:XValidation:rule=`!self.startsWith('subnet-')`,message="subnet name cannot start with 'subnet-'" +type AWSSubnetName string + +// GCPLoadBalancerParameters provides configuration settings that are +// specific to GCP load balancers. +type GCPLoadBalancerParameters struct { + // clientAccess describes how client access is restricted for internal + // load balancers. + // + // Valid values are: + // * "Global": Specifying an internal load balancer with Global client access + // allows clients from any region within the VPC to communicate with the load + // balancer. + // + // https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + // + // * "Local": Specifying an internal load balancer with Local client access + // means only clients within the same region (and VPC) as the GCP load balancer + // can communicate with the load balancer. Note that this is the default behavior. + // + // https://cloud.google.com/load-balancing/docs/internal#client_access + // + // +optional + ClientAccess GCPClientAccess `json:"clientAccess,omitempty"` +} + +// GCPClientAccess describes how client access is restricted for internal +// load balancers. +// +kubebuilder:validation:Enum=Global;Local +type GCPClientAccess string + +const ( + GCPGlobalAccess GCPClientAccess = "Global" + GCPLocalAccess GCPClientAccess = "Local" +) + +// IBMLoadBalancerParameters provides configuration settings that are +// specific to IBM Cloud load balancers. +type IBMLoadBalancerParameters struct { + // protocol specifies whether the load balancer uses PROXY protocol to forward connections to + // the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + // "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + // + // PROXY protocol can be used with load balancers that support it to + // communicate the source addresses of client connections when + // forwarding those connections to the IngressController. Using PROXY + // protocol enables the IngressController to report those source + // addresses instead of reporting the load balancer's address in HTTP + // headers and logs. Note that enabling PROXY protocol on the + // IngressController will cause connections to fail if you are not using + // a load balancer that uses PROXY protocol to forward connections to + // the IngressController. See + // http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + // information about PROXY protocol. + // + // Valid values for protocol are TCP, PROXY and omitted. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default is TCP, without the proxy protocol enabled. + // + // +optional + Protocol IngressControllerProtocol `json:"protocol,omitempty"` +} + +// OpenStackLoadBalancerParameters provides configuration settings that are +// specific to OpenStack load balancers. +type OpenStackLoadBalancerParameters struct { + // loadBalancerIP is tombstoned since the field was replaced by floatingIP. + // LoadBalancerIP string `json:"loadBalancerIP,omitempty"` + + // floatingIP specifies the IP address that the load balancer will use. + // When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + // When specified, the floating IP has to be pre-created. If the + // specified value is not a floating IP or is already claimed, the + // OpenStack cloud provider won't be able to provision the load + // balancer. + // This field may only be used if the IngressController has External scope. + // This value must be a valid IPv4 or IPv6 address. + // + --- + // + Note: this field is meant to be set by the ingress controller + // + to populate the `Service.Spec.LoadBalancerIP` field which has been + // + deprecated in Kubernetes: + // + https://github.com/kubernetes/kubernetes/pull/107235 + // + However, the field is still used by cloud-provider-openstack to reconcile + // + the floating IP that we attach to the external load balancer. + // + // +kubebuilder:validation:XValidation:rule="isIP(self)",message="floatingIP must be a valid IPv4 or IPv6 address" + // +optional + FloatingIP string `json:"floatingIP,omitempty"` +} + +// AWSClassicLoadBalancerParameters holds configuration parameters for an +// AWS Classic load balancer. +type AWSClassicLoadBalancerParameters struct { + // connectionIdleTimeout specifies the maximum time period that a + // connection may be idle before the load balancer closes the + // connection. The value must be parseable as a time duration value; + // see . A nil or zero value + // means no opinion, in which case a default value is used. The default + // value for this field is 60s. This default is subject to change. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ConnectionIdleTimeout metav1.Duration `json:"connectionIdleTimeout,omitempty"` + + // subnets specifies the subnets to which the load balancer will + // attach. The subnets may be specified by either their + // ID or name. The total number of subnets is limited to 10. + // + // In order for the load balancer to be provisioned with subnets, + // each subnet must exist, each subnet must be from a different + // availability zone, and the load balancer service must be + // recreated to pick up new values. + // + // When omitted from the spec, the subnets will be auto-discovered + // for each availability zone. Auto-discovered subnets are not reported + // in the status of the IngressController object. + // + // +optional + // +openshift:enable:FeatureGate=IngressControllerLBSubnetsAWS + Subnets *AWSSubnets `json:"subnets,omitempty"` +} + +// AWSNetworkLoadBalancerParameters holds configuration parameters for an +// AWS Network load balancer. For Example: Setting AWS EIPs https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html +// +openshift:validation:FeatureGateAwareXValidation:featureGate=SetEIPForNLBIngressController,rule=`has(self.subnets) && has(self.subnets.ids) && has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids + self.subnets.names) == size(self.eipAllocations) : true`,message="number of subnets must be equal to number of eipAllocations" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=SetEIPForNLBIngressController,rule=`has(self.subnets) && has(self.subnets.ids) && !has(self.subnets.names) && has(self.eipAllocations) ? size(self.subnets.ids) == size(self.eipAllocations) : true`,message="number of subnets must be equal to number of eipAllocations" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=SetEIPForNLBIngressController,rule=`has(self.subnets) && has(self.subnets.names) && !has(self.subnets.ids) && has(self.eipAllocations) ? size(self.subnets.names) == size(self.eipAllocations) : true`,message="number of subnets must be equal to number of eipAllocations" +type AWSNetworkLoadBalancerParameters struct { + // subnets specifies the subnets to which the load balancer will + // attach. The subnets may be specified by either their + // ID or name. The total number of subnets is limited to 10. + // + // In order for the load balancer to be provisioned with subnets, + // each subnet must exist, each subnet must be from a different + // availability zone, and the load balancer service must be + // recreated to pick up new values. + // + // When omitted from the spec, the subnets will be auto-discovered + // for each availability zone. Auto-discovered subnets are not reported + // in the status of the IngressController object. + // + // +optional + // +openshift:enable:FeatureGate=IngressControllerLBSubnetsAWS + Subnets *AWSSubnets `json:"subnets,omitempty"` + + // eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + // are assigned to the Network Load Balancer. + // The following restrictions apply: + // + // eipAllocations can only be used with external scope, not internal. + // An EIP can be allocated to only a single IngressController. + // The number of EIP allocations must match the number of subnets that are used for the load balancer. + // Each EIP allocation must be unique. + // A maximum of 10 EIP allocations are permitted. + // + // See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + // information about configuration, characteristics, and limitations of Elastic IP addresses. + // + // +openshift:enable:FeatureGate=SetEIPForNLBIngressController + // +optional + // +listType=atomic + // +kubebuilder:validation:XValidation:rule=`self.all(x, self.exists_one(y, x == y))`,message="eipAllocations cannot contain duplicates" + // +kubebuilder:validation:MaxItems=10 + EIPAllocations []EIPAllocation `json:"eipAllocations"` +} + +// EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. +// Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. +// + Explanation of the regex `^eipalloc-[0-9a-fA-F]{17}$` for validating value of the EIPAllocation: +// + ^eipalloc- ensures the string starts with "eipalloc-". +// + [0-9a-fA-F]{17} matches exactly 17 hexadecimal characters (0-9, a-f, A-F). +// + $ ensures the string ends after the 17 hexadecimal characters. +// + Example of Valid and Invalid values: +// + eipalloc-1234567890abcdef1 is valid. +// + eipalloc-1234567890abcde is not valid (too short). +// + eipalloc-1234567890abcdefg is not valid (contains a non-hex character 'g'). +// + Max length is calculated as follows: +// + eipalloc- = 9 chars and 17 hexadecimal chars after `-` +// + So, total is 17 + 9 = 26 chars required for value of an EIPAllocation. +// +// +kubebuilder:validation:MinLength=26 +// +kubebuilder:validation:MaxLength=26 +// +kubebuilder:validation:XValidation:rule=`self.startsWith('eipalloc-')`,message="eipAllocations should start with 'eipalloc-'" +// +kubebuilder:validation:XValidation:rule=`self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$')`,message="eipAllocations must be 'eipalloc-' followed by exactly 17 hexadecimal characters (0-9, a-f, A-F)" +type EIPAllocation string + +// HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing +// strategy. +type HostNetworkStrategy struct { + // protocol specifies whether the IngressController expects incoming + // connections to use plain TCP or whether the IngressController expects + // PROXY protocol. + // + // PROXY protocol can be used with load balancers that support it to + // communicate the source addresses of client connections when + // forwarding those connections to the IngressController. Using PROXY + // protocol enables the IngressController to report those source + // addresses instead of reporting the load balancer's address in HTTP + // headers and logs. Note that enabling PROXY protocol on the + // IngressController will cause connections to fail if you are not using + // a load balancer that uses PROXY protocol to forward connections to + // the IngressController. See + // http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + // information about PROXY protocol. + // + // The following values are valid for this field: + // + // * The empty string. + // * "TCP". + // * "PROXY". + // + // The empty string specifies the default, which is TCP without PROXY + // protocol. Note that the default is subject to change. + // + // +kubebuilder:validation:Optional + // +optional + Protocol IngressControllerProtocol `json:"protocol,omitempty"` + + // httpPort is the port on the host which should be used to listen for + // HTTP requests. This field should be set when port 80 is already in use. + // The value should not coincide with the NodePort range of the cluster. + // When the value is 0 or is not specified it defaults to 80. + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Maximum=65535 + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:default=80 + // +optional + HTTPPort int32 `json:"httpPort,omitempty"` + + // httpsPort is the port on the host which should be used to listen for + // HTTPS requests. This field should be set when port 443 is already in use. + // The value should not coincide with the NodePort range of the cluster. + // When the value is 0 or is not specified it defaults to 443. + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Maximum=65535 + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:default=443 + // +optional + HTTPSPort int32 `json:"httpsPort,omitempty"` + + // statsPort is the port on the host where the stats from the router are + // published. The value should not coincide with the NodePort range of the + // cluster. If an external load balancer is configured to forward connections + // to this IngressController, the load balancer should use this port for + // health checks. The load balancer can send HTTP probes on this port on a + // given node, with the path /healthz/ready to determine if the ingress + // controller is ready to receive traffic on the node. For proper operation + // the load balancer must not forward traffic to a node until the health + // check reports ready. The load balancer should also stop forwarding requests + // within a maximum of 45 seconds after /healthz/ready starts reporting + // not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + // a threshold of two successful or failed requests to become healthy or + // unhealthy respectively, are well-tested values. When the value is 0 or + // is not specified it defaults to 1936. + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Maximum=65535 + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:default=1936 + // +optional + StatsPort int32 `json:"statsPort,omitempty"` +} + +// PrivateStrategy holds parameters for the Private endpoint publishing +// strategy. +type PrivateStrategy struct { + // protocol specifies whether the IngressController expects incoming + // connections to use plain TCP or whether the IngressController expects + // PROXY protocol. + // + // PROXY protocol can be used with load balancers that support it to + // communicate the source addresses of client connections when + // forwarding those connections to the IngressController. Using PROXY + // protocol enables the IngressController to report those source + // addresses instead of reporting the load balancer's address in HTTP + // headers and logs. Note that enabling PROXY protocol on the + // IngressController will cause connections to fail if you are not using + // a load balancer that uses PROXY protocol to forward connections to + // the IngressController. See + // http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + // information about PROXY protocol. + // + // The following values are valid for this field: + // + // * The empty string. + // * "TCP". + // * "PROXY". + // + // The empty string specifies the default, which is TCP without PROXY + // protocol. Note that the default is subject to change. + // + // +kubebuilder:validation:Optional + // +optional + Protocol IngressControllerProtocol `json:"protocol,omitempty"` +} + +// NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy. +type NodePortStrategy struct { + // protocol specifies whether the IngressController expects incoming + // connections to use plain TCP or whether the IngressController expects + // PROXY protocol. + // + // PROXY protocol can be used with load balancers that support it to + // communicate the source addresses of client connections when + // forwarding those connections to the IngressController. Using PROXY + // protocol enables the IngressController to report those source + // addresses instead of reporting the load balancer's address in HTTP + // headers and logs. Note that enabling PROXY protocol on the + // IngressController will cause connections to fail if you are not using + // a load balancer that uses PROXY protocol to forward connections to + // the IngressController. See + // http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + // information about PROXY protocol. + // + // The following values are valid for this field: + // + // * The empty string. + // * "TCP". + // * "PROXY". + // + // The empty string specifies the default, which is TCP without PROXY + // protocol. Note that the default is subject to change. + // + // +kubebuilder:validation:Optional + // +optional + Protocol IngressControllerProtocol `json:"protocol,omitempty"` +} + +// IngressControllerProtocol specifies whether PROXY protocol is enabled or not. +// +kubebuilder:validation:Enum="";TCP;PROXY +type IngressControllerProtocol string + +const ( + DefaultProtocol IngressControllerProtocol = "" + TCPProtocol IngressControllerProtocol = "TCP" + ProxyProtocol IngressControllerProtocol = "PROXY" +) + +// EndpointPublishingStrategy is a way to publish the endpoints of an +// IngressController, and represents the type and any additional configuration +// for a specific type. +// +union +type EndpointPublishingStrategy struct { + // type is the publishing strategy to use. Valid values are: + // + // * LoadBalancerService + // + // Publishes the ingress controller using a Kubernetes LoadBalancer Service. + // + // In this configuration, the ingress controller deployment uses container + // networking. A LoadBalancer Service is created to publish the deployment. + // + // See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + // + // If domain is set, a wildcard DNS record will be managed to point at the + // LoadBalancer Service's external name. DNS records are managed only in DNS + // zones defined by dns.config.openshift.io/cluster .spec.publicZone and + // .spec.privateZone. + // + // Wildcard DNS management is currently supported only on the AWS, Azure, + // and GCP platforms. + // + // * HostNetwork + // + // Publishes the ingress controller on node ports where the ingress controller + // is deployed. + // + // In this configuration, the ingress controller deployment uses host + // networking, bound to node ports 80 and 443. The user is responsible for + // configuring an external load balancer to publish the ingress controller via + // the node ports. + // + // * Private + // + // Does not publish the ingress controller. + // + // In this configuration, the ingress controller deployment uses container + // networking, and is not explicitly published. The user must manually publish + // the ingress controller. + // + // * NodePortService + // + // Publishes the ingress controller using a Kubernetes NodePort Service. + // + // In this configuration, the ingress controller deployment uses container + // networking. A NodePort Service is created to publish the deployment. The + // specific node ports are dynamically allocated by OpenShift; however, to + // support static port allocations, user changes to the node port + // field of the managed NodePort Service will preserved. + // + // +unionDiscriminator + // +kubebuilder:validation:Required + // +required + Type EndpointPublishingStrategyType `json:"type"` + + // loadBalancer holds parameters for the load balancer. Present only if + // type is LoadBalancerService. + // +optional + LoadBalancer *LoadBalancerStrategy `json:"loadBalancer,omitempty"` + + // hostNetwork holds parameters for the HostNetwork endpoint publishing + // strategy. Present only if type is HostNetwork. + // +optional + HostNetwork *HostNetworkStrategy `json:"hostNetwork,omitempty"` + + // private holds parameters for the Private endpoint publishing + // strategy. Present only if type is Private. + // +optional + Private *PrivateStrategy `json:"private,omitempty"` + + // nodePort holds parameters for the NodePortService endpoint publishing strategy. + // Present only if type is NodePortService. + // +optional + NodePort *NodePortStrategy `json:"nodePort,omitempty"` +} + +// ClientCertificatePolicy describes the policy for client certificates. +// +kubebuilder:validation:Enum="";Required;Optional +type ClientCertificatePolicy string + +const ( + // ClientCertificatePolicyRequired indicates that a client certificate + // should be required. + ClientCertificatePolicyRequired ClientCertificatePolicy = "Required" + + // ClientCertificatePolicyOptional indicates that a client certificate + // should be requested but not required. + ClientCertificatePolicyOptional ClientCertificatePolicy = "Optional" +) + +// ClientTLS specifies TLS configuration to enable client-to-server +// authentication, which can be used for mutual TLS. +type ClientTLS struct { + // clientCertificatePolicy specifies whether the ingress controller + // requires clients to provide certificates. This field accepts the + // values "Required" or "Optional". + // + // Note that the ingress controller only checks client certificates for + // edge-terminated and reencrypt TLS routes; it cannot check + // certificates for cleartext HTTP or passthrough TLS routes. + // + // +kubebuilder:validation:Required + // +required + ClientCertificatePolicy ClientCertificatePolicy `json:"clientCertificatePolicy"` + + // clientCA specifies a configmap containing the PEM-encoded CA + // certificate bundle that should be used to verify a client's + // certificate. The administrator must create this configmap in the + // openshift-config namespace. + // + // +kubebuilder:validation:Required + // +required + ClientCA configv1.ConfigMapNameReference `json:"clientCA"` + + // allowedSubjectPatterns specifies a list of regular expressions that + // should be matched against the distinguished name on a valid client + // certificate to filter requests. The regular expressions must use + // PCRE syntax. If this list is empty, no filtering is performed. If + // the list is nonempty, then at least one pattern must match a client + // certificate's distinguished name or else the ingress controller + // rejects the certificate and denies the connection. + // + // +listType=atomic + // +optional + AllowedSubjectPatterns []string `json:"allowedSubjectPatterns,omitempty"` +} + +// RouteAdmissionPolicy is an admission policy for allowing new route claims. +type RouteAdmissionPolicy struct { + // namespaceOwnership describes how host name claims across namespaces should + // be handled. + // + // Value must be one of: + // + // - Strict: Do not allow routes in different namespaces to claim the same host. + // + // - InterNamespaceAllowed: Allow routes to claim different paths of the same + // host name across namespaces. + // + // If empty, the default is Strict. + // +optional + NamespaceOwnership NamespaceOwnershipCheck `json:"namespaceOwnership,omitempty"` + // wildcardPolicy describes how routes with wildcard policies should + // be handled for the ingress controller. WildcardPolicy controls use + // of routes [1] exposed by the ingress controller based on the route's + // wildcard policy. + // + // [1] https://github.com/openshift/api/blob/master/route/v1/types.go + // + // Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + // will cause admitted routes with a wildcard policy of Subdomain to stop + // working. These routes must be updated to a wildcard policy of None to be + // readmitted by the ingress controller. + // + // WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + // + // If empty, defaults to "WildcardsDisallowed". + // + WildcardPolicy WildcardPolicy `json:"wildcardPolicy,omitempty"` +} + +// WildcardPolicy is a route admission policy component that describes how +// routes with a wildcard policy should be handled. +// +kubebuilder:validation:Enum=WildcardsAllowed;WildcardsDisallowed +type WildcardPolicy string + +const ( + // WildcardPolicyAllowed indicates routes with any wildcard policy are + // admitted by the ingress controller. + WildcardPolicyAllowed WildcardPolicy = "WildcardsAllowed" + + // WildcardPolicyDisallowed indicates only routes with a wildcard policy + // of None are admitted by the ingress controller. + WildcardPolicyDisallowed WildcardPolicy = "WildcardsDisallowed" +) + +// NamespaceOwnershipCheck is a route admission policy component that describes +// how host name claims across namespaces should be handled. +// +kubebuilder:validation:Enum=InterNamespaceAllowed;Strict +type NamespaceOwnershipCheck string + +const ( + // InterNamespaceAllowedOwnershipCheck allows routes to claim different paths of the same host name across namespaces. + InterNamespaceAllowedOwnershipCheck NamespaceOwnershipCheck = "InterNamespaceAllowed" + + // StrictNamespaceOwnershipCheck does not allow routes to claim the same host name across namespaces. + StrictNamespaceOwnershipCheck NamespaceOwnershipCheck = "Strict" +) + +// LoggingDestinationType is a type of destination to which to send log +// messages. +// +// +kubebuilder:validation:Enum=Container;Syslog +type LoggingDestinationType string + +const ( + // Container sends log messages to a sidecar container. + ContainerLoggingDestinationType LoggingDestinationType = "Container" + + // Syslog sends log messages to a syslog endpoint. + SyslogLoggingDestinationType LoggingDestinationType = "Syslog" + + // ContainerLoggingSidecarContainerName is the name of the container + // with the log output in an ingress controller pod when container + // logging is used. + ContainerLoggingSidecarContainerName = "logs" +) + +// SyslogLoggingDestinationParameters describes parameters for the Syslog +// logging destination type. +type SyslogLoggingDestinationParameters struct { + // address is the IP address of the syslog endpoint that receives log + // messages. + // + // +kubebuilder:validation:Required + // +required + Address string `json:"address"` + + // port is the UDP port number of the syslog endpoint that receives log + // messages. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 + // +required + Port uint32 `json:"port"` + + // facility specifies the syslog facility of log messages. + // + // If this field is empty, the facility is "local1". + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Enum=kern;user;mail;daemon;auth;syslog;lpr;news;uucp;cron;auth2;ftp;ntp;audit;alert;cron2;local0;local1;local2;local3;local4;local5;local6;local7 + // +optional + Facility string `json:"facility,omitempty"` + + // maxLength is the maximum length of the log message. + // + // Valid values are integers in the range 480 to 4096, inclusive. + // + // When omitted, the default value is 1024. + // + // +kubebuilder:validation:Maximum=4096 + // +kubebuilder:validation:Minimum=480 + // +kubebuilder:default=1024 + // +default:=1024 + // +optional + MaxLength uint32 `json:"maxLength,omitempty"` +} + +// ContainerLoggingDestinationParameters describes parameters for the Container +// logging destination type. +type ContainerLoggingDestinationParameters struct { + // maxLength is the maximum length of the log message. + // + // Valid values are integers in the range 480 to 8192, inclusive. + // + // When omitted, the default value is 1024. + // + // +kubebuilder:validation:Maximum=8192 + // +kubebuilder:validation:Minimum=480 + // +kubebuilder:default=1024 + // +default:=1024 + // +optional + MaxLength int32 `json:"maxLength,omitempty"` +} + +// LoggingDestination describes a destination for log messages. +// +union +type LoggingDestination struct { + // type is the type of destination for logs. It must be one of the + // following: + // + // * Container + // + // The ingress operator configures the sidecar container named "logs" on + // the ingress controller pod and configures the ingress controller to + // write logs to the sidecar. The logs are then available as container + // logs. The expectation is that the administrator configures a custom + // logging solution that reads logs from this sidecar. Note that using + // container logs means that logs may be dropped if the rate of logs + // exceeds the container runtime's or the custom logging solution's + // capacity. + // + // * Syslog + // + // Logs are sent to a syslog endpoint. The administrator must specify + // an endpoint that can receive syslog messages. The expectation is + // that the administrator has configured a custom syslog instance. + // + // +unionDiscriminator + // +kubebuilder:validation:Required + // +required + Type LoggingDestinationType `json:"type"` + + // syslog holds parameters for a syslog endpoint. Present only if + // type is Syslog. + // + // +optional + Syslog *SyslogLoggingDestinationParameters `json:"syslog,omitempty"` + + // container holds parameters for the Container logging destination. + // Present only if type is Container. + // + // +optional + Container *ContainerLoggingDestinationParameters `json:"container,omitempty"` +} + +// IngressControllerCaptureHTTPHeader describes an HTTP header that should be +// captured. +type IngressControllerCaptureHTTPHeader struct { + // name specifies a header name. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +required + Name string `json:"name"` + + // maxLength specifies a maximum length for the header value. If a + // header value exceeds this length, the value will be truncated in the + // log message. Note that the ingress controller may impose a separate + // bound on the total length of HTTP headers in a request. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +required + MaxLength int `json:"maxLength"` +} + +// IngressControllerCaptureHTTPHeaders specifies which HTTP headers the +// IngressController captures. +type IngressControllerCaptureHTTPHeaders struct { + // request specifies which HTTP request headers to capture. + // + // If this field is empty, no request headers are captured. + // + // +nullable + // +optional + // +listType=atomic + Request []IngressControllerCaptureHTTPHeader `json:"request,omitempty"` + + // response specifies which HTTP response headers to capture. + // + // If this field is empty, no response headers are captured. + // + // +nullable + // +optional + // +listType=atomic + Response []IngressControllerCaptureHTTPHeader `json:"response,omitempty"` +} + +// CookieMatchType indicates the type of matching used against cookie names to +// select a cookie for capture. +// +kubebuilder:validation:Enum=Exact;Prefix +type CookieMatchType string + +const ( + // CookieMatchTypeExact indicates that an exact string match should be + // performed. + CookieMatchTypeExact CookieMatchType = "Exact" + // CookieMatchTypePrefix indicates that a string prefix match should be + // performed. + CookieMatchTypePrefix CookieMatchType = "Prefix" +) + +// IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be +// captured. +type IngressControllerCaptureHTTPCookie struct { + IngressControllerCaptureHTTPCookieUnion `json:",inline"` + + // maxLength specifies a maximum length of the string that will be + // logged, which includes the cookie name, cookie value, and + // one-character delimiter. If the log entry exceeds this length, the + // value will be truncated in the log message. Note that the ingress + // controller may impose a separate bound on the total length of HTTP + // headers in a request. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1024 + // +required + MaxLength int `json:"maxLength"` +} + +// IngressControllerCaptureHTTPCookieUnion describes optional fields of an HTTP cookie that should be captured. +// +union +type IngressControllerCaptureHTTPCookieUnion struct { + // matchType specifies the type of match to be performed on the cookie + // name. Allowed values are "Exact" for an exact string match and + // "Prefix" for a string prefix match. If "Exact" is specified, a name + // must be specified in the name field. If "Prefix" is provided, a + // prefix must be specified in the namePrefix field. For example, + // specifying matchType "Prefix" and namePrefix "foo" will capture a + // cookie named "foo" or "foobar" but not one named "bar". The first + // matching cookie is captured. + // + // +unionDiscriminator + // +kubebuilder:validation:Required + // +required + MatchType CookieMatchType `json:"matchType,omitempty"` + + // name specifies a cookie name. Its value must be a valid HTTP cookie + // name as defined in RFC 6265 section 4.1. + // + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$" + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=1024 + // +optional + Name string `json:"name"` + + // namePrefix specifies a cookie name prefix. Its value must be a valid + // HTTP cookie name as defined in RFC 6265 section 4.1. + // + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$" + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=1024 + // +optional + NamePrefix string `json:"namePrefix"` +} + +// LoggingPolicy indicates how an event should be logged. +// +kubebuilder:validation:Enum=Log;Ignore +type LoggingPolicy string + +const ( + // LoggingPolicyLog indicates that an event should be logged. + LoggingPolicyLog LoggingPolicy = "Log" + // LoggingPolicyIgnore indicates that an event should not be logged. + LoggingPolicyIgnore LoggingPolicy = "Ignore" +) + +// AccessLogging describes how client requests should be logged. +type AccessLogging struct { + // destination is where access logs go. + // + // +kubebuilder:validation:Required + // +required + Destination LoggingDestination `json:"destination"` + + // httpLogFormat specifies the format of the log message for an HTTP + // request. + // + // If this field is empty, log messages use the implementation's default + // HTTP log format. For HAProxy's default HTTP log format, see the + // HAProxy documentation: + // http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + // + // Note that this format only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). It does not affect the log format for TLS passthrough + // connections. + // + // +optional + HttpLogFormat string `json:"httpLogFormat,omitempty"` + + // httpCaptureHeaders defines HTTP headers that should be captured in + // access logs. If this field is empty, no headers are captured. + // + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be captured for TLS passthrough + // connections. + // + // +optional + HTTPCaptureHeaders IngressControllerCaptureHTTPHeaders `json:"httpCaptureHeaders,omitempty"` + + // httpCaptureCookies specifies HTTP cookies that should be captured in + // access logs. If this field is empty, no cookies are captured. + // + // +nullable + // +optional + // +kubebuilder:validation:MaxItems=1 + // +listType=atomic + HTTPCaptureCookies []IngressControllerCaptureHTTPCookie `json:"httpCaptureCookies,omitempty"` + + // logEmptyRequests specifies how connections on which no request is + // received should be logged. Typically, these empty requests come from + // load balancers' health probes or Web browsers' speculative + // connections ("preconnect"), in which case logging these requests may + // be undesirable. However, these requests may also be caused by + // network errors, in which case logging empty requests may be useful + // for diagnosing the errors. In addition, these requests may be caused + // by port scans, in which case logging empty requests may aid in + // detecting intrusion attempts. Allowed values for this field are + // "Log" and "Ignore". The default value is "Log". + // + // +optional + // +kubebuilder:default:="Log" + LogEmptyRequests LoggingPolicy `json:"logEmptyRequests,omitempty"` +} + +// IngressControllerLogging describes what should be logged where. +type IngressControllerLogging struct { + // access describes how the client requests should be logged. + // + // If this field is empty, access logging is disabled. + // + // +optional + Access *AccessLogging `json:"access,omitempty"` +} + +// IngressControllerHTTPHeaderPolicy is a policy for setting HTTP headers. +// +// +kubebuilder:validation:Enum=Append;Replace;IfNone;Never +type IngressControllerHTTPHeaderPolicy string + +const ( + // AppendHTTPHeaderPolicy appends the header, preserving any existing header. + AppendHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "Append" + // ReplaceHTTPHeaderPolicy sets the header, removing any existing header. + ReplaceHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "Replace" + // IfNoneHTTPHeaderPolicy sets the header if it is not already set. + IfNoneHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "IfNone" + // NeverHTTPHeaderPolicy never sets the header, preserving any existing + // header. + NeverHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "Never" +) + +// IngressControllerHTTPUniqueIdHeaderPolicy describes configuration for a +// unique id header. +type IngressControllerHTTPUniqueIdHeaderPolicy struct { + // name specifies the name of the HTTP header (for example, "unique-id") + // that the ingress controller should inject into HTTP requests. The + // field's value must be a valid HTTP header name as defined in RFC 2616 + // section 4.2. If the field is empty, no header is injected. + // + // +optional + // +kubebuilder:validation:Pattern="^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=1024 + Name string `json:"name,omitempty"` + + // format specifies the format for the injected HTTP header's value. + // This field has no effect unless name is specified. For the + // HAProxy-based ingress controller implementation, this format uses the + // same syntax as the HTTP log format. If the field is empty, the + // default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + // corresponding HAProxy documentation: + // http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + // + // +optional + // +kubebuilder:validation:Pattern="^(%(%|(\\{[-+]?[QXE](,[-+]?[QXE])*\\})?([A-Za-z]+|\\[[.0-9A-Z_a-z]+(\\([^)]+\\))?(,[.0-9A-Z_a-z]+(\\([^)]+\\))?)*\\]))|[^%[:cntrl:]])*$" + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=1024 + Format string `json:"format,omitempty"` +} + +// IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header +// (for example, "X-Forwarded-For") in the desired capitalization. The value +// must be a valid HTTP header name as defined in RFC 2616 section 4.2. +// +// +optional +// +kubebuilder:validation:Pattern="^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" +// +kubebuilder:validation:MinLength=0 +// +kubebuilder:validation:MaxLength=1024 +type IngressControllerHTTPHeaderNameCaseAdjustment string + +// IngressControllerHTTPHeaders specifies how the IngressController handles +// certain HTTP headers. +type IngressControllerHTTPHeaders struct { + // forwardedHeaderPolicy specifies when and how the IngressController + // sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + // X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version + // HTTP headers. The value may be one of the following: + // + // * "Append", which specifies that the IngressController appends the + // headers, preserving existing headers. + // + // * "Replace", which specifies that the IngressController sets the + // headers, replacing any existing Forwarded or X-Forwarded-* headers. + // + // * "IfNone", which specifies that the IngressController sets the + // headers if they are not already set. + // + // * "Never", which specifies that the IngressController never sets the + // headers, preserving any existing headers. + // + // By default, the policy is "Append". + // + // +optional + ForwardedHeaderPolicy IngressControllerHTTPHeaderPolicy `json:"forwardedHeaderPolicy,omitempty"` + + // uniqueId describes configuration for a custom HTTP header that the + // ingress controller should inject into incoming HTTP requests. + // Typically, this header is configured to have a value that is unique + // to the HTTP request. The header can be used by applications or + // included in access logs to facilitate tracing individual HTTP + // requests. + // + // If this field is empty, no such header is injected into requests. + // + // +optional + UniqueId IngressControllerHTTPUniqueIdHeaderPolicy `json:"uniqueId,omitempty"` + + // headerNameCaseAdjustments specifies case adjustments that can be + // applied to HTTP header names. Each adjustment is specified as an + // HTTP header name with the desired capitalization. For example, + // specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + // HTTP header should be adjusted to have the specified capitalization. + // + // These adjustments are only applied to cleartext, edge-terminated, and + // re-encrypt routes, and only when using HTTP/1. + // + // For request headers, these adjustments are applied only for routes + // that have the haproxy.router.openshift.io/h1-adjust-case=true + // annotation. For response headers, these adjustments are applied to + // all HTTP responses. + // + // If this field is empty, no request headers are adjusted. + // + // +nullable + // +optional + // +listType=atomic + HeaderNameCaseAdjustments []IngressControllerHTTPHeaderNameCaseAdjustment `json:"headerNameCaseAdjustments,omitempty"` + + // actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + // may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + // accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // Headers set using this API cannot be captured for use in access logs. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + // +optional + Actions IngressControllerHTTPHeaderActions `json:"actions,omitempty"` +} + +// IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +type IngressControllerHTTPHeaderActions struct { + // response is a list of HTTP response headers to modify. + // Actions defined here will modify the response headers of all requests passing through an ingress controller. + // These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + // IngressController actions for response headers will be executed after Route actions. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + Response []IngressControllerHTTPHeader `json:"response"` + // request is a list of HTTP request headers to modify. + // Actions defined here will modify the request headers of all requests passing through an ingress controller. + // These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + // IngressController actions for request headers will be executed before Route actions. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + Request []IngressControllerHTTPHeader `json:"request"` +} + +// IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. +type IngressControllerHTTPHeader struct { + // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'host'",message="host header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions" + Name string `json:"name"` + // action specifies actions to perform on headers, such as setting or deleting headers. + // +kubebuilder:validation:Required + Action IngressControllerHTTPHeaderActionUnion `json:"action"` +} + +// IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise" +// +union +type IngressControllerHTTPHeaderActionUnion struct { + // type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + // +unionDiscriminator + // +kubebuilder:validation:Enum:=Set;Delete + // +kubebuilder:validation:Required + Type IngressControllerHTTPHeaderActionType `json:"type"` + + // set specifies how the HTTP header should be set. + // This field is required when type is Set and forbidden otherwise. + // +optional + // +unionMember + Set *IngressControllerSetHTTPHeader `json:"set,omitempty"` +} + +// IngressControllerHTTPHeaderActionType defines actions that can be performed on HTTP headers. +type IngressControllerHTTPHeaderActionType string + +const ( + // Set specifies that an HTTP header should be set. + Set IngressControllerHTTPHeaderActionType = "Set" + // Delete specifies that an HTTP header should be deleted. + Delete IngressControllerHTTPHeaderActionType = "Delete" +) + +// IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header. +type IngressControllerSetHTTPHeader struct { + // value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + // + --- + // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit. + // + See . + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16384 + Value string `json:"value"` +} + +// IngressControllerTuningOptions specifies options for tuning the performance +// of ingress controller pods +type IngressControllerTuningOptions struct { + // headerBufferBytes describes how much memory should be reserved + // (in bytes) for IngressController connection sessions. + // Note that this value must be at least 16384 if HTTP/2 is + // enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + // If this field is empty, the IngressController will use a default value + // of 32768 bytes. + // + // Setting this field is generally not recommended as headerBufferBytes + // values that are too small may break the IngressController and + // headerBufferBytes values that are too large could cause the + // IngressController to use significantly more memory than necessary. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=16384 + // +optional + HeaderBufferBytes int32 `json:"headerBufferBytes,omitempty"` + + // headerBufferMaxRewriteBytes describes how much memory should be reserved + // (in bytes) from headerBufferBytes for HTTP header rewriting + // and appending for IngressController connection sessions. + // Note that incoming HTTP requests will be limited to + // (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning + // headerBufferBytes must be greater than headerBufferMaxRewriteBytes. + // If this field is empty, the IngressController will use a default value + // of 8192 bytes. + // + // Setting this field is generally not recommended as + // headerBufferMaxRewriteBytes values that are too small may break the + // IngressController and headerBufferMaxRewriteBytes values that are too + // large could cause the IngressController to use significantly more memory + // than necessary. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=4096 + // +optional + HeaderBufferMaxRewriteBytes int32 `json:"headerBufferMaxRewriteBytes,omitempty"` + + // threadCount defines the number of threads created per HAProxy process. + // Creating more threads allows each ingress controller pod to handle more + // connections, at the cost of more system resources being used. HAProxy + // currently supports up to 64 threads. If this field is empty, the + // IngressController will use the default value. The current default is 4 + // threads, but this may change in future releases. + // + // Setting this field is generally not recommended. Increasing the number + // of HAProxy threads allows ingress controller pods to utilize more CPU + // time under load, potentially starving other pods if set too high. + // Reducing the number of threads may cause the ingress controller to + // perform poorly. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=64 + // +optional + ThreadCount int32 `json:"threadCount,omitempty"` + + // clientTimeout defines how long a connection will be held open while + // waiting for a client response. + // + // If unset, the default timeout is 30s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ClientTimeout *metav1.Duration `json:"clientTimeout,omitempty"` + + // clientFinTimeout defines how long a connection will be held open while + // waiting for the client response to the server/backend closing the + // connection. + // + // If unset, the default timeout is 1s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ClientFinTimeout *metav1.Duration `json:"clientFinTimeout,omitempty"` + + // serverTimeout defines how long a connection will be held open while + // waiting for a server/backend response. + // + // If unset, the default timeout is 30s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ServerTimeout *metav1.Duration `json:"serverTimeout,omitempty"` + + // serverFinTimeout defines how long a connection will be held open while + // waiting for the server/backend response to the client closing the + // connection. + // + // If unset, the default timeout is 1s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ServerFinTimeout *metav1.Duration `json:"serverFinTimeout,omitempty"` + + // tunnelTimeout defines how long a tunnel connection (including + // websockets) will be held open while the tunnel is idle. + // + // If unset, the default timeout is 1h + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + TunnelTimeout *metav1.Duration `json:"tunnelTimeout,omitempty"` + + // ConnectTimeout defines the maximum time to wait for + // a connection attempt to a server/backend to succeed. + // + // This field expects an unsigned duration string of decimal numbers, each with optional + // fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + // Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + // + // When omitted, this means the user has no opinion and the platform is left + // to choose a reasonable default. This default is subject to change over time. + // The current default is 5s. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Pattern=^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + // +kubebuilder:validation:Type:=string + // +optional + ConnectTimeout *metav1.Duration `json:"connectTimeout,omitempty"` + + // tlsInspectDelay defines how long the router can hold data to find a + // matching route. + // + // Setting this too short can cause the router to fall back to the default + // certificate for edge-terminated or reencrypt routes even when a better + // matching certificate could be used. + // + // If unset, the default inspect delay is 5s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + TLSInspectDelay *metav1.Duration `json:"tlsInspectDelay,omitempty"` + + // healthCheckInterval defines how long the router waits between two consecutive + // health checks on its configured backends. This value is applied globally as + // a default for all routes, but may be overridden per-route by the route annotation + // "router.openshift.io/haproxy.health.check.interval". + // + // Expects an unsigned duration string of decimal numbers, each with optional + // fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". + // Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + // + // Setting this to less than 5s can cause excess traffic due to too frequent + // TCP health checks and accompanying SYN packet storms. Alternatively, setting + // this too high can result in increased latency, due to backend servers that are no + // longer available, but haven't yet been detected as such. + // + // An empty or zero healthCheckInterval means no opinion and IngressController chooses + // a default, which is subject to change over time. + // Currently the default healthCheckInterval value is 5s. + // + // Currently the minimum allowed value is 1s and the maximum allowed value is + // 2147483647ms (24.85 days). Both are subject to change over time. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Pattern=^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + // +kubebuilder:validation:Type:=string + // +optional + HealthCheckInterval *metav1.Duration `json:"healthCheckInterval,omitempty"` + + // maxConnections defines the maximum number of simultaneous + // connections that can be established per HAProxy process. + // Increasing this value allows each ingress controller pod to + // handle more connections but at the cost of additional + // system resources being consumed. + // + // Permitted values are: empty, 0, -1, and the range + // 2000-2000000. + // + // If this field is empty or 0, the IngressController will use + // the default value of 50000, but the default is subject to + // change in future releases. + // + // If the value is -1 then HAProxy will dynamically compute a + // maximum value based on the available ulimits in the running + // container. Selecting -1 (i.e., auto) will result in a large + // value being computed (~520000 on OpenShift >=4.10 clusters) + // and therefore each HAProxy process will incur significant + // memory usage compared to the current default of 50000. + // + // Setting a value that is greater than the current operating + // system limit will prevent the HAProxy process from + // starting. + // + // If you choose a discrete value (e.g., 750000) and the + // router pod is migrated to a new node, there's no guarantee + // that that new node has identical ulimits configured. In + // such a scenario the pod would fail to start. If you have + // nodes with different ulimits configured (e.g., different + // tuned profiles) and you choose a discrete value then the + // guidance is to use -1 and let the value be computed + // dynamically at runtime. + // + // You can monitor memory usage for router containers with the + // following metric: + // 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. + // + // You can monitor memory usage of individual HAProxy + // processes in router containers with the following metric: + // 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. + // + // +kubebuilder:validation:Optional + // +optional + MaxConnections int32 `json:"maxConnections,omitempty"` + + // reloadInterval defines the minimum interval at which the router is allowed to reload + // to accept new changes. Increasing this value can prevent the accumulation of + // HAProxy processes, depending on the scenario. Increasing this interval can + // also lessen load imbalance on a backend's servers when using the roundrobin + // balancing algorithm. Alternatively, decreasing this value may decrease latency + // since updates to HAProxy's configuration can take effect more quickly. + // + // The value must be a time duration value; see . + // Currently, the minimum value allowed is 1s, and the maximum allowed value is + // 120s. Minimum and maximum allowed values may change in future versions of OpenShift. + // Note that if a duration outside of these bounds is provided, the value of reloadInterval + // will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to + // 120s; the IngressController will not reject and replace this disallowed value with + // the default). + // + // A zero value for reloadInterval tells the IngressController to choose the default, + // which is currently 5s and subject to change without notice. + // + // This field expects an unsigned duration string of decimal numbers, each with optional + // fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + // Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + // + // Note: Setting a value significantly larger than the default of 5s can cause latency + // in observing updates to routes and their endpoints. HAProxy's configuration will + // be reloaded less frequently, and newly created routes will not be served until the + // subsequent reload. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Pattern=^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + // +kubebuilder:validation:Type:=string + // +optional + ReloadInterval metav1.Duration `json:"reloadInterval,omitempty"` +} + +// HTTPEmptyRequestsPolicy indicates how HTTP connections for which no request +// is received should be handled. +// +kubebuilder:validation:Enum=Respond;Ignore +type HTTPEmptyRequestsPolicy string + +const ( + // HTTPEmptyRequestsPolicyRespond indicates that the ingress controller + // should respond to empty requests. + HTTPEmptyRequestsPolicyRespond HTTPEmptyRequestsPolicy = "Respond" + // HTTPEmptyRequestsPolicyIgnore indicates that the ingress controller + // should ignore empty requests. + HTTPEmptyRequestsPolicyIgnore HTTPEmptyRequestsPolicy = "Ignore" +) + +var ( + // Available indicates the ingress controller deployment is available. + IngressControllerAvailableConditionType = "Available" + // LoadBalancerManaged indicates the management status of any load balancer + // service associated with an ingress controller. + LoadBalancerManagedIngressConditionType = "LoadBalancerManaged" + // LoadBalancerReady indicates the ready state of any load balancer service + // associated with an ingress controller. + LoadBalancerReadyIngressConditionType = "LoadBalancerReady" + // DNSManaged indicates the management status of any DNS records for the + // ingress controller. + DNSManagedIngressConditionType = "DNSManaged" + // DNSReady indicates the ready state of any DNS records for the ingress + // controller. + DNSReadyIngressConditionType = "DNSReady" +) + +// IngressControllerStatus defines the observed status of the IngressController. +type IngressControllerStatus struct { + // availableReplicas is number of observed available replicas according to the + // ingress controller deployment. + AvailableReplicas int32 `json:"availableReplicas"` + + // selector is a label selector, in string format, for ingress controller pods + // corresponding to the IngressController. The number of matching pods should + // equal the value of availableReplicas. + Selector string `json:"selector"` + + // domain is the actual domain in use. + Domain string `json:"domain"` + + // endpointPublishingStrategy is the actual strategy in use. + EndpointPublishingStrategy *EndpointPublishingStrategy `json:"endpointPublishingStrategy,omitempty"` + + // conditions is a list of conditions and their status. + // + // Available means the ingress controller deployment is available and + // servicing route and ingress resources (i.e, .status.availableReplicas + // equals .spec.replicas) + // + // There are additional conditions which indicate the status of other + // ingress controller features and capabilities. + // + // * LoadBalancerManaged + // - True if the following conditions are met: + // * The endpoint publishing strategy requires a service load balancer. + // - False if any of those conditions are unsatisfied. + // + // * LoadBalancerReady + // - True if the following conditions are met: + // * A load balancer is managed. + // * The load balancer is ready. + // - False if any of those conditions are unsatisfied. + // + // * DNSManaged + // - True if the following conditions are met: + // * The endpoint publishing strategy and platform support DNS. + // * The ingress controller domain is set. + // * dns.config.openshift.io/cluster configures DNS zones. + // - False if any of those conditions are unsatisfied. + // + // * DNSReady + // - True if the following conditions are met: + // * DNS is managed. + // * DNS records have been successfully created. + // - False if any of those conditions are unsatisfied. + // +listType=map + // +listMapKey=type + Conditions []OperatorCondition `json:"conditions,omitempty"` + + // tlsProfile is the TLS connection configuration that is in effect. + // +optional + TLSProfile *configv1.TLSProfileSpec `json:"tlsProfile,omitempty"` + + // observedGeneration is the most recent generation observed. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // namespaceSelector is the actual namespaceSelector in use. + // +optional + NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` + + // routeSelector is the actual routeSelector in use. + // +optional + RouteSelector *metav1.LabelSelector `json:"routeSelector,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// IngressControllerList contains a list of IngressControllers. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type IngressControllerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + Items []IngressController `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_insights.go b/pkg/schemes/machineconfiguration/mctypes/types_insights.go new file mode 100644 index 000000000..23354266a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_insights.go @@ -0,0 +1,156 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=insightsoperators,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1237 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=insights,operatorOrdering=00 +// +// InsightsOperator holds cluster-wide information about the Insights Operator. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type InsightsOperator struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the Insights. + // +kubebuilder:validation:Required + Spec InsightsOperatorSpec `json:"spec"` + + // status is the most recently observed status of the Insights operator. + // +optional + Status InsightsOperatorStatus `json:"status"` +} + +type InsightsOperatorSpec struct { + OperatorSpec `json:",inline"` +} + +type InsightsOperatorStatus struct { + OperatorStatus `json:",inline"` + // gatherStatus provides basic information about the last Insights data gathering. + // When omitted, this means no data gathering has taken place yet. + // +optional + GatherStatus GatherStatus `json:"gatherStatus,omitempty"` + // insightsReport provides general Insights analysis results. + // When omitted, this means no data gathering has taken place yet. + // +optional + InsightsReport InsightsReport `json:"insightsReport,omitempty"` +} + +// gatherStatus provides information about the last known gather event. +type GatherStatus struct { + // lastGatherTime is the last time when Insights data gathering finished. + // An empty value means that no data has been gathered yet. + // +optional + LastGatherTime metav1.Time `json:"lastGatherTime,omitempty"` + // lastGatherDuration is the total time taken to process + // all gatherers during the last gather event. + // +optional + // +kubebuilder:validation:Pattern="^0|([1-9][0-9]*(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" + // +kubebuilder:validation:Type=string + LastGatherDuration metav1.Duration `json:"lastGatherDuration,omitempty"` + // gatherers is a list of active gatherers (and their statuses) in the last gathering. + // +listType=atomic + // +optional + Gatherers []GathererStatus `json:"gatherers,omitempty"` +} + +// insightsReport provides Insights health check report based on the most +// recently sent Insights data. +type InsightsReport struct { + // downloadedAt is the time when the last Insights report was downloaded. + // An empty value means that there has not been any Insights report downloaded yet and + // it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled). + // +optional + DownloadedAt metav1.Time `json:"downloadedAt,omitempty"` + // healthChecks provides basic information about active Insights health checks + // in a cluster. + // +listType=atomic + // +optional + HealthChecks []HealthCheck `json:"healthChecks,omitempty"` +} + +// healthCheck represents an Insights health check attributes. +type HealthCheck struct { + // description provides basic description of the healtcheck. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=10 + Description string `json:"description"` + // totalRisk of the healthcheck. Indicator of the total risk posed + // by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, + // and the higher the number, the more important the issue. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=4 + TotalRisk int32 `json:"totalRisk"` + // advisorURI provides the URL link to the Insights Advisor. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^https:\/\/\S+` + AdvisorURI string `json:"advisorURI"` + // state determines what the current state of the health check is. + // Health check is enabled by default and can be disabled + // by the user in the Insights advisor user interface. + // +kubebuilder:validation:Required + State HealthCheckState `json:"state"` +} + +// healthCheckState provides information about the status of the +// health check (for example, the health check may be marked as disabled by the user). +// +kubebuilder:validation:Enum:=Enabled;Disabled +type HealthCheckState string + +const ( + // enabled marks the health check as enabled + HealthCheckEnabled HealthCheckState = "Enabled" + // disabled marks the health check as disabled + HealthCheckDisabled HealthCheckState = "Disabled" +) + +// gathererStatus represents information about a particular +// data gatherer. +type GathererStatus struct { + // conditions provide details on the status of each gatherer. + // +listType=atomic + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + Conditions []metav1.Condition `json:"conditions"` + // name is the name of the gatherer. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:MinLength=5 + Name string `json:"name"` + // lastGatherDuration represents the time spent gathering. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([1-9][0-9]*(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" + LastGatherDuration metav1.Duration `json:"lastGatherDuration"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// InsightsOperatorList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type InsightsOperatorList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []InsightsOperator `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_kubeapiserver.go b/pkg/schemes/machineconfiguration/mctypes/types_kubeapiserver.go new file mode 100644 index 000000000..65ca279fe --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_kubeapiserver.go @@ -0,0 +1,83 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=kubeapiservers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_20,operatorName=kube-apiserver,operatorOrdering=01 + +// KubeAPIServer provides information to configure an operator to manage kube-apiserver. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:compatibility-gen:level=1 +type KubeAPIServer struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the Kubernetes API Server + // +kubebuilder:validation:Required + // +required + Spec KubeAPIServerSpec `json:"spec"` + + // status is the most recently observed status of the Kubernetes API Server + // +optional + Status KubeAPIServerStatus `json:"status"` +} + +type KubeAPIServerSpec struct { + StaticPodOperatorSpec `json:",inline"` +} + +type KubeAPIServerStatus struct { + StaticPodOperatorStatus `json:",inline"` + + // serviceAccountIssuers tracks history of used service account issuers. + // The item without expiration time represents the currently used service account issuer. + // The other items represents service account issuers that were used previously and are still being trusted. + // The default expiration for the items is set by the platform and it defaults to 24h. + // see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection + // +optional + ServiceAccountIssuers []ServiceAccountIssuerStatus `json:"serviceAccountIssuers,omitempty"` +} + +type ServiceAccountIssuerStatus struct { + // name is the name of the service account issuer + // --- + // + This value comes from the serviceAccountIssuer field on the authentication.config.openshift.io/v1 resource. + // + As the authentication field is not validated, we cannot apply validation here else this may cause the controller + // + to error when trying to update this status field. + Name string `json:"name"` + + // expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list + // of service account issuers. + // +optional + ExpirationTime *metav1.Time `json:"expirationTime,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KubeAPIServerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type KubeAPIServerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []KubeAPIServer `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_kubecontrollermanager.go b/pkg/schemes/machineconfiguration/mctypes/types_kubecontrollermanager.go new file mode 100644 index 000000000..88e559eba --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_kubecontrollermanager.go @@ -0,0 +1,68 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=kubecontrollermanagers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_25,operatorName=kube-controller-manager,operatorOrdering=01 + +// KubeControllerManager provides information to configure an operator to manage kube-controller-manager. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type KubeControllerManager struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the Kubernetes Controller Manager + // +kubebuilder:validation:Required + // +required + Spec KubeControllerManagerSpec `json:"spec"` + + // status is the most recently observed status of the Kubernetes Controller Manager + // +optional + Status KubeControllerManagerStatus `json:"status"` +} + +type KubeControllerManagerSpec struct { + StaticPodOperatorSpec `json:",inline"` + + // useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only + // enough certificates to validate service serving certificates. + // Once set to true, it cannot be set to false. + // Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will + // only have the more secure content. + // +kubebuilder:default=false + UseMoreSecureServiceCA bool `json:"useMoreSecureServiceCA"` +} + +type KubeControllerManagerStatus struct { + StaticPodOperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KubeControllerManagerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type KubeControllerManagerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []KubeControllerManager `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_kubestorageversionmigrator.go b/pkg/schemes/machineconfiguration/mctypes/types_kubestorageversionmigrator.go new file mode 100644 index 000000000..4b8f62857 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_kubestorageversionmigrator.go @@ -0,0 +1,57 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=kubestorageversionmigrators,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/503 +// +openshift:file-pattern=cvoRunLevel=0000_40,operatorName=kube-storage-version-migrator,operatorOrdering=00 + +// KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type KubeStorageVersionMigrator struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // +kubebuilder:validation:Required + // +required + Spec KubeStorageVersionMigratorSpec `json:"spec"` + // +optional + Status KubeStorageVersionMigratorStatus `json:"status"` +} + +type KubeStorageVersionMigratorSpec struct { + OperatorSpec `json:",inline"` +} + +type KubeStorageVersionMigratorStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KubeStorageVersionMigratorList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type KubeStorageVersionMigratorList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []KubeStorageVersionMigrator `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_machineconfiguration.go b/pkg/schemes/machineconfiguration/mctypes/types_machineconfiguration.go new file mode 100644 index 000000000..d31fede1d --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_machineconfiguration.go @@ -0,0 +1,509 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=machineconfigurations,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1453 +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 + +// MachineConfiguration provides information to configure an operator to manage Machine Configuration. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type MachineConfiguration struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the Machine Config Operator + // +kubebuilder:validation:Required + Spec MachineConfigurationSpec `json:"spec"` + + // status is the most recently observed status of the Machine Config Operator + // +optional + Status MachineConfigurationStatus `json:"status"` +} + +type MachineConfigurationSpec struct { + StaticPodOperatorSpec `json:",inline"` + + // TODO(jkyros): This is where we put our knobs and dials + + // managedBootImages allows configuration for the management of boot images for machine + // resources within the cluster. This configuration allows users to select resources that should + // be updated to the latest boot images during cluster upgrades, ensuring that new machines + // always boot with the current cluster version's boot image. When omitted, no boot images + // will be updated. + // +openshift:enable:FeatureGate=ManagedBootImages + // +optional + ManagedBootImages ManagedBootImages `json:"managedBootImages"` + + // nodeDisruptionPolicy allows an admin to set granular node disruption actions for + // MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow + // for less downtime when doing small configuration updates to the cluster. This configuration + // has no effect on cluster upgrades which will still incur node disruption where required. + // +openshift:enable:FeatureGate=NodeDisruptionPolicy + // +optional + NodeDisruptionPolicy NodeDisruptionPolicyConfig `json:"nodeDisruptionPolicy"` +} + +type MachineConfigurationStatus struct { + // observedGeneration is the last generation change you've dealt with + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // conditions is a list of conditions and their status + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + + // Previously there was a StaticPodOperatorStatus here for legacy reasons. Many of the fields within + // it are no longer relevant for the MachineConfiguration CRD's functions. The following remainder + // fields were tombstoned after lifting out StaticPodOperatorStatus. To avoid conflicts with + // serialisation, the following field names may never be used again. + + // Tombstone: legacy field from StaticPodOperatorStatus + // Version string `json:"version,omitempty"` + + // Tombstone: legacy field from StaticPodOperatorStatus + // ReadyReplicas int32 `json:"readyReplicas"` + + // Tombstone: legacy field from StaticPodOperatorStatus + // Generations []GenerationStatus `json:"generations,omitempty"` + + // Tombstone: legacy field from StaticPodOperatorStatus + // LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` + + // Tombstone: legacy field from StaticPodOperatorStatus + // LatestAvailableRevisionReason string `json:"latestAvailableRevisionReason,omitempty"` + + // Tombstone: legacy field from StaticPodOperatorStatus + // NodeStatuses []NodeStatus `json:"nodeStatuses,omitempty"` + + // nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, + // and will be used by the Machine Config Daemon during future node updates. + // +openshift:enable:FeatureGate=NodeDisruptionPolicy + // +optional + NodeDisruptionPolicyStatus NodeDisruptionPolicyStatus `json:"nodeDisruptionPolicyStatus"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// MachineConfigurationList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type MachineConfigurationList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []MachineConfiguration `json:"items"` +} + +type ManagedBootImages struct { + // machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator + // will watch for changes to this list. Only one entry is permitted per type of machine management resource. + // +optional + // +listType=map + // +listMapKey=resource + // +listMapKey=apiGroup + MachineManagers []MachineManager `json:"machineManagers"` +} + +// MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information +// such as the resource type and the API Group of the resource. It also provides granular control via the selection field. +type MachineManager struct { + // resource is the machine management resource's type. + // The only current valid value is machinesets. + // machinesets means that the machine manager will only register resources of the kind MachineSet. + // +kubebuilder:validation:Required + Resource MachineManagerMachineSetsResourceType `json:"resource"` + + // apiGroup is name of the APIGroup that the machine management resource belongs to. + // The only current valid value is machine.openshift.io. + // machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group. + // +kubebuilder:validation:Required + APIGroup MachineManagerMachineSetsAPIGroupType `json:"apiGroup"` + + // selection allows granular control of the machine management resources that will be registered for boot image updates. + // +kubebuilder:validation:Required + Selection MachineManagerSelector `json:"selection"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.mode) && self.mode == 'Partial' ? has(self.partial) : !has(self.partial)",message="Partial is required when type is partial, and forbidden otherwise" +// +union +type MachineManagerSelector struct { + // mode determines how machine managers will be selected for updates. + // Valid values are All and Partial. + // All means that every resource matched by the machine manager will be updated. + // Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. + // +unionDiscriminator + // +kubebuilder:validation:Required + Mode MachineManagerSelectorMode `json:"mode"` + + // partial provides label selector(s) that can be used to match machine management resources. + // Only permitted when mode is set to "Partial". + // +optional + Partial *PartialSelector `json:"partial,omitempty"` +} + +// PartialSelector provides label selector(s) that can be used to match machine management resources. +type PartialSelector struct { + // machineResourceSelector is a label selector that can be used to select machine resources like MachineSets. + // +kubebuilder:validation:Required + MachineResourceSelector *metav1.LabelSelector `json:"machineResourceSelector,omitempty"` +} + +// MachineManagerSelectorMode is a string enum used in the MachineManagerSelector union discriminator. +// +kubebuilder:validation:Enum:="All";"Partial" +type MachineManagerSelectorMode string + +const ( + // All represents a configuration mode that registers all resources specified by the parent MachineManager for boot image updates. + All MachineManagerSelectorMode = "All" + + // Partial represents a configuration mode that will register resources specified by the parent MachineManager only + // if they match with the label selector. + Partial MachineManagerSelectorMode = "Partial" +) + +// MachineManagerManagedResourceType is a string enum used in the MachineManager type to describe the resource +// type to be registered. +// +kubebuilder:validation:Enum:="machinesets" +type MachineManagerMachineSetsResourceType string + +const ( + // MachineSets represent the MachineSet resource type, which manage a group of machines and belong to the Openshift machine API group. + MachineSets MachineManagerMachineSetsResourceType = "machinesets" +) + +// MachineManagerManagedAPIGroupType is a string enum used in in the MachineManager type to describe the APIGroup +// of the resource type being registered. +// +kubebuilder:validation:Enum:="machine.openshift.io" +type MachineManagerMachineSetsAPIGroupType string + +const ( + // MachineAPI represent the traditional MAPI Group that a machineset may belong to. + // This feature only supports MAPI machinesets at this time. + MachineAPI MachineManagerMachineSetsAPIGroupType = "machine.openshift.io" +) + +type NodeDisruptionPolicyStatus struct { + // clusterPolicies is a merge of cluster default and user provided node disruption policies. + // +optional + ClusterPolicies NodeDisruptionPolicyClusterStatus `json:"clusterPolicies"` +} + +// NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys +type NodeDisruptionPolicyConfig struct { + // files is a list of MachineConfig file definitions and actions to take to changes on those paths + // This list supports a maximum of 50 entries. + // +optional + // +listType=map + // +listMapKey=path + // +kubebuilder:validation:MaxItems=50 + Files []NodeDisruptionPolicySpecFile `json:"files"` + // units is a list MachineConfig unit definitions and actions to take on changes to those services + // This list supports a maximum of 50 entries. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=50 + Units []NodeDisruptionPolicySpecUnit `json:"units"` + // sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this + // will apply to all sshkey changes in the cluster + // +optional + SSHKey NodeDisruptionPolicySpecSSHKey `json:"sshkey"` +} + +// NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a +// merge of cluster defaults and user provided policies +type NodeDisruptionPolicyClusterStatus struct { + // files is a list of MachineConfig file definitions and actions to take to changes on those paths + // +optional + // +listType=map + // +listMapKey=path + // +kubebuilder:validation:MaxItems=100 + Files []NodeDisruptionPolicyStatusFile `json:"files,omitempty"` + // units is a list MachineConfig unit definitions and actions to take on changes to those services + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=100 + Units []NodeDisruptionPolicyStatusUnit `json:"units,omitempty"` + // sshkey is the overall sshkey MachineConfig definition + // +optional + SSHKey NodeDisruptionPolicyStatusSSHKey `json:"sshkey,omitempty"` +} + +// NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecFile struct { + // path is the location of a file being managed through a MachineConfig. + // The Actions in the policy will apply to changes to the file at this path. + // +kubebuilder:validation:Required + Path string `json:"path"` + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusFile struct { + // path is the location of a file being managed through a MachineConfig. + // The Actions in the policy will apply to changes to the file at this path. + // +kubebuilder:validation:Required + Path string `json:"path"` + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecUnit struct { + // name represents the service name of a systemd service managed through a MachineConfig + // Actions specified will be applied for changes to the named service. + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + Name NodeDisruptionPolicyServiceName `json:"name"` + + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusUnit struct { + // name represents the service name of a systemd service managed through a MachineConfig + // Actions specified will be applied for changes to the named service. + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + Name NodeDisruptionPolicyServiceName `json:"name"` + + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecSSHKey struct { + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusSSHKey struct { + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)",message="reload is required when type is Reload, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)",message="restart is required when type is Restart, and forbidden otherwise" +// +union +type NodeDisruptionPolicySpecAction struct { + // type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + // Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + // reload/restart requires a corresponding service target specified in the reload/restart field. + // Other values require no further configuration + // +unionDiscriminator + // +kubebuilder:validation:Required + Type NodeDisruptionPolicySpecActionType `json:"type"` + // reload specifies the service to reload, only valid if type is reload + // +optional + Reload *ReloadService `json:"reload,omitempty"` + // restart specifies the service to restart, only valid if type is restart + // +optional + Restart *RestartService `json:"restart,omitempty"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)",message="reload is required when type is Reload, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)",message="restart is required when type is Restart, and forbidden otherwise" +// +union +type NodeDisruptionPolicyStatusAction struct { + // type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + // Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + // reload/restart requires a corresponding service target specified in the reload/restart field. + // Other values require no further configuration + // +unionDiscriminator + // +kubebuilder:validation:Required + Type NodeDisruptionPolicyStatusActionType `json:"type"` + // reload specifies the service to reload, only valid if type is reload + // +optional + Reload *ReloadService `json:"reload,omitempty"` + // restart specifies the service to restart, only valid if type is restart + // +optional + Restart *RestartService `json:"restart,omitempty"` +} + +// ReloadService allows the user to specify the services to be reloaded +type ReloadService struct { + // serviceName is the full name (e.g. crio.service) of the service to be reloaded + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + ServiceName NodeDisruptionPolicyServiceName `json:"serviceName"` +} + +// RestartService allows the user to specify the services to be restarted +type RestartService struct { + // serviceName is the full name (e.g. crio.service) of the service to be restarted + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + ServiceName NodeDisruptionPolicyServiceName `json:"serviceName"` +} + +// NodeDisruptionPolicySpecActionType is a string enum used in a NodeDisruptionPolicySpecAction object. They describe an action to be performed. +// +kubebuilder:validation:Enum:="Reboot";"Drain";"Reload";"Restart";"DaemonReload";"None" +type NodeDisruptionPolicySpecActionType string + +// +kubebuilder:validation:XValidation:rule=`self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')`, message="Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\"." +// +kubebuilder:validation:XValidation:rule=`self.matches('^[a-zA-Z0-9:._\\\\-]+\\..')`, message="Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"" +// +kubebuilder:validation:MaxLength=255 +type NodeDisruptionPolicyServiceName string + +const ( + // Reboot represents an action that will cause nodes to be rebooted. This is the default action by the MCO + // if a reboot policy is not found for a change/update being performed by the MCO. + RebootSpecAction NodeDisruptionPolicySpecActionType = "Reboot" + + // Drain represents an action that will cause nodes to be drained of their workloads. + DrainSpecAction NodeDisruptionPolicySpecActionType = "Drain" + + // Reload represents an action that will cause nodes to reload the service described by the Target field. + ReloadSpecAction NodeDisruptionPolicySpecActionType = "Reload" + + // Restart represents an action that will cause nodes to restart the service described by the Target field. + RestartSpecAction NodeDisruptionPolicySpecActionType = "Restart" + + // DaemonReload represents an action that TBD + DaemonReloadSpecAction NodeDisruptionPolicySpecActionType = "DaemonReload" + + // None represents an action that no handling is required by the MCO. + NoneSpecAction NodeDisruptionPolicySpecActionType = "None" +) + +// NodeDisruptionPolicyStatusActionType is a string enum used in a NodeDisruptionPolicyStatusAction object. They describe an action to be performed. +// The key difference of this object from NodeDisruptionPolicySpecActionType is that there is a additional SpecialStatusAction value in this enum. This will only be +// used by the MCO's controller to indicate some internal actions. They are not part of the NodeDisruptionPolicyConfig object and cannot be set by the user. +// +kubebuilder:validation:Enum:="Reboot";"Drain";"Reload";"Restart";"DaemonReload";"None";"Special" +type NodeDisruptionPolicyStatusActionType string + +const ( + // Reboot represents an action that will cause nodes to be rebooted. This is the default action by the MCO + // if a reboot policy is not found for a change/update being performed by the MCO. + RebootStatusAction NodeDisruptionPolicyStatusActionType = "Reboot" + + // Drain represents an action that will cause nodes to be drained of their workloads. + DrainStatusAction NodeDisruptionPolicyStatusActionType = "Drain" + + // Reload represents an action that will cause nodes to reload the service described by the Target field. + ReloadStatusAction NodeDisruptionPolicyStatusActionType = "Reload" + + // Restart represents an action that will cause nodes to restart the service described by the Target field. + RestartStatusAction NodeDisruptionPolicyStatusActionType = "Restart" + + // DaemonReload represents an action that TBD + DaemonReloadStatusAction NodeDisruptionPolicyStatusActionType = "DaemonReload" + + // None represents an action that no handling is required by the MCO. + NoneStatusAction NodeDisruptionPolicyStatusActionType = "None" + + // Special represents an action that is internal to the MCO, and is not allowed in user defined NodeDisruption policies. + SpecialStatusAction NodeDisruptionPolicyStatusActionType = "Special" +) + +// These strings will be used for MachineConfiguration Status conditions. +const ( + // MachineConfigurationBootImageUpdateDegraded means that the MCO ran into an error while reconciling boot images. This + // will cause the clusteroperators.config.openshift.io/machine-config to degrade. This condition will indicate the cause + // of the degrade, the progress of the update and the generation of the boot images configmap that it degraded on. + MachineConfigurationBootImageUpdateDegraded string = "BootImageUpdateDegraded" + + // MachineConfigurationBootImageUpdateProgressing means that the MCO is in the process of reconciling boot images. This + // will cause the clusteroperators.config.openshift.io/machine-config to be in a Progressing state. This condition will + // indicate the progress of the update and the generation of the boot images configmap that triggered this update. + MachineConfigurationBootImageUpdateProgressing string = "BootImageUpdateProgressing" +) diff --git a/pkg/schemes/machineconfiguration/mctypes/types_network.go b/pkg/schemes/machineconfiguration/mctypes/types_network.go new file mode 100644 index 000000000..211506dc7 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_network.go @@ -0,0 +1,870 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=networks,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_70,operatorName=network,operatorOrdering=01 + +// Network describes the cluster's desired network configuration. It is +// consumed by the cluster-network-operator. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +k8s:openapi-gen=true +// +openshift:compatibility-gen:level=1 +type Network struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec NetworkSpec `json:"spec,omitempty"` + Status NetworkStatus `json:"status,omitempty"` +} + +// NetworkStatus is detailed operator status, which is distilled +// up to the Network clusteroperator object. +type NetworkStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// NetworkList contains a list of Network configurations +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type NetworkList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + Items []Network `json:"items"` +} + +// NetworkSpec is the top-level network configuration object. +// +kubebuilder:validation:XValidation:rule="!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Restricted' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Global'",message="invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=AdditionalRoutingCapabilities,rule="(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'",message="Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" +type NetworkSpec struct { + OperatorSpec `json:",inline"` + + // clusterNetwork is the IP address pool to use for pod IPs. + // Some network providers support multiple ClusterNetworks. + // Others only support one. This is equivalent to the cluster-cidr. + // +listType=atomic + ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"` + + // serviceNetwork is the ip address pool to use for Service IPs + // Currently, all existing network providers only support a single value + // here, but this is an array to allow for growth. + // +listType=atomic + ServiceNetwork []string `json:"serviceNetwork"` + + // defaultNetwork is the "default" network that all pods will receive + DefaultNetwork DefaultNetworkDefinition `json:"defaultNetwork"` + + // additionalNetworks is a list of extra networks to make available to pods + // when multiple networks are enabled. + // +listType=map + // +listMapKey=name + AdditionalNetworks []AdditionalNetworkDefinition `json:"additionalNetworks,omitempty"` + + // disableMultiNetwork specifies whether or not multiple pod network + // support should be disabled. If unset, this property defaults to + // 'false' and multiple network support is enabled. + DisableMultiNetwork *bool `json:"disableMultiNetwork,omitempty"` + + // useMultiNetworkPolicy enables a controller which allows for + // MultiNetworkPolicy objects to be used on additional networks as + // created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + // objects, but NetworkPolicy objects only apply to the primary interface. + // With MultiNetworkPolicy, you can control the traffic that a pod can receive + // over the secondary interfaces. If unset, this property defaults to 'false' + // and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + // 'true' then the value of this field is ignored. + UseMultiNetworkPolicy *bool `json:"useMultiNetworkPolicy,omitempty"` + + // deployKubeProxy specifies whether or not a standalone kube-proxy should + // be deployed by the operator. Some network providers include kube-proxy + // or similar functionality. If unset, the plugin will attempt to select + // the correct value, which is false when ovn-kubernetes is used and true + // otherwise. + // +optional + DeployKubeProxy *bool `json:"deployKubeProxy,omitempty"` + + // disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + // CRs from a test pod to every node, apiserver and LB should be disabled or not. + // If unset, this property defaults to 'false' and network diagnostics is enabled. + // Setting this to 'true' would reduce the additional load of the pods performing the checks. + // +optional + // +kubebuilder:default:=false + DisableNetworkDiagnostics bool `json:"disableNetworkDiagnostics"` + + // kubeProxyConfig lets us configure desired proxy configuration, if + // deployKubeProxy is true. If not specified, sensible defaults will be chosen by + // OpenShift directly. + KubeProxyConfig *ProxyConfig `json:"kubeProxyConfig,omitempty"` + + // exportNetworkFlows enables and configures the export of network flow metadata from the pod network + // by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + // If unset, flows will not be exported to any collector. + // +optional + ExportNetworkFlows *ExportNetworkFlows `json:"exportNetworkFlows,omitempty"` + + // migration enables and configures cluster network migration, for network changes + // that cannot be made instantly. + // +optional + Migration *NetworkMigration `json:"migration,omitempty"` + + // additionalRoutingCapabilities describes components and relevant + // configuration providing additional routing capabilities. When set, it + // enables such components and the usage of the routing capabilities they + // provide for the machine network. Upstream operators, like MetalLB + // operator, requiring these capabilities may rely on, or automatically set + // this attribute. Network plugins may leverage advanced routing + // capabilities acquired through the enablement of these components but may + // require specific configuration on their side to do so; refer to their + // respective documentation and configuration options. + // +openshift:enable:FeatureGate=AdditionalRoutingCapabilities + // +optional + AdditionalRoutingCapabilities *AdditionalRoutingCapabilities `json:"additionalRoutingCapabilities,omitempty"` +} + +// NetworkMigrationMode is an enumeration of the possible mode of the network migration +// Valid values are "Live", "Offline" and omitted. +// DEPRECATED: network type migration is no longer supported. +// +kubebuilder:validation:Enum:=Live;Offline;"" +type NetworkMigrationMode string + +const ( + // A "Live" migration operation will not cause service interruption by migrating the CNI of each node one by one. The cluster network will work as normal during the network migration. + // DEPRECATED: network type migration is no longer supported. + LiveNetworkMigrationMode NetworkMigrationMode = "Live" + // An "Offline" migration operation will cause service interruption. During an "Offline" migration, two rounds of node reboots are required. The cluster network will be malfunctioning during the network migration. + // DEPRECATED: network type migration is no longer supported. + OfflineNetworkMigrationMode NetworkMigrationMode = "Offline" +) + +// NetworkMigration represents the cluster network migration configuration. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkLiveMigration,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" +type NetworkMigration struct { + // mtu contains the MTU migration configuration. Set this to allow changing + // the MTU values for the default network. If unset, the operation of + // changing the MTU for the default network will be rejected. + // +optional + MTU *MTUMigration `json:"mtu,omitempty"` + + // networkType was previously used when changing the default network type. + // DEPRECATED: network type migration is no longer supported, and setting + // this to a non-empty value will result in the network operator rejecting + // the configuration. + // +optional + NetworkType string `json:"networkType,omitempty"` + + // features was previously used to configure which network plugin features + // would be migrated in a network type migration. + // DEPRECATED: network type migration is no longer supported, and setting + // this to a non-empty value will result in the network operator rejecting + // the configuration. + // +optional + Features *FeaturesMigration `json:"features,omitempty"` + + // mode indicates the mode of network type migration. + // DEPRECATED: network type migration is no longer supported, and setting + // this to a non-empty value will result in the network operator rejecting + // the configuration. + // +optional + Mode NetworkMigrationMode `json:"mode,omitempty"` +} + +type FeaturesMigration struct { + // egressIP specified whether or not the Egress IP configuration was migrated. + // DEPRECATED: network type migration is no longer supported. + // +optional + // +kubebuilder:default:=true + EgressIP bool `json:"egressIP,omitempty"` + // egressFirewall specified whether or not the Egress Firewall configuration was migrated. + // DEPRECATED: network type migration is no longer supported. + // +optional + // +kubebuilder:default:=true + EgressFirewall bool `json:"egressFirewall,omitempty"` + // multicast specified whether or not the multicast configuration was migrated. + // DEPRECATED: network type migration is no longer supported. + // +optional + // +kubebuilder:default:=true + Multicast bool `json:"multicast,omitempty"` +} + +// MTUMigration contains infomation about MTU migration. +type MTUMigration struct { + // network contains information about MTU migration for the default network. + // Migrations are only allowed to MTU values lower than the machine's uplink + // MTU by the minimum appropriate offset. + // +optional + Network *MTUMigrationValues `json:"network,omitempty"` + + // machine contains MTU migration configuration for the machine's uplink. + // Needs to be migrated along with the default network MTU unless the + // current uplink MTU already accommodates the default network MTU. + // +optional + Machine *MTUMigrationValues `json:"machine,omitempty"` +} + +// MTUMigrationValues contains the values for a MTU migration. +type MTUMigrationValues struct { + // to is the MTU to migrate to. + // +kubebuilder:validation:Minimum=0 + To *uint32 `json:"to"` + + // from is the MTU to migrate from. + // +kubebuilder:validation:Minimum=0 + // +optional + From *uint32 `json:"from,omitempty"` +} + +// ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size +// HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If +// the HostPrefix field is not used by the plugin, it can be left unset. +// Not all network providers support multiple ClusterNetworks +type ClusterNetworkEntry struct { + CIDR string `json:"cidr"` + // +kubebuilder:validation:Minimum=0 + // +optional + HostPrefix uint32 `json:"hostPrefix,omitempty"` +} + +// DefaultNetworkDefinition represents a single network plugin's configuration. +// type must be specified, along with exactly one "Config" that matches the type. +type DefaultNetworkDefinition struct { + // type is the type of network + // All NetworkTypes are supported except for NetworkTypeRaw + Type NetworkType `json:"type"` + + // openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + // DEPRECATED: OpenShift SDN is no longer supported. + // +optional + OpenShiftSDNConfig *OpenShiftSDNConfig `json:"openshiftSDNConfig,omitempty"` + + // ovnKubernetesConfig configures the ovn-kubernetes plugin. + // +optional + OVNKubernetesConfig *OVNKubernetesConfig `json:"ovnKubernetesConfig,omitempty"` +} + +// SimpleMacvlanConfig contains configurations for macvlan interface. +type SimpleMacvlanConfig struct { + // master is the host interface to create the macvlan interface from. + // If not specified, it will be default route interface + // +optional + Master string `json:"master,omitempty"` + + // IPAMConfig configures IPAM module will be used for IP Address Management (IPAM). + // +optional + IPAMConfig *IPAMConfig `json:"ipamConfig,omitempty"` + + // mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge + // +optional + Mode MacvlanMode `json:"mode,omitempty"` + + // mtu is the mtu to use for the macvlan interface. if unset, host's + // kernel will select the value. + // +kubebuilder:validation:Minimum=0 + // +optional + MTU uint32 `json:"mtu,omitempty"` +} + +// StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses +type StaticIPAMAddresses struct { + // Address is the IP address in CIDR format + // +optional + Address string `json:"address"` + // Gateway is IP inside of subnet to designate as the gateway + // +optional + Gateway string `json:"gateway,omitempty"` +} + +// StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes +type StaticIPAMRoutes struct { + // Destination points the IP route destination + Destination string `json:"destination"` + // Gateway is the route's next-hop IP address + // If unset, a default gateway is assumed (as determined by the CNI plugin). + // +optional + Gateway string `json:"gateway,omitempty"` +} + +// StaticIPAMDNS provides DNS related information for static IPAM +type StaticIPAMDNS struct { + // Nameservers points DNS servers for IP lookup + // +optional + // +listType=atomic + Nameservers []string `json:"nameservers,omitempty"` + // Domain configures the domainname the local domain used for short hostname lookups + // +optional + Domain string `json:"domain,omitempty"` + // Search configures priority ordered search domains for short hostname lookups + // +optional + // +listType=atomic + Search []string `json:"search,omitempty"` +} + +// StaticIPAMConfig contains configurations for static IPAM (IP Address Management) +type StaticIPAMConfig struct { + // Addresses configures IP address for the interface + // +optional + // +listType=atomic + Addresses []StaticIPAMAddresses `json:"addresses,omitempty"` + // Routes configures IP routes for the interface + // +optional + // +listType=atomic + Routes []StaticIPAMRoutes `json:"routes,omitempty"` + // DNS configures DNS for the interface + // +optional + DNS *StaticIPAMDNS `json:"dns,omitempty"` +} + +// IPAMConfig contains configurations for IPAM (IP Address Management) +type IPAMConfig struct { + // Type is the type of IPAM module will be used for IP Address Management(IPAM). + // The supported values are IPAMTypeDHCP, IPAMTypeStatic + Type IPAMType `json:"type"` + + // StaticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic + // +optional + StaticIPAMConfig *StaticIPAMConfig `json:"staticIPAMConfig,omitempty"` +} + +// AdditionalNetworkDefinition configures an extra network that is available but not +// created by default. Instead, pods must request them by name. +// type must be specified, along with exactly one "Config" that matches the type. +type AdditionalNetworkDefinition struct { + // type is the type of network + // The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + Type NetworkType `json:"type"` + + // name is the name of the network. This will be populated in the resulting CRD + // This must be unique. + // +kubebuilder:validation:Required + Name string `json:"name"` + + // namespace is the namespace of the network. This will be populated in the resulting CRD + // If not given the network will be created in the default namespace. + Namespace string `json:"namespace,omitempty"` + + // rawCNIConfig is the raw CNI configuration json to create in the + // NetworkAttachmentDefinition CRD + RawCNIConfig string `json:"rawCNIConfig,omitempty"` + + // SimpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan + // +optional + SimpleMacvlanConfig *SimpleMacvlanConfig `json:"simpleMacvlanConfig,omitempty"` +} + +// OpenShiftSDNConfig was used to configure the OpenShift SDN plugin. It is no longer used. +type OpenShiftSDNConfig struct { + // mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + Mode SDNMode `json:"mode"` + + // vxlanPort is the port to use for all vxlan packets. The default is 4789. + // +kubebuilder:validation:Minimum=0 + // +optional + VXLANPort *uint32 `json:"vxlanPort,omitempty"` + + // mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + // This must be 50 bytes smaller than the machine's uplink. + // +kubebuilder:validation:Minimum=0 + // +optional + MTU *uint32 `json:"mtu,omitempty"` + + // useExternalOpenvswitch used to control whether the operator would deploy an OVS + // DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + // run as a system service, and this flag is ignored. + // +optional + UseExternalOpenvswitch *bool `json:"useExternalOpenvswitch,omitempty"` + + // enableUnidling controls whether or not the service proxy will support idling + // and unidling of services. By default, unidling is enabled. + EnableUnidling *bool `json:"enableUnidling,omitempty"` +} + +// ovnKubernetesConfig contains the configuration parameters for networks +// using the ovn-kubernetes network project +type OVNKubernetesConfig struct { + // mtu is the MTU to use for the tunnel interface. This must be 100 + // bytes smaller than the uplink mtu. + // Default is 1400 + // +kubebuilder:validation:Minimum=0 + // +optional + MTU *uint32 `json:"mtu,omitempty"` + // geneve port is the UDP port to be used by geneve encapulation. + // Default is 6081 + // +kubebuilder:validation:Minimum=1 + // +optional + GenevePort *uint32 `json:"genevePort,omitempty"` + // HybridOverlayConfig configures an additional overlay network for peers that are + // not using OVN. + // +optional + HybridOverlayConfig *HybridOverlayConfig `json:"hybridOverlayConfig,omitempty"` + // ipsecConfig enables and configures IPsec for pods on the pod network within the + // cluster. + // +optional + // +kubebuilder:default={"mode": "Disabled"} + // +default={"mode": "Disabled"} + IPsecConfig *IPsecConfig `json:"ipsecConfig,omitempty"` + // policyAuditConfig is the configuration for network policy audit events. If unset, + // reported defaults are used. + // +optional + PolicyAuditConfig *PolicyAuditConfig `json:"policyAuditConfig,omitempty"` + // gatewayConfig holds the configuration for node gateway options. + // +optional + GatewayConfig *GatewayConfig `json:"gatewayConfig,omitempty"` + // v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + // default one is being already used by something else. It must not overlap with + // any other subnet being used by OpenShift or by the node network. The size of the + // subnet must be larger than the number of nodes. The value cannot be changed + // after installation. + // Default is 100.64.0.0/16 + // +optional + V4InternalSubnet string `json:"v4InternalSubnet,omitempty"` + // v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + // default one is being already used by something else. It must not overlap with + // any other subnet being used by OpenShift or by the node network. The size of the + // subnet must be larger than the number of nodes. The value cannot be changed + // after installation. + // Default is fd98::/48 + // +optional + V6InternalSubnet string `json:"v6InternalSubnet,omitempty"` + // egressIPConfig holds the configuration for EgressIP options. + // +optional + EgressIPConfig EgressIPConfig `json:"egressIPConfig,omitempty"` + // ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + // this means no opinions and the default configuration is used. Check individual + // fields within ipv4 for details of default values. + // +optional + IPv4 *IPv4OVNKubernetesConfig `json:"ipv4,omitempty"` + // ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + // this means no opinions and the default configuration is used. Check individual + // fields within ipv4 for details of default values. + // +optional + IPv6 *IPv6OVNKubernetesConfig `json:"ipv6,omitempty"` + + // routeAdvertisements determines if the functionality to advertise cluster + // network routes through a dynamic routing protocol, such as BGP, is + // enabled or not. This functionality is configured through the + // ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + // capability provider to be enabled as an additional routing capability. + // Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + // means the user has no opinion and the platform is left to choose + // reasonable defaults. These defaults are subject to change over time. The + // current default is "Disabled". + // +openshift:enable:FeatureGate=RouteAdvertisements + // +optional + RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` +} + +type IPv4OVNKubernetesConfig struct { + // internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + // by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + // architecture that connects the cluster routers on each node together to enable + // east west traffic. The subnet chosen should not overlap with other networks + // specified for OVN-Kubernetes as well as other networks used on the host. + // The value cannot be changed after installation. + // When ommitted, this means no opinion and the platform is left to choose a reasonable + // default which is subject to change over time. + // The current default subnet is 100.88.0.0/16 + // The subnet must be large enough to accomadate one IP per node in your cluster + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in valid IPV4 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 30",message="subnet must be in the range /0 to /30 inclusive" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0" + // +optional + InternalTransitSwitchSubnet string `json:"internalTransitSwitchSubnet,omitempty"` + // internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + // default one is being already used by something else. It must not overlap with + // any other subnet being used by OpenShift or by the node network. The size of the + // subnet must be larger than the number of nodes. The value cannot be changed + // after installation. + // The current default value is 100.64.0.0/16 + // The subnet must be large enough to accomadate one IP per node in your cluster + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in valid IPV4 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 30",message="subnet must be in the range /0 to /30 inclusive" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0" + // +optional + InternalJoinSubnet string `json:"internalJoinSubnet,omitempty"` +} + +type IPv6OVNKubernetesConfig struct { + // internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + // by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + // architecture that connects the cluster routers on each node together to enable + // east west traffic. The subnet chosen should not overlap with other networks + // specified for OVN-Kubernetes as well as other networks used on the host. + // The value cannot be changed after installation. + // When ommitted, this means no opinion and the platform is left to choose a reasonable + // default which is subject to change over time. + // The subnet must be large enough to accomadate one IP per node in your cluster + // The current default subnet is fd97::/64 + // The value must be in proper IPV6 CIDR format + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:MaxLength=48 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPV6 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive" + // +optional + InternalTransitSwitchSubnet string `json:"internalTransitSwitchSubnet,omitempty"` + // internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + // default one is being already used by something else. It must not overlap with + // any other subnet being used by OpenShift or by the node network. The size of the + // subnet must be larger than the number of nodes. The value cannot be changed + // after installation. + // The subnet must be large enough to accomadate one IP per node in your cluster + // The current default value is fd98::/48 + // The value must be in proper IPV6 CIDR format + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:MaxLength=48 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPV6 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive" + // +optional + InternalJoinSubnet string `json:"internalJoinSubnet,omitempty"` +} + +type HybridOverlayConfig struct { + // HybridClusterNetwork defines a network space given to nodes on an additional overlay network. + // +listType=atomic + HybridClusterNetwork []ClusterNetworkEntry `json:"hybridClusterNetwork"` + // HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + // Default is 4789 + // +optional + HybridOverlayVXLANPort *uint32 `json:"hybridOverlayVXLANPort,omitempty"` +} + +// +kubebuilder:validation:XValidation:rule="self == oldSelf || has(self.mode)",message="ipsecConfig.mode is required" +type IPsecConfig struct { + // mode defines the behaviour of the ipsec configuration within the platform. + // Valid values are `Disabled`, `External` and `Full`. + // When 'Disabled', ipsec will not be enabled at the node level. + // When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + // This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + // When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + // Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + // this is left to the user to configure. + // +kubebuilder:validation:Enum=Disabled;External;Full + // +optional + Mode IPsecMode `json:"mode,omitempty"` +} + +type IPForwardingMode string + +const ( + // IPForwardingRestricted limits the IP forwarding on OVN-Kube managed interfaces (br-ex, br-ex1) to only required + // service and other k8s related traffic + IPForwardingRestricted IPForwardingMode = "Restricted" + + // IPForwardingGlobal allows all IP traffic to be forwarded across OVN-Kube managed interfaces + IPForwardingGlobal IPForwardingMode = "Global" +) + +// GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides +type GatewayConfig struct { + // RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + // into the host before sending it out. If this is not set, traffic will always egress directly + // from OVN to outside without touching the host stack. Setting this to true means hardware + // offload will not be supported. Default is false if GatewayConfig is specified. + // +kubebuilder:default:=false + // +optional + RoutingViaHost bool `json:"routingViaHost,omitempty"` + // IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + // By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + // IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + // OVN-Kubernetes managed interfaces, then set this field to "Global". + // The supported values are "Restricted" and "Global". + // +optional + IPForwarding IPForwardingMode `json:"ipForwarding,omitempty"` + // ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + // configuration is used. Check individual members fields within ipv4 for details of default values. + // +optional + IPv4 IPv4GatewayConfig `json:"ipv4,omitempty"` + // ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + // configuration is used. Check individual members fields within ipv6 for details of default values. + // +optional + IPv6 IPv6GatewayConfig `json:"ipv6,omitempty"` +} + +// IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes +type IPv4GatewayConfig struct { + // internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + // ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + // addresses, as well as the shared gateway bridge interface. The values can be changed after + // installation. The subnet chosen should not overlap with other networks specified for + // OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + // be large enough to accommodate 6 IPs (maximum prefix length /29). + // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + // The current default subnet is 169.254.169.0/29 + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in valid IPV4 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 29",message="subnet must be in the range /0 to /29 inclusive" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0" + // +optional + InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` +} + +// IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes +type IPv6GatewayConfig struct { + // internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + // ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + // addresses, as well as the shared gateway bridge interface. The values can be changed after + // installation. The subnet chosen should not overlap with other networks specified for + // OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + // be large enough to accommodate 6 IPs (maximum prefix length /125). + // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + // The current default subnet is fd69::/125 + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPV6 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive" + // +optional + InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` +} + +type ExportNetworkFlows struct { + // netFlow defines the NetFlow configuration. + // +optional + NetFlow *NetFlowConfig `json:"netFlow,omitempty"` + // sFlow defines the SFlow configuration. + // +optional + SFlow *SFlowConfig `json:"sFlow,omitempty"` + // ipfix defines IPFIX configuration. + // +optional + IPFIX *IPFIXConfig `json:"ipfix,omitempty"` +} + +type NetFlowConfig struct { + // netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + // It is a list of strings formatted as ip:port with a maximum of ten items + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=atomic + Collectors []IPPort `json:"collectors,omitempty"` +} + +type SFlowConfig struct { + // sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=atomic + Collectors []IPPort `json:"collectors,omitempty"` +} + +type IPFIXConfig struct { + // ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=atomic + Collectors []IPPort `json:"collectors,omitempty"` +} + +// +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$` +type IPPort string + +type PolicyAuditConfig struct { + // rateLimit is the approximate maximum number of messages to generate per-second per-node. If + // unset the default of 20 msg/sec is used. + // +kubebuilder:default=20 + // +kubebuilder:validation:Minimum=1 + // +optional + RateLimit *uint32 `json:"rateLimit,omitempty"` + + // maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + // Units are in MB and the Default is 50MB + // +kubebuilder:default=50 + // +kubebuilder:validation:Minimum=1 + // +optional + MaxFileSize *uint32 `json:"maxFileSize,omitempty"` + + // maxLogFiles specifies the maximum number of ACL_audit log files that can be present. + // +kubebuilder:default=5 + // +kubebuilder:validation:Minimum=1 + // +optional + MaxLogFiles *int32 `json:"maxLogFiles,omitempty"` + + // destination is the location for policy log messages. + // Regardless of this config, persistent logs will always be dumped to the host + // at /var/log/ovn/ however + // Additionally syslog output may be configured as follows. + // Valid values are: + // - "libc" -> to use the libc syslog() function of the host node's journdald process + // - "udp:host:port" -> for sending syslog over UDP + // - "unix:file" -> for using the UNIX domain socket directly + // - "null" -> to discard all messages logged to syslog + // The default is "null" + // +kubebuilder:default=null + // +kubebuilder:pattern='^libc$|^null$|^udp:(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]):([0-9]){0,5}$|^unix:(\/[^\/ ]*)+([^\/\s])$' + // +optional + Destination string `json:"destination,omitempty"` + + // syslogFacility the RFC5424 facility for generated messages, e.g. "kern". Default is "local0" + // +kubebuilder:default=local0 + // +kubebuilder:Enum=kern;user;mail;daemon;auth;syslog;lpr;news;uucp;clock;ftp;ntp;audit;alert;clock2;local0;local1;local2;local3;local4;local5;local6;local7 + // +optional + SyslogFacility string `json:"syslogFacility,omitempty"` +} + +// NetworkType describes the network plugin type to configure +type NetworkType string + +// ProxyArgumentList is a list of arguments to pass to the kubeproxy process +// +listType=atomic +type ProxyArgumentList []string + +// ProxyConfig defines the configuration knobs for kubeproxy +// All of these are optional and have sensible defaults +type ProxyConfig struct { + // An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + // in large clusters for performance reasons, but this is no longer necessary, and there is no reason + // to change this from the default value. + // Default: 30s + IptablesSyncPeriod string `json:"iptablesSyncPeriod,omitempty"` + + // The address to "bind" on + // Defaults to 0.0.0.0 + BindAddress string `json:"bindAddress,omitempty"` + + // Any additional arguments to pass to the kubeproxy process + ProxyArguments map[string]ProxyArgumentList `json:"proxyArguments,omitempty"` +} + +// EgressIPConfig defines the configuration knobs for egressip +type EgressIPConfig struct { + // reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + // If the EgressIP node cannot be reached within this timeout, the node is declared down. + // Setting a large value may cause the EgressIP feature to react slowly to node changes. + // In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + // When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default is 1 second. + // A value of 0 disables the EgressIP node's reachability check. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=60 + // +optional + ReachabilityTotalTimeoutSeconds *uint32 `json:"reachabilityTotalTimeoutSeconds,omitempty"` +} + +const ( + // NetworkTypeOpenShiftSDN means the openshift-sdn plugin will be configured. + // DEPRECATED: OpenShift SDN is no longer supported + NetworkTypeOpenShiftSDN NetworkType = "OpenShiftSDN" + + // NetworkTypeOVNKubernetes means the ovn-kubernetes plugin will be configured. + NetworkTypeOVNKubernetes NetworkType = "OVNKubernetes" + + // NetworkTypeRaw + NetworkTypeRaw NetworkType = "Raw" + + // NetworkTypeSimpleMacvlan + NetworkTypeSimpleMacvlan NetworkType = "SimpleMacvlan" +) + +// SDNMode is the Mode the openshift-sdn plugin is in. +// DEPRECATED: OpenShift SDN is no longer supported +type SDNMode string + +const ( + // SDNModeSubnet is a simple mode that offers no isolation between pods + // DEPRECATED: OpenShift SDN is no longer supported + SDNModeSubnet SDNMode = "Subnet" + + // SDNModeMultitenant is a special "multitenant" mode that offers limited + // isolation configuration between namespaces + // DEPRECATED: OpenShift SDN is no longer supported + SDNModeMultitenant SDNMode = "Multitenant" + + // SDNModeNetworkPolicy is a full NetworkPolicy implementation that allows + // for sophisticated network isolation and segmenting. This is the default. + // DEPRECATED: OpenShift SDN is no longer supported + SDNModeNetworkPolicy SDNMode = "NetworkPolicy" +) + +// MacvlanMode is the Mode of macvlan. The value are lowercase to match the CNI plugin +// config values. See "man ip-link" for its detail. +type MacvlanMode string + +const ( + // MacvlanModeBridge is the macvlan with thin bridge function. + MacvlanModeBridge MacvlanMode = "Bridge" + // MacvlanModePrivate + MacvlanModePrivate MacvlanMode = "Private" + // MacvlanModeVEPA is used with Virtual Ethernet Port Aggregator + // (802.1qbg) swtich + MacvlanModeVEPA MacvlanMode = "VEPA" + // MacvlanModePassthru + MacvlanModePassthru MacvlanMode = "Passthru" +) + +// IPAMType describes the IP address management type to configure +type IPAMType string + +const ( + // IPAMTypeDHCP uses DHCP for IP management + IPAMTypeDHCP IPAMType = "DHCP" + // IPAMTypeStatic uses static IP + IPAMTypeStatic IPAMType = "Static" +) + +// IPsecMode enumerates the modes for IPsec configuration +type IPsecMode string + +const ( + // IPsecModeDisabled disables IPsec altogether + IPsecModeDisabled IPsecMode = "Disabled" + // IPsecModeExternal enables IPsec on the node level, but expects the user to configure it using k8s-nmstate or + // other means - it is most useful for secure communication from the cluster to external endpoints + IPsecModeExternal IPsecMode = "External" + // IPsecModeFull enables IPsec on the node level (the same as IPsecModeExternal), and configures it to secure communication + // between pods on the cluster network. + IPsecModeFull IPsecMode = "Full" +) + +// +kubebuilder:validation:Enum:="";"Enabled";"Disabled" +type RouteAdvertisementsEnablement string + +var ( + // RouteAdvertisementsEnabled enables route advertisements for ovn-kubernetes + RouteAdvertisementsEnabled RouteAdvertisementsEnablement = "Enabled" + // RouteAdvertisementsDisabled disables route advertisements for ovn-kubernetes + RouteAdvertisementsDisabled RouteAdvertisementsEnablement = "Disabled" +) + +// RoutingCapabilitiesProvider is a component providing routing capabilities. +// +kubebuilder:validation:Enum=FRR +type RoutingCapabilitiesProvider string + +const ( + // RoutingCapabilitiesProviderFRR determines FRR is providing advanced + // routing capabilities. + RoutingCapabilitiesProviderFRR RoutingCapabilitiesProvider = "FRR" +) + +// AdditionalRoutingCapabilities describes components and relevant configuration providing +// advanced routing capabilities. +type AdditionalRoutingCapabilities struct { + // providers is a set of enabled components that provide additional routing + // capabilities. Entries on this list must be unique. The only valid value + // is currrently "FRR" which provides FRR routing capabilities through the + // deployment of FRR. + // +listType=atomic + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" + Providers []RoutingCapabilitiesProvider `json:"providers"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_olm.go b/pkg/schemes/machineconfiguration/mctypes/types_olm.go new file mode 100644 index 000000000..c622418c5 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_olm.go @@ -0,0 +1,59 @@ +package mctypes + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OLM provides information to configure an operator to manage the OLM controllers +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=olms,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1504 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=operator-lifecycle-manager,operatorOrdering=01 +// +openshift:enable:FeatureGate=NewOLM +// +openshift:capability=OperatorLifecycleManagerV1 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="olm is a singleton, .metadata.name must be 'cluster'" +type OLM struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + //spec holds user settable values for configuration + //+kubebuilder:validation:Required + Spec OLMSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status OLMStatus `json:"status"` +} + +type OLMSpec struct { + OperatorSpec `json:",inline"` +} + +type OLMStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OLMList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type OLMList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []OLM `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_openshiftapiserver.go b/pkg/schemes/machineconfiguration/mctypes/types_openshiftapiserver.go new file mode 100644 index 000000000..6122efb50 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_openshiftapiserver.go @@ -0,0 +1,60 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=openshiftapiservers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_30,operatorName=openshift-apiserver,operatorOrdering=01 + +// OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type OpenShiftAPIServer struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the OpenShift API Server. + // +kubebuilder:validation:Required + // +required + Spec OpenShiftAPIServerSpec `json:"spec"` + + // status defines the observed status of the OpenShift API Server. + // +optional + Status OpenShiftAPIServerStatus `json:"status"` +} + +type OpenShiftAPIServerSpec struct { + OperatorSpec `json:",inline"` +} + +type OpenShiftAPIServerStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OpenShiftAPIServerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type OpenShiftAPIServerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []OpenShiftAPIServer `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_openshiftcontrollermanager.go b/pkg/schemes/machineconfiguration/mctypes/types_openshiftcontrollermanager.go new file mode 100644 index 000000000..17245f734 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_openshiftcontrollermanager.go @@ -0,0 +1,57 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=openshiftcontrollermanagers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=openshift-controller-manager,operatorOrdering=02 + +// OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type OpenShiftControllerManager struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // +kubebuilder:validation:Required + // +required + Spec OpenShiftControllerManagerSpec `json:"spec"` + // +optional + Status OpenShiftControllerManagerStatus `json:"status"` +} + +type OpenShiftControllerManagerSpec struct { + OperatorSpec `json:",inline"` +} + +type OpenShiftControllerManagerStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OpenShiftControllerManagerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type OpenShiftControllerManagerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []OpenShiftControllerManager `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_scheduler.go b/pkg/schemes/machineconfiguration/mctypes/types_scheduler.go new file mode 100644 index 000000000..b6151bdb1 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_scheduler.go @@ -0,0 +1,60 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=kubeschedulers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_25,operatorName=kube-scheduler,operatorOrdering=01 + +// KubeScheduler provides information to configure an operator to manage scheduler. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type KubeScheduler struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // spec is the specification of the desired behavior of the Kubernetes Scheduler + // +kubebuilder:validation:Required + // +required + Spec KubeSchedulerSpec `json:"spec"` + + // status is the most recently observed status of the Kubernetes Scheduler + // +optional + Status KubeSchedulerStatus `json:"status"` +} + +type KubeSchedulerSpec struct { + StaticPodOperatorSpec `json:",inline"` +} + +type KubeSchedulerStatus struct { + StaticPodOperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KubeSchedulerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type KubeSchedulerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []KubeScheduler `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_serviceca.go b/pkg/schemes/machineconfiguration/mctypes/types_serviceca.go new file mode 100644 index 000000000..2c700fa35 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_serviceca.go @@ -0,0 +1,59 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=servicecas,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=service-ca,operatorOrdering=02 + +// ServiceCA provides information to configure an operator to manage the service cert controllers +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ServiceCA struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + //spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ServiceCASpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status ServiceCAStatus `json:"status"` +} + +type ServiceCASpec struct { + OperatorSpec `json:",inline"` +} + +type ServiceCAStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ServiceCAList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ServiceCAList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []ServiceCA `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_servicecatalogapiserver.go b/pkg/schemes/machineconfiguration/mctypes/types_servicecatalogapiserver.go new file mode 100644 index 000000000..1553620a3 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_servicecatalogapiserver.go @@ -0,0 +1,54 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server +// DEPRECATED: will be removed in 4.6 +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ServiceCatalogAPIServer struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +kubebuilder:validation:Required + // +required + Spec ServiceCatalogAPIServerSpec `json:"spec"` + // +optional + Status ServiceCatalogAPIServerStatus `json:"status"` +} + +type ServiceCatalogAPIServerSpec struct { + OperatorSpec `json:",inline"` +} + +type ServiceCatalogAPIServerStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ServiceCatalogAPIServerList is a collection of items +// DEPRECATED: will be removed in 4.6 +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ServiceCatalogAPIServerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []ServiceCatalogAPIServer `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_servicecatalogcontrollermanager.go b/pkg/schemes/machineconfiguration/mctypes/types_servicecatalogcontrollermanager.go new file mode 100644 index 000000000..e6cb978d3 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_servicecatalogcontrollermanager.go @@ -0,0 +1,54 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager +// DEPRECATED: will be removed in 4.6 +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ServiceCatalogControllerManager struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // +kubebuilder:validation:Required + // +required + Spec ServiceCatalogControllerManagerSpec `json:"spec"` + // +optional + Status ServiceCatalogControllerManagerStatus `json:"status"` +} + +type ServiceCatalogControllerManagerSpec struct { + OperatorSpec `json:",inline"` +} + +type ServiceCatalogControllerManagerStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ServiceCatalogControllerManagerList is a collection of items +// DEPRECATED: will be removed in 4.6 +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ServiceCatalogControllerManagerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []ServiceCatalogControllerManager `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/types_storage.go b/pkg/schemes/machineconfiguration/mctypes/types_storage.go new file mode 100644 index 000000000..ce95184ba --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/types_storage.go @@ -0,0 +1,80 @@ +package mctypes + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=storages,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/670 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=storage,operatorOrdering=01 + +// Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type Storage struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec StorageSpec `json:"spec"` + + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status StorageStatus `json:"status"` +} + +// StorageDriverType indicates whether CSI migration should be enabled for drivers where it is optional. +// +kubebuilder:validation:Enum="";LegacyDeprecatedInTreeDriver;CSIWithMigrationDriver +type StorageDriverType string + +const ( + LegacyDeprecatedInTreeDriver StorageDriverType = "LegacyDeprecatedInTreeDriver" + CSIWithMigrationDriver StorageDriverType = "CSIWithMigrationDriver" +) + +// StorageSpec is the specification of the desired behavior of the cluster storage operator. +type StorageSpec struct { + OperatorSpec `json:",inline"` + + // VSphereStorageDriver indicates the storage driver to use on VSphere clusters. + // Once this field is set to CSIWithMigrationDriver, it can not be changed. + // If this is empty, the platform will choose a good default, + // which may change over time without notice. + // The current default is CSIWithMigrationDriver and may not be changed. + // DEPRECATED: This field will be removed in a future release. + // +kubebuilder:validation:XValidation:rule="self != \"LegacyDeprecatedInTreeDriver\"",message="VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" + // +optional + VSphereStorageDriver StorageDriverType `json:"vsphereStorageDriver"` +} + +// StorageStatus defines the observed status of the cluster storage operator. +type StorageStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// StorageList contains a list of Storages. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type StorageList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + Items []Storage `json:"items"` +} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml new file mode 100644 index 000000000..323ba4687 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml @@ -0,0 +1,214 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/612 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: configs.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Config + listKind: ConfigList + plural: configs + singular: config + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components + on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Config Operator. + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status defines the observed status of the Config Operator. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-CustomNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-CustomNoUpgrade.crd.yaml new file mode 100644 index 000000000..1b6b36024 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-CustomNoUpgrade.crd.yaml @@ -0,0 +1,216 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1504 + api.openshift.io/merged-by-featuregates: "true" + capability.openshift.io/name: OperatorLifecycleManagerV1 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: olms.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: OLM + listKind: OLMList + plural: olms + singular: olm + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + OLM provides information to configure an operator to manage the OLM controllers + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: olm is a singleton, .metadata.name must be 'cluster' + rule: self.metadata.name == 'cluster' + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-DevPreviewNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..575a0a114 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,216 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1504 + api.openshift.io/merged-by-featuregates: "true" + capability.openshift.io/name: OperatorLifecycleManagerV1 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: olms.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: OLM + listKind: OLMList + plural: olms + singular: olm + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + OLM provides information to configure an operator to manage the OLM controllers + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: olm is a singleton, .metadata.name must be 'cluster' + rule: self.metadata.name == 'cluster' + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-TechPreviewNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..cb522290e --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_10_operator-lifecycle-manager_01_olms-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,216 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1504 + api.openshift.io/merged-by-featuregates: "true" + capability.openshift.io/name: OperatorLifecycleManagerV1 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: olms.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: OLM + listKind: OLMList + plural: olms + singular: olm + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + OLM provides information to configure an operator to manage the OLM controllers + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: olm is a singleton, .metadata.name must be 'cluster' + rule: self.metadata.name == 'cluster' + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml new file mode 100644 index 000000000..b68cce4db --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml @@ -0,0 +1,323 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + backendQuotaGiB: + default: 8 + description: |- + backendQuotaGiB sets the etcd backend storage size limit in gibibytes. + The value should be an integer not less than 8 and not more than 32. + When not specified, the default value is 8. + format: int32 + maximum: 32 + minimum: 8 + type: integer + x-kubernetes-validations: + - message: etcd backendQuotaGiB may not be decreased + rule: self>=oldSelf + controlPlaneHardwareSpeed: + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." + enum: + - "" + - Standard + - Slower + type: string + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml new file mode 100644 index 000000000..ebe2486ef --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml @@ -0,0 +1,310 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + controlPlaneHardwareSpeed: + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." + enum: + - "" + - Standard + - Slower + type: string + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..bc49df765 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,323 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + backendQuotaGiB: + default: 8 + description: |- + backendQuotaGiB sets the etcd backend storage size limit in gibibytes. + The value should be an integer not less than 8 and not more than 32. + When not specified, the default value is 8. + format: int32 + maximum: 32 + minimum: 8 + type: integer + x-kubernetes-validations: + - message: etcd backendQuotaGiB may not be decreased + rule: self>=oldSelf + controlPlaneHardwareSpeed: + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." + enum: + - "" + - Standard + - Slower + type: string + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..8449c20a6 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,323 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + backendQuotaGiB: + default: 8 + description: |- + backendQuotaGiB sets the etcd backend storage size limit in gibibytes. + The value should be an integer not less than 8 and not more than 32. + When not specified, the default value is 8. + format: int32 + maximum: 32 + minimum: 8 + type: integer + x-kubernetes-validations: + - message: etcd backendQuotaGiB may not be decreased + rule: self>=oldSelf + controlPlaneHardwareSpeed: + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." + enum: + - "" + - Standard + - Slower + type: string + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml new file mode 100644 index 000000000..435a8a81e --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml @@ -0,0 +1,312 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: kubeapiservers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: KubeAPIServer + listKind: KubeAPIServerList + plural: kubeapiservers + singular: kubeapiserver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeAPIServer provides information to configure an operator to manage kube-apiserver. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes API Server + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Force)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Kubernetes + API Server + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + serviceAccountIssuers: + description: |- + serviceAccountIssuers tracks history of used service account issuers. + The item without expiration time represents the currently used service account issuer. + The other items represents service account issuers that were used previously and are still being trusted. + The default expiration for the items is set by the platform and it defaults to 24h. + see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection + items: + properties: + expirationTime: + description: |- + expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list + of service account issuers. + format: date-time + type: string + name: + description: name is the name of the service account issuer + type: string + type: object + type: array + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml new file mode 100644 index 000000000..7cd18e09b --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml @@ -0,0 +1,301 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: kubecontrollermanagers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: KubeControllerManager + listKind: KubeControllerManagerList + plural: kubecontrollermanagers + singular: kubecontrollermanager + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeControllerManager provides information to configure an operator to manage kube-controller-manager. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes Controller Manager + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Force)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMoreSecureServiceCA: + default: false + description: |- + useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only + enough certificates to validate service serving certificates. + Once set to true, it cannot be set to false. + Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will + only have the more secure content. + type: boolean + type: object + status: + description: status is the most recently observed status of the Kubernetes + Controller Manager + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml new file mode 100644 index 000000000..9654facc4 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml @@ -0,0 +1,292 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: kubeschedulers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: KubeScheduler + listKind: KubeSchedulerList + plural: kubeschedulers + singular: kubescheduler + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeScheduler provides information to configure an operator to manage scheduler. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes Scheduler + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Force)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Kubernetes + Scheduler + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml new file mode 100644 index 000000000..bb9b904fc --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml @@ -0,0 +1,213 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: openshiftapiservers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: OpenShiftAPIServer + listKind: OpenShiftAPIServerList + plural: openshiftapiservers + singular: openshiftapiserver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + OpenShift API Server. + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status defines the observed status of the OpenShift API Server. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml new file mode 100644 index 000000000..bf6c616af --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml @@ -0,0 +1,230 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/692 + api.openshift.io/merged-by-featuregates: "true" + capability.openshift.io/name: CloudCredential + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: cloudcredentials.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: CloudCredential + listKind: CloudCredentialList + plural: cloudcredentials + singular: cloudcredential + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + CloudCredential provides a means to configure an operator to manage CredentialsRequests. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CloudCredentialSpec is the specification of the desired behavior + of the cloud-credential-operator. + properties: + credentialsMode: + description: |- + CredentialsMode allows informing CCO that it should not attempt to dynamically + determine the root cloud credentials capabilities, and it should just run in + the specified mode. + It also allows putting the operator into "manual" mode if desired. + Leaving the field in default mode runs CCO so that the cluster's cloud credentials + will be dynamically probed for capabilities (on supported clouds/platforms). + Supported modes: + AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" + Others: Do not set value as other platforms only support running in "Passthrough" + enum: + - "" + - Manual + - Mint + - Passthrough + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: CloudCredentialStatus defines the observed status of the + cloud-credential-operator. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml new file mode 100644 index 000000000..30d1f9055 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml @@ -0,0 +1,208 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/503 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: kubestorageversionmigrators.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: KubeStorageVersionMigrator + listKind: KubeStorageVersionMigratorList + plural: kubestorageversionmigrators + singular: kubestorageversionmigrator + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml new file mode 100644 index 000000000..3fab2ff1f --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml @@ -0,0 +1,218 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: authentications.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Authentication + listKind: AuthenticationList + plural: authentications + singular: authentication + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Authentication provides information to configure an operator to manage authentication. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + oauthAPIServer: + description: OAuthAPIServer holds status specific only to oauth-apiserver + properties: + latestAvailableRevision: + description: |- + LatestAvailableRevision is the latest revision used as suffix of revisioned + secrets like encryption-config. A new revision causes a new deployment of pods. + format: int32 + minimum: 0 + type: integer + type: object + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml new file mode 100644 index 000000000..505332e4b --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml @@ -0,0 +1,953 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/486 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: consoles.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Console + listKind: ConsoleList + plural: consoles + singular: console + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Console provides a means to configure an operator to manage the console. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConsoleSpec is the specification of the desired behavior + of the Console. + properties: + customization: + description: |- + customization is used to optionally provide a small set of + customization options to the web console. + properties: + addPage: + description: addPage allows customizing actions on the Add page + in developer perspective. + properties: + disabledActions: + description: |- + disabledActions is a list of actions that are not shown to users. + Each action in the list is represented by its ID. + items: + type: string + minItems: 1 + type: array + type: object + brand: + description: |- + brand is the default branding of the web console which can be overridden by + providing the brand field. There is a limited set of specific brand options. + This field controls elements of the console such as the logo. + Invalid value will prevent a console rollout. + enum: + - openshift + - okd + - online + - ocp + - dedicated + - azure + - OpenShift + - OKD + - Online + - OCP + - Dedicated + - Azure + - ROSA + type: string + capabilities: + description: |- + capabilities defines an array of capabilities that can be interacted with in the console UI. + Each capability defines a visual state that can be interacted with the console to render in the UI. + Available capabilities are LightspeedButton and GettingStartedBanner. + Each of the available capabilities may appear only once in the list. + items: + description: Capabilities contains set of UI capabilities and + their state in the console UI. + properties: + name: + description: |- + name is the unique name of a capability. + Available capabilities are LightspeedButton and GettingStartedBanner. + enum: + - LightspeedButton + - GettingStartedBanner + type: string + visibility: + description: visibility defines the visibility state of + the capability. + properties: + state: + description: |- + state defines if the capability is enabled or disabled in the console UI. + Enabling the capability in the console UI is represented by the "Enabled" value. + Disabling the capability in the console UI is represented by the "Disabled" value. + enum: + - Enabled + - Disabled + type: string + required: + - state + type: object + required: + - name + - visibility + type: object + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + customLogoFile: + description: |- + customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a + ConfigMap in the openshift-config namespace. This can be created with a command like + 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. + Image size must be less than 1 MB due to constraints on the ConfigMap size. + The ConfigMap key should include a file extension so that the console serves the file + with the correct MIME type. + Recommended logo specifications: + Dimensions: Max height of 68px and max width of 200px + SVG format preferred + properties: + key: + description: Key allows pointing to a specific key/value inside + of the configmap. This is useful for logical file references. + type: string + name: + type: string + type: object + customProductName: + description: |- + customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog + instead of the normal OpenShift product name. + type: string + developerCatalog: + description: developerCatalog allows to configure the shown developer + catalog categories (filters) and types (sub-catalogs). + properties: + categories: + description: categories which are shown in the developer catalog. + items: + description: DeveloperConsoleCatalogCategory for the developer + console catalog. + properties: + id: + description: |- + ID is an identifier used in the URL to enable deep linking in console. + ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + maxLength: 32 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + type: string + label: + description: label defines a category display label. + It is required and must have 1-64 characters. + maxLength: 64 + minLength: 1 + type: string + subcategories: + description: subcategories defines a list of child categories. + items: + description: DeveloperConsoleCatalogCategoryMeta are + the key identifiers of a developer catalog category. + properties: + id: + description: |- + ID is an identifier used in the URL to enable deep linking in console. + ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + maxLength: 32 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + type: string + label: + description: label defines a category display + label. It is required and must have 1-64 characters. + maxLength: 64 + minLength: 1 + type: string + tags: + description: |- + tags is a list of strings that will match the category. A selected category + show all items which has at least one overlapping tag between category and item. + items: + type: string + type: array + required: + - id + - label + type: object + type: array + tags: + description: |- + tags is a list of strings that will match the category. A selected category + show all items which has at least one overlapping tag between category and item. + items: + type: string + type: array + required: + - id + - label + type: object + type: array + types: + description: |- + types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. + When omitted, all the sub-catalog types will be shown. + properties: + disabled: + description: |- + disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. + Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available + in the console on the cluster configuration page, or when editing the YAML in the console. + Example: "Devfile", "HelmChart", "BuilderImage" + If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden. + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + description: |- + enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. + Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available + in the console on the cluster configuration page, or when editing the YAML in the console. + Example: "Devfile", "HelmChart", "BuilderImage" + If the list is non-empty, a new type will not be shown to the user until it is added to list. + If the list is empty the complete developer catalog will be shown. + items: + type: string + type: array + x-kubernetes-list-type: set + state: + default: Enabled + description: state defines if a list of catalog types + should be enabled or disabled. + enum: + - Enabled + - Disabled + type: string + required: + - state + type: object + x-kubernetes-validations: + - message: enabled is forbidden when state is not Enabled + rule: 'self.state == ''Enabled'' ? true : !has(self.enabled)' + - message: disabled is forbidden when state is not Disabled + rule: 'self.state == ''Disabled'' ? true : !has(self.disabled)' + type: object + documentationBaseURL: + description: |- + documentationBaseURL links to external documentation are shown in various sections + of the web console. Providing documentationBaseURL will override the default + documentation URL. + Invalid value will prevent a console rollout. + pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ + type: string + perspectives: + description: perspectives allows enabling/disabling of perspective(s) + that user can see in the Perspective switcher dropdown. + items: + description: Perspective defines a perspective that cluster + admins want to show/hide in the perspective switcher dropdown + properties: + id: + description: |- + id defines the id of the perspective. + Example: "dev", "admin". + The available perspective ids can be found in the code snippet section next to the yaml editor. + Incorrect or unknown ids will be ignored. + type: string + pinnedResources: + description: |- + pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. + The list of available Kubernetes resources could be read via `kubectl api-resources`. + The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. + Incorrect or unknown resources will be ignored. + items: + description: PinnedResourceReference includes the group, + version and type of resource + properties: + group: + description: |- + group is the API Group of the Resource. + Enter empty string for the core group. + This value should consist of only lowercase alphanumeric characters, hyphens and periods. + Example: "", "apps", "build.openshift.io", etc. + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + resource: + description: |- + resource is the type that is being referenced. + It is normally the plural form of the resource kind in lowercase. + This value should consist of only lowercase alphanumeric characters and hyphens. + Example: "deployments", "deploymentconfigs", "pods", etc. + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + version: + description: |- + version is the API Version of the Resource. + This value should consist of only lowercase alphanumeric characters. + Example: "v1", "v1beta1", etc. + pattern: ^[a-z0-9]+$ + type: string + required: + - group + - resource + - version + type: object + maxItems: 100 + type: array + visibility: + description: visibility defines the state of perspective + along with access review checks if needed for that perspective. + properties: + accessReview: + description: accessReview defines required and missing + access review checks. + minProperties: 1 + properties: + missing: + description: missing defines a list of permission + checks. The perspective will only be shown when + at least one check fails. When omitted, the access + review is skipped and the perspective will not + be shown unless it is required to do so based + on the configuration of the required access review + list. + items: + description: ResourceAttributes includes the authorization + attributes available for resource requests to + the Authorizer interface + properties: + fieldSelector: + description: |- + fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a field selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + FieldSelectorRequirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the field selector + key that the requirement applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + The list of operators may grow in the future. + type: string + values: + description: |- + values is an array of string values. + If the operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values array must be empty. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + group: + description: Group is the API Group of the + Resource. "*" means all. + type: string + labelSelector: + description: |- + labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a label selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + name: + description: Name is the name of the resource + being requested for a "get" or deleted for + a "delete". "" (empty) means all. + type: string + namespace: + description: |- + Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces + "" (empty) is defaulted for LocalSubjectAccessReviews + "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + type: string + resource: + description: Resource is one of the existing + resource types. "*" means all. + type: string + subresource: + description: Subresource is one of the existing + resource types. "" means none. + type: string + verb: + description: 'Verb is a kubernetes resource + API verb, like: get, list, watch, create, + update, delete, proxy. "*" means all.' + type: string + version: + description: Version is the API Version of + the Resource. "*" means all. + type: string + type: object + type: array + required: + description: required defines a list of permission + checks. The perspective will only be shown when + all checks are successful. When omitted, the access + review is skipped and the perspective will not + be shown unless it is required to do so based + on the configuration of the missing access review + list. + items: + description: ResourceAttributes includes the authorization + attributes available for resource requests to + the Authorizer interface + properties: + fieldSelector: + description: |- + fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a field selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + FieldSelectorRequirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the field selector + key that the requirement applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + The list of operators may grow in the future. + type: string + values: + description: |- + values is an array of string values. + If the operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values array must be empty. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + group: + description: Group is the API Group of the + Resource. "*" means all. + type: string + labelSelector: + description: |- + labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a label selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + name: + description: Name is the name of the resource + being requested for a "get" or deleted for + a "delete". "" (empty) means all. + type: string + namespace: + description: |- + Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces + "" (empty) is defaulted for LocalSubjectAccessReviews + "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + type: string + resource: + description: Resource is one of the existing + resource types. "*" means all. + type: string + subresource: + description: Subresource is one of the existing + resource types. "" means none. + type: string + verb: + description: 'Verb is a kubernetes resource + API verb, like: get, list, watch, create, + update, delete, proxy. "*" means all.' + type: string + version: + description: Version is the API Version of + the Resource. "*" means all. + type: string + type: object + type: array + type: object + state: + description: state defines the perspective is enabled + or disabled or access review check is required. + enum: + - Enabled + - Disabled + - AccessReview + type: string + required: + - state + type: object + x-kubernetes-validations: + - message: accessReview configuration is required when state + is AccessReview, and forbidden otherwise + rule: 'self.state == ''AccessReview'' ? has(self.accessReview) + : !has(self.accessReview)' + required: + - id + - visibility + type: object + x-kubernetes-validations: + - message: pinnedResources is allowed only for dev and forbidden + for other perspectives + rule: 'has(self.id) && self.id != ''dev''? !has(self.pinnedResources) + : true' + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + projectAccess: + description: |- + projectAccess allows customizing the available list of ClusterRoles in the Developer perspective + Project access page which can be used by a project admin to specify roles to other users and + restrict access within the project. If set, the list will replace the default ClusterRole options. + properties: + availableClusterRoles: + description: |- + availableClusterRoles is the list of ClusterRole names that are assignable to users + through the project access tab. + items: + type: string + type: array + type: object + quickStarts: + description: quickStarts allows customization of available ConsoleQuickStart + resources in console. + properties: + disabled: + description: disabled is a list of ConsoleQuickStart resource + names that are not shown to users. + items: + type: string + type: array + type: object + type: object + ingress: + description: |- + ingress allows to configure the alternative ingress for the console. + This field is intended for clusters without ingress capability, + where access to routes is not possible. + properties: + clientDownloadsURL: + description: |- + clientDownloadsURL is a URL to be used as the address to download client binaries. + If not specified, the downloads route hostname will be used. + This field is required for clusters without ingress capability, + where access to routes is not possible. + The console operator will monitor the URL and may go degraded + if it's unreachable for an extended period. + Must use the HTTPS scheme. + maxLength: 1024 + type: string + x-kubernetes-validations: + - message: client downloads url must be a valid absolute URL + rule: size(self) == 0 || isURL(self) + - message: client downloads url scheme must be https + rule: size(self) == 0 || url(self).getScheme() == 'https' + consoleURL: + description: |- + consoleURL is a URL to be used as the base console address. + If not specified, the console route hostname will be used. + This field is required for clusters without ingress capability, + where access to routes is not possible. + Make sure that appropriate ingress is set up at this URL. + The console operator will monitor the URL and may go degraded + if it's unreachable for an extended period. + Must use the HTTPS scheme. + maxLength: 1024 + type: string + x-kubernetes-validations: + - message: console url must be a valid absolute URL + rule: size(self) == 0 || isURL(self) + - message: console url scheme must be https + rule: size(self) == 0 || url(self).getScheme() == 'https' + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + plugins: + description: plugins defines a list of enabled console plugin names. + items: + type: string + type: array + providers: + description: providers contains configuration for using specific service + providers. + properties: + statuspage: + description: statuspage contains ID for statuspage.io page that + provides status info about. + properties: + pageID: + description: pageID is the unique ID assigned by Statuspage + for your page. This must be a public page. + type: string + type: object + type: object + route: + description: |- + route contains hostname and secret reference that contains the serving certificate. + If a custom route is specified, a new route will be created with the + provided hostname, under which console will be available. + In case of custom hostname uses the default routing suffix of the cluster, + the Secret specification for a serving certificate will not be needed. + In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. + The default console route will be maintained to reserve the default hostname + for console if the custom route is removed. + If not specified, default route will be used. + DEPRECATED + properties: + hostname: + description: hostname is the desired custom domain under which + console will be available. + type: string + secret: + description: |- + secret points to secret in the openshift-config namespace that contains custom + certificate and key and needs to be created manually by the cluster admin. + Referenced Secret is required to contain following key value pairs: + - "tls.crt" - to specifies custom certificate + - "tls.key" - to specifies private key of the custom certificate + If the custom hostname uses the default routing suffix of the cluster, + the Secret specification for a serving certificate will not be needed. + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + required: + - name + type: object + type: object + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: ConsoleStatus defines the observed status of the Console. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml new file mode 100644 index 000000000..2524b5a84 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml @@ -0,0 +1,3174 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/616 + api.openshift.io/merged-by-featuregates: "true" + capability.openshift.io/name: Ingress + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: ingresscontrollers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: IngressController + listKind: IngressControllerList + plural: ingresscontrollers + singular: ingresscontroller + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + IngressController describes a managed ingress controller for the cluster. The + controller can service OpenShift Route and Kubernetes Ingress resources. + + When an IngressController is created, a new ingress controller deployment is + created to allow external traffic to reach the services that expose Ingress + or Route resources. Updating this resource may lead to disruption for public + facing network connections as a new ingress controller revision may be rolled + out. + + https://kubernetes.io/docs/concepts/services-networking/ingress-controllers + + Whenever possible, sensible defaults for the platform are used. See each + field for more details. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + IngressController. + properties: + clientTLS: + description: |- + clientTLS specifies settings for requesting and verifying client + certificates, which can be used to enable mutual TLS for + edge-terminated and reencrypt routes. + properties: + allowedSubjectPatterns: + description: |- + allowedSubjectPatterns specifies a list of regular expressions that + should be matched against the distinguished name on a valid client + certificate to filter requests. The regular expressions must use + PCRE syntax. If this list is empty, no filtering is performed. If + the list is nonempty, then at least one pattern must match a client + certificate's distinguished name or else the ingress controller + rejects the certificate and denies the connection. + items: + type: string + type: array + x-kubernetes-list-type: atomic + clientCA: + description: |- + clientCA specifies a configmap containing the PEM-encoded CA + certificate bundle that should be used to verify a client's + certificate. The administrator must create this configmap in the + openshift-config namespace. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + clientCertificatePolicy: + description: |- + clientCertificatePolicy specifies whether the ingress controller + requires clients to provide certificates. This field accepts the + values "Required" or "Optional". + + Note that the ingress controller only checks client certificates for + edge-terminated and reencrypt TLS routes; it cannot check + certificates for cleartext HTTP or passthrough TLS routes. + enum: + - "" + - Required + - Optional + type: string + required: + - clientCA + - clientCertificatePolicy + type: object + defaultCertificate: + description: |- + defaultCertificate is a reference to a secret containing the default + certificate served by the ingress controller. When Routes don't specify + their own certificate, defaultCertificate is used. + + The secret must contain the following keys and data: + + tls.crt: certificate file contents + tls.key: key file contents + + If unset, a wildcard certificate is automatically generated and used. The + certificate is valid for the ingress controller domain (and subdomains) and + the generated certificate's CA will be automatically integrated with the + cluster's trust store. + + If a wildcard certificate is used and shared by multiple + HTTP/2 enabled routes (which implies ALPN) then clients + (i.e., notably browsers) are at liberty to reuse open + connections. This means a client can reuse a connection to + another route and that is likely to fail. This behaviour is + generally known as connection coalescing. + + The in-use certificate (whether generated or user-specified) will be + automatically integrated with OpenShift's built-in OAuth server. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + domain: + description: |- + domain is a DNS name serviced by the ingress controller and is used to + configure multiple features: + + * For the LoadBalancerService endpoint publishing strategy, domain is + used to configure DNS records. See endpointPublishingStrategy. + + * When using a generated default certificate, the certificate will be valid + for domain and its subdomains. See defaultCertificate. + + * The value is published to individual Route statuses so that end-users + know where to target external DNS records. + + domain must be unique among all IngressControllers, and cannot be + updated. + + If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. + type: string + endpointPublishingStrategy: + description: |- + endpointPublishingStrategy is used to publish the ingress controller + endpoints to other networks, enable load balancer integrations, etc. + + If unset, the default is based on + infrastructure.config.openshift.io/cluster .status.platform: + + AWS: LoadBalancerService (with External scope) + Azure: LoadBalancerService (with External scope) + GCP: LoadBalancerService (with External scope) + IBMCloud: LoadBalancerService (with External scope) + AlibabaCloud: LoadBalancerService (with External scope) + Libvirt: HostNetwork + + Any other platform types (including None) default to HostNetwork. + + endpointPublishingStrategy cannot be updated. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + properties: + eipAllocations: + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. + A maximum of 10 EIP allocations are permitted. + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. + items: + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. + maxLength: 26 + minLength: 26 + type: string + x-kubernetes-validations: + - message: eipAllocations should start with + 'eipalloc-' + rule: self.startsWith('eipalloc-') + - message: eipAllocations must be 'eipalloc-' + followed by exactly 17 hexadecimal characters + (0-9, a-f, A-F) + rule: self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$') + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: eipAllocations cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == y)) + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + x-kubernetes-validations: + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids + self.subnets.names) + == size(self.eipAllocations) : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && !has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids) == size(self.eipAllocations) + : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.names) + && !has(self.subnets.ids) && has(self.eipAllocations) + ? size(self.subnets.names) == size(self.eipAllocations) + : true' + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: eipAllocations are forbidden when the scope is Internal. + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) + || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + httpCompression: + description: |- + httpCompression defines a policy for HTTP traffic compression. + By default, there is no HTTP compression. + properties: + mimeTypes: + description: |- + mimeTypes is a list of MIME types that should have compression applied. + This list can be empty, in which case the ingress controller does not apply compression. + + Note: Not all MIME types benefit from compression, but HAProxy will still use resources + to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) + formats benefit from compression, but formats that are already compressed (image, + audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing + again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 + items: + description: |- + CompressionMIMEType defines the format of a single MIME type. + E.g. "text/css; charset=utf-8", "text/html", "text/*", "image/svg+xml", + "application/octet-stream", "X-custom/customsub", etc. + + The format should follow the Content-Type definition in RFC 1341: + Content-Type := type "/" subtype *[";" parameter] + - The type in Content-Type can be one of: + application, audio, image, message, multipart, text, video, or a custom + type preceded by "X-" and followed by a token as defined below. + - The token is a string of at least one character, and not containing white + space, control characters, or any of the characters in the tspecials set. + - The tspecials set contains the characters ()<>@,;:\"/[]?.= + - The subtype in Content-Type is also a token. + - The optional parameter/s following the subtype are defined as: + token "=" (token / quoted-string) + - The quoted-string, as defined in RFC 822, is surrounded by double quotes + and can contain white space plus any character EXCEPT \, ", and CR. + It can also contain any single ASCII character as long as it is escaped by \. + pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ + type: string + type: array + x-kubernetes-list-type: set + type: object + httpEmptyRequestsPolicy: + default: Respond + description: |- + httpEmptyRequestsPolicy describes how HTTP connections should be + handled if the connection times out before a request is received. + Allowed values for this field are "Respond" and "Ignore". If the + field is set to "Respond", the ingress controller sends an HTTP 400 + or 408 response, logs the connection (if access logging is enabled), + and counts the connection in the appropriate metrics. If the field + is set to "Ignore", the ingress controller closes the connection + without sending a response, logging the connection, or incrementing + metrics. The default value is "Respond". + + Typically, these connections come from load balancers' health probes + or Web browsers' speculative connections ("preconnect") and can be + safely ignored. However, these requests may also be caused by + network errors, and so setting this field to "Ignore" may impede + detection and diagnosis of problems. In addition, these requests may + be caused by port scans, in which case logging empty requests may aid + in detecting intrusion attempts. + enum: + - Respond + - Ignore + type: string + httpErrorCodePages: + description: |- + httpErrorCodePages specifies a configmap with custom error pages. + The administrator must create this configmap in the openshift-config namespace. + This configmap should have keys in the format "error-page-.http", + where is an HTTP error code. + For example, "error-page-503.http" defines an error page for HTTP 503 responses. + Currently only error pages for 503 and 404 responses can be customized. + Each value in the configmap should be the full response, including HTTP headers. + Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http + If this field is empty, the ingress controller uses the default error pages. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + httpHeaders: + description: |- + httpHeaders defines policy for HTTP headers. + + If this field is empty, the default values are used. + properties: + actions: + description: |- + actions specifies options for modifying headers and their values. + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be modified for TLS passthrough + connections. + Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + Any actions defined here are applied after any actions related to the following other fields: + cache-control, spec.clientTLS, + spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + and spec.httpHeaders.headerNameCaseAdjustments. + In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + the actions specified in the IngressController's spec.httpHeaders.actions field. + In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + executed after the actions specified in the Route's spec.httpHeaders.actions field. + Headers set using this API cannot be captured for use in access logs. + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. Please refer to the documentation + for that API field for more details. + properties: + request: + description: |- + request is a list of HTTP request headers to modify. + Actions defined here will modify the request headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for request headers will be executed before Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 request header actions may be configured. + Sample fetchers allowed are "req.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are req.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: |- + response is a list of HTTP response headers to modify. + Actions defined here will modify the response headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for response headers will be executed after Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 response header actions may be configured. + Sample fetchers allowed are "res.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are res.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object + forwardedHeaderPolicy: + description: |- + forwardedHeaderPolicy specifies when and how the IngressController + sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version + HTTP headers. The value may be one of the following: + + * "Append", which specifies that the IngressController appends the + headers, preserving existing headers. + + * "Replace", which specifies that the IngressController sets the + headers, replacing any existing Forwarded or X-Forwarded-* headers. + + * "IfNone", which specifies that the IngressController sets the + headers if they are not already set. + + * "Never", which specifies that the IngressController never sets the + headers, preserving any existing headers. + + By default, the policy is "Append". + enum: + - Append + - Replace + - IfNone + - Never + type: string + headerNameCaseAdjustments: + description: |- + headerNameCaseAdjustments specifies case adjustments that can be + applied to HTTP header names. Each adjustment is specified as an + HTTP header name with the desired capitalization. For example, + specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + HTTP header should be adjusted to have the specified capitalization. + + These adjustments are only applied to cleartext, edge-terminated, and + re-encrypt routes, and only when using HTTP/1. + + For request headers, these adjustments are applied only for routes + that have the haproxy.router.openshift.io/h1-adjust-case=true + annotation. For response headers, these adjustments are applied to + all HTTP responses. + + If this field is empty, no request headers are adjusted. + items: + description: |- + IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header + (for example, "X-Forwarded-For") in the desired capitalization. The value + must be a valid HTTP header name as defined in RFC 2616 section 4.2. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + uniqueId: + description: |- + uniqueId describes configuration for a custom HTTP header that the + ingress controller should inject into incoming HTTP requests. + Typically, this header is configured to have a value that is unique + to the HTTP request. The header can be used by applications or + included in access logs to facilitate tracing individual HTTP + requests. + + If this field is empty, no such header is injected into requests. + properties: + format: + description: |- + format specifies the format for the injected HTTP header's value. + This field has no effect unless name is specified. For the + HAProxy-based ingress controller implementation, this format uses the + same syntax as the HTTP log format. If the field is empty, the + default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + corresponding HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + maxLength: 1024 + minLength: 0 + pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ + type: string + name: + description: |- + name specifies the name of the HTTP header (for example, "unique-id") + that the ingress controller should inject into HTTP requests. The + field's value must be a valid HTTP header name as defined in RFC 2616 + section 4.2. If the field is empty, no header is injected. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + type: object + type: object + logging: + description: |- + logging defines parameters for what should be logged where. If this + field is empty, operational logs are enabled but access logs are + disabled. + properties: + access: + description: |- + access describes how the client requests should be logged. + + If this field is empty, access logging is disabled. + properties: + destination: + description: destination is where access logs go. + properties: + container: + description: |- + container holds parameters for the Container logging destination. + Present only if type is Container. + properties: + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 8192, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 8192 + minimum: 480 + type: integer + type: object + syslog: + description: |- + syslog holds parameters for a syslog endpoint. Present only if + type is Syslog. + oneOf: + - properties: + address: + format: ipv4 + - properties: + address: + format: ipv6 + properties: + address: + description: |- + address is the IP address of the syslog endpoint that receives log + messages. + type: string + facility: + description: |- + facility specifies the syslog facility of log messages. + + If this field is empty, the facility is "local1". + enum: + - kern + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - auth2 + - ftp + - ntp + - audit + - alert + - cron2 + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + type: string + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 4096, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 4096 + minimum: 480 + type: integer + port: + description: |- + port is the UDP port number of the syslog endpoint that receives log + messages. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + type: + description: |- + type is the type of destination for logs. It must be one of the + following: + + * Container + + The ingress operator configures the sidecar container named "logs" on + the ingress controller pod and configures the ingress controller to + write logs to the sidecar. The logs are then available as container + logs. The expectation is that the administrator configures a custom + logging solution that reads logs from this sidecar. Note that using + container logs means that logs may be dropped if the rate of logs + exceeds the container runtime's or the custom logging solution's + capacity. + + * Syslog + + Logs are sent to a syslog endpoint. The administrator must specify + an endpoint that can receive syslog messages. The expectation is + that the administrator has configured a custom syslog instance. + enum: + - Container + - Syslog + type: string + required: + - type + type: object + httpCaptureCookies: + description: |- + httpCaptureCookies specifies HTTP cookies that should be captured in + access logs. If this field is empty, no cookies are captured. + items: + description: |- + IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be + captured. + properties: + matchType: + description: |- + matchType specifies the type of match to be performed on the cookie + name. Allowed values are "Exact" for an exact string match and + "Prefix" for a string prefix match. If "Exact" is specified, a name + must be specified in the name field. If "Prefix" is provided, a + prefix must be specified in the namePrefix field. For example, + specifying matchType "Prefix" and namePrefix "foo" will capture a + cookie named "foo" or "foobar" but not one named "bar". The first + matching cookie is captured. + enum: + - Exact + - Prefix + type: string + maxLength: + description: |- + maxLength specifies a maximum length of the string that will be + logged, which includes the cookie name, cookie value, and + one-character delimiter. If the log entry exceeds this length, the + value will be truncated in the log message. Note that the ingress + controller may impose a separate bound on the total length of HTTP + headers in a request. + maximum: 1024 + minimum: 1 + type: integer + name: + description: |- + name specifies a cookie name. Its value must be a valid HTTP cookie + name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + namePrefix: + description: |- + namePrefix specifies a cookie name prefix. Its value must be a valid + HTTP cookie name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + required: + - matchType + - maxLength + type: object + maxItems: 1 + nullable: true + type: array + x-kubernetes-list-type: atomic + httpCaptureHeaders: + description: |- + httpCaptureHeaders defines HTTP headers that should be captured in + access logs. If this field is empty, no headers are captured. + + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be captured for TLS passthrough + connections. + properties: + request: + description: |- + request specifies which HTTP request headers to capture. + + If this field is empty, no request headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + response: + description: |- + response specifies which HTTP response headers to capture. + + If this field is empty, no response headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + type: object + httpLogFormat: + description: |- + httpLogFormat specifies the format of the log message for an HTTP + request. + + If this field is empty, log messages use the implementation's default + HTTP log format. For HAProxy's default HTTP log format, see the + HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + + Note that this format only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). It does not affect the log format for TLS passthrough + connections. + type: string + logEmptyRequests: + default: Log + description: |- + logEmptyRequests specifies how connections on which no request is + received should be logged. Typically, these empty requests come from + load balancers' health probes or Web browsers' speculative + connections ("preconnect"), in which case logging these requests may + be undesirable. However, these requests may also be caused by + network errors, in which case logging empty requests may be useful + for diagnosing the errors. In addition, these requests may be caused + by port scans, in which case logging empty requests may aid in + detecting intrusion attempts. Allowed values for this field are + "Log" and "Ignore". The default value is "Log". + enum: + - Log + - Ignore + type: string + required: + - destination + type: object + type: object + namespaceSelector: + description: |- + namespaceSelector is used to filter the set of namespaces serviced by the + ingress controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodePlacement: + description: |- + nodePlacement enables explicit control over the scheduling of the ingress + controller. + + If unset, defaults are used. See NodePlacement for more details. + properties: + nodeSelector: + description: |- + nodeSelector is the node selector applied to ingress controller + deployments. + + If set, the specified selector is used and replaces the default. + + If unset, the default depends on the value of the defaultPlacement + field in the cluster config.openshift.io/v1/ingresses status. + + When defaultPlacement is Workers, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/worker: '' + + When defaultPlacement is ControlPlane, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/master: '' + + These defaults are subject to change. + + Note that using nodeSelector.matchExpressions is not supported. Only + nodeSelector.matchLabels may be used. This is a limitation of the + Kubernetes API: the pod spec does not allow complex expressions for + node selectors. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tolerations: + description: |- + tolerations is a list of tolerations applied to ingress controller + deployments. + + The default is an empty list. + + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + replicas: + description: |- + replicas is the desired number of ingress controller replicas. If unset, + the default depends on the value of the defaultPlacement field in the + cluster config.openshift.io/v1/ingresses status. + + The value of replicas is set based on the value of a chosen field in the + Infrastructure CR. If defaultPlacement is set to ControlPlane, the + chosen field will be controlPlaneTopology. If it is set to Workers the + chosen field will be infrastructureTopology. Replicas will then be set to 1 + or 2 based whether the chosen field's value is SingleReplica or + HighlyAvailable, respectively. + + These defaults are subject to change. + format: int32 + type: integer + routeAdmission: + description: |- + routeAdmission defines a policy for handling new route claims (for example, + to allow or deny claims across namespaces). + + If empty, defaults will be applied. See specific routeAdmission fields + for details about their defaults. + properties: + namespaceOwnership: + description: |- + namespaceOwnership describes how host name claims across namespaces should + be handled. + + Value must be one of: + + - Strict: Do not allow routes in different namespaces to claim the same host. + + - InterNamespaceAllowed: Allow routes to claim different paths of the same + host name across namespaces. + + If empty, the default is Strict. + enum: + - InterNamespaceAllowed + - Strict + type: string + wildcardPolicy: + description: |- + wildcardPolicy describes how routes with wildcard policies should + be handled for the ingress controller. WildcardPolicy controls use + of routes [1] exposed by the ingress controller based on the route's + wildcard policy. + + [1] https://github.com/openshift/api/blob/master/route/v1/types.go + + Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain to stop + working. These routes must be updated to a wildcard policy of None to be + readmitted by the ingress controller. + + WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + + If empty, defaults to "WildcardsDisallowed". + enum: + - WildcardsAllowed + - WildcardsDisallowed + type: string + type: object + routeSelector: + description: |- + routeSelector is used to filter the set of Routes serviced by the ingress + controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. + + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + + Note that when using the Old, Intermediate, and Modern profile types, the effective + profile configuration is subject to change between releases. For example, given + a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade + to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress + controller, resulting in a rollout. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. An example custom profile + looks like this: + + ciphers: + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + minTLSVersion: VersionTLS11 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + minTLSVersion: VersionTLS12 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + minTLSVersion: VersionTLS13 + nullable: true + type: object + old: + description: |- + old is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + - DHE-RSA-CHACHA20-POLY1305 + + - ECDHE-ECDSA-AES128-SHA256 + + - ECDHE-RSA-AES128-SHA256 + + - ECDHE-ECDSA-AES128-SHA + + - ECDHE-RSA-AES128-SHA + + - ECDHE-ECDSA-AES256-SHA384 + + - ECDHE-RSA-AES256-SHA384 + + - ECDHE-ECDSA-AES256-SHA + + - ECDHE-RSA-AES256-SHA + + - DHE-RSA-AES128-SHA256 + + - DHE-RSA-AES256-SHA256 + + - AES128-GCM-SHA256 + + - AES256-GCM-SHA384 + + - AES128-SHA256 + + - AES256-SHA256 + + - AES128-SHA + + - AES256-SHA + + - DES-CBC3-SHA + + minTLSVersion: VersionTLS10 + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides + the ability to specify individual TLS security profile parameters. + Old, Intermediate and Modern are TLS security profiles based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + + The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + reduced. + + Note that the Modern profile is currently not supported because it is not + yet well adopted by common software libraries. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + tuningOptions: + anyOf: + - properties: + maxConnections: + enum: + - -1 + - 0 + - properties: + maxConnections: + format: int32 + maximum: 2000000 + minimum: 2000 + description: |- + tuningOptions defines parameters for adjusting the performance of + ingress controller pods. All fields are optional and will use their + respective defaults if not set. See specific tuningOptions fields for + more details. + + Setting fields within tuningOptions is generally not recommended. The + default values are suitable for most configurations. + properties: + clientFinTimeout: + description: |- + clientFinTimeout defines how long a connection will be held open while + waiting for the client response to the server/backend closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + clientTimeout: + description: |- + clientTimeout defines how long a connection will be held open while + waiting for a client response. + + If unset, the default timeout is 30s + format: duration + type: string + connectTimeout: + description: |- + ConnectTimeout defines the maximum time to wait for + a connection attempt to a server/backend to succeed. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 5s. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + headerBufferBytes: + description: |- + headerBufferBytes describes how much memory should be reserved + (in bytes) for IngressController connection sessions. + Note that this value must be at least 16384 if HTTP/2 is + enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + If this field is empty, the IngressController will use a default value + of 32768 bytes. + + Setting this field is generally not recommended as headerBufferBytes + values that are too small may break the IngressController and + headerBufferBytes values that are too large could cause the + IngressController to use significantly more memory than necessary. + format: int32 + minimum: 16384 + type: integer + headerBufferMaxRewriteBytes: + description: |- + headerBufferMaxRewriteBytes describes how much memory should be reserved + (in bytes) from headerBufferBytes for HTTP header rewriting + and appending for IngressController connection sessions. + Note that incoming HTTP requests will be limited to + (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning + headerBufferBytes must be greater than headerBufferMaxRewriteBytes. + If this field is empty, the IngressController will use a default value + of 8192 bytes. + + Setting this field is generally not recommended as + headerBufferMaxRewriteBytes values that are too small may break the + IngressController and headerBufferMaxRewriteBytes values that are too + large could cause the IngressController to use significantly more memory + than necessary. + format: int32 + minimum: 4096 + type: integer + healthCheckInterval: + description: |- + healthCheckInterval defines how long the router waits between two consecutive + health checks on its configured backends. This value is applied globally as + a default for all routes, but may be overridden per-route by the route annotation + "router.openshift.io/haproxy.health.check.interval". + + Expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Setting this to less than 5s can cause excess traffic due to too frequent + TCP health checks and accompanying SYN packet storms. Alternatively, setting + this too high can result in increased latency, due to backend servers that are no + longer available, but haven't yet been detected as such. + + An empty or zero healthCheckInterval means no opinion and IngressController chooses + a default, which is subject to change over time. + Currently the default healthCheckInterval value is 5s. + + Currently the minimum allowed value is 1s and the maximum allowed value is + 2147483647ms (24.85 days). Both are subject to change over time. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + maxConnections: + description: |- + maxConnections defines the maximum number of simultaneous + connections that can be established per HAProxy process. + Increasing this value allows each ingress controller pod to + handle more connections but at the cost of additional + system resources being consumed. + + Permitted values are: empty, 0, -1, and the range + 2000-2000000. + + If this field is empty or 0, the IngressController will use + the default value of 50000, but the default is subject to + change in future releases. + + If the value is -1 then HAProxy will dynamically compute a + maximum value based on the available ulimits in the running + container. Selecting -1 (i.e., auto) will result in a large + value being computed (~520000 on OpenShift >=4.10 clusters) + and therefore each HAProxy process will incur significant + memory usage compared to the current default of 50000. + + Setting a value that is greater than the current operating + system limit will prevent the HAProxy process from + starting. + + If you choose a discrete value (e.g., 750000) and the + router pod is migrated to a new node, there's no guarantee + that that new node has identical ulimits configured. In + such a scenario the pod would fail to start. If you have + nodes with different ulimits configured (e.g., different + tuned profiles) and you choose a discrete value then the + guidance is to use -1 and let the value be computed + dynamically at runtime. + + You can monitor memory usage for router containers with the + following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. + + You can monitor memory usage of individual HAProxy + processes in router containers with the following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. + format: int32 + type: integer + reloadInterval: + description: |- + reloadInterval defines the minimum interval at which the router is allowed to reload + to accept new changes. Increasing this value can prevent the accumulation of + HAProxy processes, depending on the scenario. Increasing this interval can + also lessen load imbalance on a backend's servers when using the roundrobin + balancing algorithm. Alternatively, decreasing this value may decrease latency + since updates to HAProxy's configuration can take effect more quickly. + + The value must be a time duration value; see . + Currently, the minimum value allowed is 1s, and the maximum allowed value is + 120s. Minimum and maximum allowed values may change in future versions of OpenShift. + Note that if a duration outside of these bounds is provided, the value of reloadInterval + will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to + 120s; the IngressController will not reject and replace this disallowed value with + the default). + + A zero value for reloadInterval tells the IngressController to choose the default, + which is currently 5s and subject to change without notice. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Note: Setting a value significantly larger than the default of 5s can cause latency + in observing updates to routes and their endpoints. HAProxy's configuration will + be reloaded less frequently, and newly created routes will not be served until the + subsequent reload. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + serverFinTimeout: + description: |- + serverFinTimeout defines how long a connection will be held open while + waiting for the server/backend response to the client closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + serverTimeout: + description: |- + serverTimeout defines how long a connection will be held open while + waiting for a server/backend response. + + If unset, the default timeout is 30s + format: duration + type: string + threadCount: + description: |- + threadCount defines the number of threads created per HAProxy process. + Creating more threads allows each ingress controller pod to handle more + connections, at the cost of more system resources being used. HAProxy + currently supports up to 64 threads. If this field is empty, the + IngressController will use the default value. The current default is 4 + threads, but this may change in future releases. + + Setting this field is generally not recommended. Increasing the number + of HAProxy threads allows ingress controller pods to utilize more CPU + time under load, potentially starving other pods if set too high. + Reducing the number of threads may cause the ingress controller to + perform poorly. + format: int32 + maximum: 64 + minimum: 1 + type: integer + tlsInspectDelay: + description: |- + tlsInspectDelay defines how long the router can hold data to find a + matching route. + + Setting this too short can cause the router to fall back to the default + certificate for edge-terminated or reencrypt routes even when a better + matching certificate could be used. + + If unset, the default inspect delay is 5s + format: duration + type: string + tunnelTimeout: + description: |- + tunnelTimeout defines how long a tunnel connection (including + websockets) will be held open while the tunnel is idle. + + If unset, the default timeout is 1h + format: duration + type: string + type: object + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides allows specifying unsupported + configuration options. Its use is unsupported. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the IngressController. + properties: + availableReplicas: + description: |- + availableReplicas is number of observed available replicas according to the + ingress controller deployment. + format: int32 + type: integer + conditions: + description: |- + conditions is a list of conditions and their status. + + Available means the ingress controller deployment is available and + servicing route and ingress resources (i.e, .status.availableReplicas + equals .spec.replicas) + + There are additional conditions which indicate the status of other + ingress controller features and capabilities. + + * LoadBalancerManaged + - True if the following conditions are met: + * The endpoint publishing strategy requires a service load balancer. + - False if any of those conditions are unsatisfied. + + * LoadBalancerReady + - True if the following conditions are met: + * A load balancer is managed. + * The load balancer is ready. + - False if any of those conditions are unsatisfied. + + * DNSManaged + - True if the following conditions are met: + * The endpoint publishing strategy and platform support DNS. + * The ingress controller domain is set. + * dns.config.openshift.io/cluster configures DNS zones. + - False if any of those conditions are unsatisfied. + + * DNSReady + - True if the following conditions are met: + * DNS is managed. + * DNS records have been successfully created. + - False if any of those conditions are unsatisfied. + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + domain: + description: domain is the actual domain in use. + type: string + endpointPublishingStrategy: + description: endpointPublishingStrategy is the actual strategy in + use. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + properties: + eipAllocations: + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. + A maximum of 10 EIP allocations are permitted. + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. + items: + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. + maxLength: 26 + minLength: 26 + type: string + x-kubernetes-validations: + - message: eipAllocations should start with + 'eipalloc-' + rule: self.startsWith('eipalloc-') + - message: eipAllocations must be 'eipalloc-' + followed by exactly 17 hexadecimal characters + (0-9, a-f, A-F) + rule: self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$') + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: eipAllocations cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == y)) + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + x-kubernetes-validations: + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids + self.subnets.names) + == size(self.eipAllocations) : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && !has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids) == size(self.eipAllocations) + : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.names) + && !has(self.subnets.ids) && has(self.eipAllocations) + ? size(self.subnets.names) == size(self.eipAllocations) + : true' + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: eipAllocations are forbidden when the scope is Internal. + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) + || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + namespaceSelector: + description: namespaceSelector is the actual namespaceSelector in + use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: observedGeneration is the most recent generation observed. + format: int64 + type: integer + routeSelector: + description: routeSelector is the actual routeSelector in use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector, in string format, for ingress controller pods + corresponding to the IngressController. The number of matching pods should + equal the value of availableReplicas. + type: string + tlsProfile: + description: tlsProfile is the TLS connection configuration that is + in effect. + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.availableReplicas + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml new file mode 100644 index 000000000..b7ce165e3 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml @@ -0,0 +1,379 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1237 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: insightsoperators.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: InsightsOperator + listKind: InsightsOperatorList + plural: insightsoperators + singular: insightsoperator + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + InsightsOperator holds cluster-wide information about the Insights Operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Insights. + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Insights + operator. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + gatherStatus: + description: |- + gatherStatus provides basic information about the last Insights data gathering. + When omitted, this means no data gathering has taken place yet. + properties: + gatherers: + description: gatherers is a list of active gatherers (and their + statuses) in the last gathering. + items: + description: |- + gathererStatus represents information about a particular + data gatherer. + properties: + conditions: + description: conditions provide details on the status of + each gatherer. + items: + description: Condition contains details for one aspect + of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, + False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in + foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + minItems: 1 + type: array + x-kubernetes-list-type: atomic + lastGatherDuration: + description: lastGatherDuration represents the time spent + gathering. + pattern: ^([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + name: + description: name is the name of the gatherer. + maxLength: 256 + minLength: 5 + type: string + required: + - conditions + - lastGatherDuration + - name + type: object + type: array + x-kubernetes-list-type: atomic + lastGatherDuration: + description: |- + lastGatherDuration is the total time taken to process + all gatherers during the last gather event. + pattern: ^0|([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + lastGatherTime: + description: |- + lastGatherTime is the last time when Insights data gathering finished. + An empty value means that no data has been gathered yet. + format: date-time + type: string + type: object + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + insightsReport: + description: |- + insightsReport provides general Insights analysis results. + When omitted, this means no data gathering has taken place yet. + properties: + downloadedAt: + description: |- + downloadedAt is the time when the last Insights report was downloaded. + An empty value means that there has not been any Insights report downloaded yet and + it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled). + format: date-time + type: string + healthChecks: + description: |- + healthChecks provides basic information about active Insights health checks + in a cluster. + items: + description: healthCheck represents an Insights health check + attributes. + properties: + advisorURI: + description: advisorURI provides the URL link to the Insights + Advisor. + pattern: ^https:\/\/\S+ + type: string + description: + description: description provides basic description of the + healtcheck. + maxLength: 2048 + minLength: 10 + type: string + state: + description: |- + state determines what the current state of the health check is. + Health check is enabled by default and can be disabled + by the user in the Insights advisor user interface. + enum: + - Enabled + - Disabled + type: string + totalRisk: + description: |- + totalRisk of the healthcheck. Indicator of the total risk posed + by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, + and the higher the number, the more important the issue. + format: int32 + maximum: 4 + minimum: 1 + type: integer + required: + - advisorURI + - description + - state + - totalRisk + type: object + type: array + x-kubernetes-list-type: atomic + type: object + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.availableReplicas + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml new file mode 100644 index 000000000..d6dabdda0 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml @@ -0,0 +1,210 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: openshiftcontrollermanagers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: OpenShiftControllerManager + listKind: OpenShiftControllerManagerList + plural: openshiftcontrollermanagers + singular: openshiftcontrollermanager + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml new file mode 100644 index 000000000..16fba0d6d --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml @@ -0,0 +1,211 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: servicecas.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: ServiceCA + listKind: ServiceCAList + plural: servicecas + singular: serviceca + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ServiceCA provides information to configure an operator to manage the service cert controllers + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml new file mode 100644 index 000000000..e0f841881 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml @@ -0,0 +1,227 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/670 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: storages.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Storage + listKind: StorageList + plural: storages + singular: storage + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + vsphereStorageDriver: + description: |- + VSphereStorageDriver indicates the storage driver to use on VSphere clusters. + Once this field is set to CSIWithMigrationDriver, it can not be changed. + If this is empty, the platform will choose a good default, + which may change over time without notice. + The current default is CSIWithMigrationDriver and may not be changed. + DEPRECATED: This field will be removed in a future release. + enum: + - "" + - LegacyDeprecatedInTreeDriver + - CSIWithMigrationDriver + type: string + x-kubernetes-validations: + - message: VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver + rule: self != "LegacyDeprecatedInTreeDriver" + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml new file mode 100644 index 000000000..7d2acd004 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml @@ -0,0 +1,614 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: dnses.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + DNS manages the CoreDNS component to provide a name resolution service + for pods and services in the cluster. + + This supports the DNS-based service discovery specification: + https://github.com/kubernetes/dns/blob/master/docs/specification.md + + More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + DNS. + properties: + cache: + description: |- + cache describes the caching configuration that applies to all server blocks listed in the Corefile. + This field allows a cluster admin to optionally configure: + * positiveTTL which is a duration for which positive responses should be cached. + * negativeTTL which is a duration for which negative responses should be cached. + If this is not configured, OpenShift will configure positive and negative caching with a default value that is + subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is + 30 seconds or as noted in the respective Corefile for your version of OpenShift. + properties: + negativeTTL: + description: |- + negativeTTL is optional and specifies the amount of time that a negative response should be cached. + + If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This + field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, + e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. + If the configured value is less than 1s, the default value will be used. + If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted + otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject + to change. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + positiveTTL: + description: |- + positiveTTL is optional and specifies the amount of time that a positive response should be cached. + + If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This + field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, + e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. + If the configured value is less than 1s, the default value will be used. + If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted + otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject + to change. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + type: object + logLevel: + default: Normal + description: |- + logLevel describes the desired logging verbosity for CoreDNS. + Any one of the following values may be specified: + * Normal logs errors from upstream resolvers. + * Debug logs errors, NXDOMAIN responses, and NODATA responses. + * Trace logs errors and all responses. + Setting logLevel: Trace will produce extremely verbose logs. + Valid values are: "Normal", "Debug", "Trace". + Defaults to "Normal". + enum: + - Normal + - Debug + - Trace + type: string + managementState: + description: |- + managementState indicates whether the DNS operator should manage cluster + DNS + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + nodePlacement: + description: |- + nodePlacement provides explicit control over the scheduling of DNS + pods. + + Generally, it is useful to run a DNS pod on every node so that DNS + queries are always handled by a local DNS pod instead of going over + the network to a DNS pod on another node. However, security policies + may require restricting the placement of DNS pods to specific nodes. + For example, if a security policy prohibits pods on arbitrary nodes + from communicating with the API, a node selector can be specified to + restrict DNS pods to nodes that are permitted to communicate with the + API. Conversely, if running DNS pods on nodes with a particular + taint is desired, a toleration can be specified for that taint. + + If unset, defaults are used. See nodePlacement for more details. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to DNS pods. + + If empty, the default is used, which is currently the following: + + kubernetes.io/os: linux + + This default is subject to change. + + If set, the specified selector is used and replaces the default. + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to DNS pods. + + If empty, the DNS operator sets a toleration for the + "node-role.kubernetes.io/master" taint. This default is subject to + change. Specifying tolerations without including a toleration for + the "node-role.kubernetes.io/master" taint may be risky as it could + lead to an outage if all worker nodes become unavailable. + + Note that the daemon controller adds some tolerations as well. See + https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel controls the logging level of the DNS Operator. + Valid values are: "Normal", "Debug", "Trace". + Defaults to "Normal". + setting operatorLogLevel: Trace will produce extremely verbose logs. + enum: + - Normal + - Debug + - Trace + type: string + servers: + description: |- + servers is a list of DNS resolvers that provide name query delegation for one or + more subdomains outside the scope of the cluster domain. If servers consists of + more than one Server, longest suffix match will be used to determine the Server. + + For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", + and the name query is for "www.a.foo.com", it will be routed to the Server with Zone + "a.foo.com". + + If this field is nil, no servers are created. + items: + description: Server defines the schema for a server that runs per + instance of CoreDNS. + properties: + forwardPlugin: + description: |- + forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages + to upstream resolvers. + properties: + policy: + default: Random + description: |- + policy is used to determine the order in which upstream servers are selected for querying. + Any one of the following values may be specified: + + * "Random" picks a random upstream server for each query. + * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. + * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + + The default value is "Random" + enum: + - Random + - RoundRobin + - Sequential + type: string + protocolStrategy: + description: |- + protocolStrategy specifies the protocol to use for upstream DNS + requests. + Valid values for protocolStrategy are "TCP" and omitted. + When omitted, this means no opinion and the platform is left to choose + a reasonable default, which is subject to change over time. + The current default is to use the protocol of the original client request. + "TCP" specifies that the platform should use TCP for all upstream DNS requests, + even if the client request uses UDP. + "TCP" is useful for UDP-specific issues such as those created by + non-compliant upstream resolvers, but may consume more bandwidth or + increase DNS response time. Note that protocolStrategy only affects + the protocol of DNS requests that CoreDNS makes to upstream resolvers. + It does not affect the protocol of DNS requests between clients and + CoreDNS. + enum: + - TCP + - "" + type: string + transportConfig: + description: |- + transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use + when forwarding DNS requests to an upstream resolver. + + The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS + requests to an upstream resolver. + properties: + tls: + description: tls contains the additional configuration + options to use when Transport is set to "TLS". + properties: + caBundle: + description: |- + caBundle references a ConfigMap that must contain either a single + CA Certificate or a CA Bundle. This allows cluster administrators to provide their + own CA or CA bundle for validating the certificate of upstream resolvers. + + 1. The configmap must contain a `ca-bundle.crt` key. + 2. The value must be a PEM encoded CA certificate or CA bundle. + 3. The administrator must create this configmap in the openshift-config namespace. + 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. + properties: + name: + description: name is the metadata.name of the + referenced config map + type: string + required: + - name + type: object + serverName: + description: |- + serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is + set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the + TLS certificate installed in the upstream resolver(s). + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - serverName + type: object + transport: + description: |- + transport allows cluster administrators to opt-in to using a DNS-over-TLS + connection between cluster DNS and an upstream resolver(s). Configuring + TLS as the transport at this level without configuring a CABundle will + result in the system certificates being used to verify the serving + certificate of the upstream resolver(s). + + Possible values: + "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject + to change over time. The current default is "Cleartext". + "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality + as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, + or wants to switch from "TLS" to "Cleartext" explicitly. + "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, + you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default + per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. + enum: + - TLS + - Cleartext + - "" + type: string + type: object + upstreams: + description: |- + upstreams is a list of resolvers to forward name queries for subdomains of Zones. + Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream + returns an error during the exchange, another resolver is tried from Upstreams. The + Upstreams are selected in the order specified in Policy. Each upstream is represented + by an IP address or IP:port if the upstream listens on a port other than 53. + + A maximum of 15 upstreams is allowed per ForwardPlugin. + items: + type: string + maxItems: 15 + type: array + type: object + name: + description: |- + name is required and specifies a unique name for the server. Name must comply + with the Service Name Syntax of rfc6335. + type: string + zones: + description: |- + zones is required and specifies the subdomains that Server is authoritative for. + Zones must conform to the rfc1123 definition of a subdomain. Specifying the + cluster domain (i.e., "cluster.local") is invalid. + items: + type: string + type: array + type: object + type: array + upstreamResolvers: + default: {} + description: |- + upstreamResolvers defines a schema for configuring CoreDNS + to proxy DNS messages to upstream resolvers for the case of the + default (".") server + + If this field is not specified, the upstream used will default to + /etc/resolv.conf, with policy "sequential" + properties: + policy: + default: Sequential + description: |- + Policy is used to determine the order in which upstream servers are selected for querying. + Any one of the following values may be specified: + + * "Random" picks a random upstream server for each query. + * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. + * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + + The default value is "Sequential" + enum: + - Random + - RoundRobin + - Sequential + type: string + protocolStrategy: + description: |- + protocolStrategy specifies the protocol to use for upstream DNS + requests. + Valid values for protocolStrategy are "TCP" and omitted. + When omitted, this means no opinion and the platform is left to choose + a reasonable default, which is subject to change over time. + The current default is to use the protocol of the original client request. + "TCP" specifies that the platform should use TCP for all upstream DNS requests, + even if the client request uses UDP. + "TCP" is useful for UDP-specific issues such as those created by + non-compliant upstream resolvers, but may consume more bandwidth or + increase DNS response time. Note that protocolStrategy only affects + the protocol of DNS requests that CoreDNS makes to upstream resolvers. + It does not affect the protocol of DNS requests between clients and + CoreDNS. + enum: + - TCP + - "" + type: string + transportConfig: + description: |- + transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use + when forwarding DNS requests to an upstream resolver. + + The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS + requests to an upstream resolver. + properties: + tls: + description: tls contains the additional configuration options + to use when Transport is set to "TLS". + properties: + caBundle: + description: |- + caBundle references a ConfigMap that must contain either a single + CA Certificate or a CA Bundle. This allows cluster administrators to provide their + own CA or CA bundle for validating the certificate of upstream resolvers. + + 1. The configmap must contain a `ca-bundle.crt` key. + 2. The value must be a PEM encoded CA certificate or CA bundle. + 3. The administrator must create this configmap in the openshift-config namespace. + 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + serverName: + description: |- + serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is + set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the + TLS certificate installed in the upstream resolver(s). + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - serverName + type: object + transport: + description: |- + transport allows cluster administrators to opt-in to using a DNS-over-TLS + connection between cluster DNS and an upstream resolver(s). Configuring + TLS as the transport at this level without configuring a CABundle will + result in the system certificates being used to verify the serving + certificate of the upstream resolver(s). + + Possible values: + "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject + to change over time. The current default is "Cleartext". + "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality + as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, + or wants to switch from "TLS" to "Cleartext" explicitly. + "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, + you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default + per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. + enum: + - TLS + - Cleartext + - "" + type: string + type: object + upstreams: + default: + - type: SystemResolvConf + description: |- + Upstreams is a list of resolvers to forward name queries for the "." domain. + Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream + returns an error during the exchange, another resolver is tried from Upstreams. The + Upstreams are selected in the order specified in Policy. + + A maximum of 15 upstreams is allowed per ForwardPlugin. + If no Upstreams are specified, /etc/resolv.conf is used by default + items: + anyOf: + - not: + required: + - address + - port + properties: + type: + enum: + - "" + - SystemResolvConf + - optional: + - port + properties: + type: + enum: + - Network + required: + - address + description: |- + Upstream can either be of type SystemResolvConf, or of type Network. + + - For an Upstream of type SystemResolvConf, no further fields are necessary: + The upstream will be configured to use /etc/resolv.conf. + - For an Upstream of type Network, a NetworkResolver field needs to be defined + with an IP address or IP:port if the upstream listens on a port other than 53. + properties: + address: + anyOf: + - format: ipv4 + - format: ipv6 + description: |- + Address must be defined when Type is set to Network. It will be ignored otherwise. + It must be a valid ipv4 or ipv6 address. + type: string + port: + default: 53 + description: |- + Port may be defined when Type is set to Network. It will be ignored otherwise. + Port must be between 65535 + format: int32 + maximum: 65535 + minimum: 1 + type: integer + type: + description: |- + Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. + Type accepts 2 possible values: SystemResolvConf or Network. + + * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: + /etc/resolv.conf will be used + * When Network is used, the Upstream structure must contain at least an Address + enum: + - SystemResolvConf + - Network + - "" + type: string + required: + - type + type: object + maxItems: 15 + type: array + type: object + type: object + status: + description: status is the most recently observed status of the DNS. + properties: + clusterDomain: + description: |- + clusterDomain is the local cluster DNS domain suffix for DNS services. + This will be a subdomain as defined in RFC 1034, + section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 + Example: "cluster.local" + + More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service + type: string + clusterIP: + description: |- + clusterIP is the service IP through which this DNS is made available. + + In the case of the default DNS, this will be a well known IP that is used + as the default nameserver for pods that are using the default ClusterFirst DNS policy. + + In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list + or used explicitly when performing name resolution from within the cluster. + Example: dig foo.com @ + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + conditions: + description: |- + conditions provide information about the state of the DNS on the cluster. + + These are the supported DNS conditions: + + * Available + - True if the following conditions are met: + * DNS controller daemonset is available. + - False if any of those conditions are unsatisfied. + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + required: + - clusterDomain + - clusterIP + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml new file mode 100644 index 000000000..146c68405 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml @@ -0,0 +1,1025 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml new file mode 100644 index 000000000..3f150defe --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml @@ -0,0 +1,969 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..fd0679763 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1025 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..e55b94afc --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1025 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml new file mode 100644 index 000000000..a166e4c3a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml @@ -0,0 +1,211 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/562 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: csisnapshotcontrollers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: CSISnapshotController + listKind: CSISnapshotControllerList + plural: csisnapshotcontrollers + singular: csisnapshotcontroller + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations.crd.yaml new file mode 100644 index 000000000..073cb45f3 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations.crd.yaml @@ -0,0 +1,1119 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: machineconfigurations.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: MachineConfiguration + listKind: MachineConfigurationList + plural: machineconfigurations + singular: machineconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + MachineConfiguration provides information to configure an operator to manage Machine Configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Machine Config Operator + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managedBootImages: + description: |- + managedBootImages allows configuration for the management of boot images for machine + resources within the cluster. This configuration allows users to select resources that should + be updated to the latest boot images during cluster upgrades, ensuring that new machines + always boot with the current cluster version's boot image. When omitted, no boot images + will be updated. + properties: + machineManagers: + description: |- + machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator + will watch for changes to this list. Only one entry is permitted per type of machine management resource. + items: + description: |- + MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information + such as the resource type and the API Group of the resource. It also provides granular control via the selection field. + properties: + apiGroup: + description: |- + apiGroup is name of the APIGroup that the machine management resource belongs to. + The only current valid value is machine.openshift.io. + machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group. + enum: + - machine.openshift.io + type: string + resource: + description: |- + resource is the machine management resource's type. + The only current valid value is machinesets. + machinesets means that the machine manager will only register resources of the kind MachineSet. + enum: + - machinesets + type: string + selection: + description: selection allows granular control of the machine + management resources that will be registered for boot + image updates. + properties: + mode: + description: |- + mode determines how machine managers will be selected for updates. + Valid values are All and Partial. + All means that every resource matched by the machine manager will be updated. + Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. + enum: + - All + - Partial + type: string + partial: + description: |- + partial provides label selector(s) that can be used to match machine management resources. + Only permitted when mode is set to "Partial". + properties: + machineResourceSelector: + description: machineResourceSelector is a label + selector that can be used to select machine resources + like MachineSets. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - machineResourceSelector + type: object + required: + - mode + type: object + x-kubernetes-validations: + - message: Partial is required when type is partial, and + forbidden otherwise + rule: 'has(self.mode) && self.mode == ''Partial'' ? has(self.partial) + : !has(self.partial)' + required: + - apiGroup + - resource + - selection + type: object + type: array + x-kubernetes-list-map-keys: + - resource + - apiGroup + x-kubernetes-list-type: map + type: object + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + nodeDisruptionPolicy: + description: |- + nodeDisruptionPolicy allows an admin to set granular node disruption actions for + MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow + for less downtime when doing small configuration updates to the cluster. This configuration + has no effect on cluster upgrades which will still incur node disruption where required. + properties: + files: + description: |- + files is a list of MachineConfig file definitions and actions to take to changes on those paths + This list supports a maximum of 50 entries. + items: + description: NodeDisruptionPolicySpecFile is a file entry and + corresponding actions to take and is used in the NodeDisruptionPolicyConfig + object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? + has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + path: + description: |- + path is the location of a file being managed through a MachineConfig. + The Actions in the policy will apply to changes to the file at this path. + type: string + required: + - actions + - path + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - path + x-kubernetes-list-type: map + sshkey: + description: |- + sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this + will apply to all sshkey changes in the cluster + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, where + ${SERVICETYPE} must be one of ".service", ".socket", + ".device", ".mount", ".automount", ".swap", + ".target", ".path", ".timer",".snapshot", ".slice" + or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, where + ${SERVICETYPE} must be one of ".service", ".socket", + ".device", ".mount", ".automount", ".swap", + ".target", ".path", ".timer",".snapshot", ".slice" + or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? has(self.restart) + : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) == + 1 : true' + - message: None action can only be specified standalone, as + it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + required: + - actions + type: object + units: + description: |- + units is a list MachineConfig unit definitions and actions to take on changes to those services + This list supports a maximum of 50 entries. + items: + description: NodeDisruptionPolicySpecUnit is a systemd unit + name and corresponding actions to take and is used in the + NodeDisruptionPolicyConfig object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? + has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + name: + description: |- + name represents the service name of a systemd service managed through a MachineConfig + Actions specified will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. Expected + format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} + must be one of ".service", ".socket", ".device", ".mount", + ".automount", ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected format + is ${NAME}${SERVICETYPE}, where {NAME} must be atleast + 1 character long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - actions + - name + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Machine + Config Operator + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + nodeDisruptionPolicyStatus: + description: |- + nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, + and will be used by the Machine Config Daemon during future node updates. + properties: + clusterPolicies: + description: clusterPolicies is a merge of cluster default and + user provided node disruption policies. + properties: + files: + description: files is a list of MachineConfig file definitions + and actions to take to changes on those paths + items: + description: NodeDisruptionPolicyStatusFile is a file entry + and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus + object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to + restart, only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' + ? has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + path: + description: |- + path is the location of a file being managed through a MachineConfig. + The Actions in the policy will apply to changes to the file at this path. + type: string + required: + - actions + - path + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - path + x-kubernetes-list-type: map + sshkey: + description: sshkey is the overall sshkey MachineConfig definition + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? + has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + required: + - actions + type: object + units: + description: units is a list MachineConfig unit definitions + and actions to take on changes to those services + items: + description: NodeDisruptionPolicyStatusUnit is a systemd + unit name and corresponding actions to take and is used + in the NodeDisruptionPolicyClusterStatus object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to + restart, only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' + ? has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + name: + description: |- + name represents the service name of a systemd service managed through a MachineConfig + Actions specified will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. Expected + format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} + must be one of ".service", ".socket", ".device", + ".mount", ".automount", ".swap", ".target", ".path", + ".timer",".snapshot", ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - actions + - name + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml new file mode 100644 index 000000000..9a65a695a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml @@ -0,0 +1,488 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/701 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: clustercsidrivers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: ClusterCSIDriver + listKind: ClusterCSIDriverList + plural: clustercsidrivers + singular: clustercsidriver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ClusterCSIDriver object allows management and configuration of a CSI driver operator + installed by default in OpenShift. Name of the object must be name of the CSI driver + it operates. See CSIDriverName type for list of allowed values. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + properties: + name: + enum: + - ebs.csi.aws.com + - efs.csi.aws.com + - disk.csi.azure.com + - file.csi.azure.com + - filestore.csi.storage.gke.io + - pd.csi.storage.gke.io + - cinder.csi.openstack.org + - csi.vsphere.vmware.com + - manila.csi.openstack.org + - csi.ovirt.org + - csi.kubevirt.io + - csi.sharedresource.openshift.io + - diskplugin.csi.alibabacloud.com + - vpc.block.csi.ibm.io + - powervs.csi.ibm.com + - secrets-store.csi.k8s.io + - smb.csi.k8s.io + type: string + type: object + spec: + description: spec holds user settable values for configuration + properties: + driverConfig: + description: |- + driverConfig can be used to specify platform specific driver configuration. + When omitted, this means no opinion and the platform is left to choose reasonable + defaults. These defaults are subject to change over time. + properties: + aws: + description: aws is used to configure the AWS CSI driver. + properties: + efsVolumeMetrics: + description: efsVolumeMetrics sets the configuration for collecting + metrics from EFS volumes used by the EFS CSI Driver. + properties: + recursiveWalk: + description: |- + recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver + when the state is set to RecursiveWalk. + properties: + fsRateLimit: + description: |- + fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is 5. + The valid range is from 1 to 100 goroutines. + format: int32 + maximum: 100 + minimum: 1 + type: integer + refreshPeriodMinutes: + description: |- + refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is 240. + The valid range is from 1 to 43200 minutes (30 days). + format: int32 + maximum: 43200 + minimum: 1 + type: integer + type: object + state: + description: |- + state defines the state of metric collection in the AWS EFS CSI Driver. + This field is required and must be set to one of the following values: Disabled or RecursiveWalk. + Disabled means no metrics collection will be performed. This is the default value. + RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. + This process may result in high CPU and memory usage, depending on the volume size. + enum: + - RecursiveWalk + - Disabled + type: string + required: + - state + type: object + kmsKeyARN: + description: |- + kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, + rather than the default KMS key used by AWS. + The value may be either the ARN or Alias ARN of a KMS key. + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ + type: string + type: object + azure: + description: azure is used to configure the Azure CSI driver. + properties: + diskEncryptionSet: + description: |- + diskEncryptionSet sets the cluster default storage class to encrypt volumes with a + customer-managed encryption set, rather than the default platform-managed keys. + properties: + name: + description: |- + name is the name of the disk encryption set that will be set on the default storage class. + The value should consist of only alphanumberic characters, + underscores (_), hyphens, and be at most 80 characters in length. + maxLength: 80 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + resourceGroup: + description: |- + resourceGroup defines the Azure resource group that contains the disk encryption set. + The value should consist of only alphanumberic characters, + underscores (_), parentheses, hyphens and periods. + The value should not end in a period and be at most 90 characters in + length. + maxLength: 90 + pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ + type: string + subscriptionID: + description: |- + subscriptionID defines the Azure subscription that contains the disk encryption set. + The value should meet the following conditions: + 1. It should be a 128-bit number. + 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. + 3. It should be displayed in five groups separated by hyphens (-). + 4. The first group should be 8 characters long. + 5. The second, third, and fourth groups should be 4 characters long. + 6. The fifth group should be 12 characters long. + An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378 + maxLength: 36 + pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ + type: string + required: + - name + - resourceGroup + - subscriptionID + type: object + type: object + driverType: + description: |- + driverType indicates type of CSI driver for which the + driverConfig is being applied to. + Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + Consumers should treat unknown values as a NO-OP. + enum: + - "" + - AWS + - Azure + - GCP + - IBMCloud + - vSphere + type: string + gcp: + description: gcp is used to configure the GCP CSI driver. + properties: + kmsKey: + description: |- + kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied + encryption keys, rather than the default keys managed by GCP. + properties: + keyRing: + description: |- + keyRing is the name of the KMS Key Ring which the KMS Key belongs to. + The value should correspond to an existing KMS key ring and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + location: + description: |- + location is the GCP location in which the Key Ring exists. + The value must match an existing GCP location, or "global". + Defaults to global, if not set. + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + name: + description: |- + name is the name of the customer-managed encryption key to be used for disk encryption. + The value should correspond to an existing KMS key and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + projectID: + description: |- + projectID is the ID of the Project in which the KMS Key Ring exists. + It must be 6 to 30 lowercase letters, digits, or hyphens. + It must start with a letter. Trailing hyphens are prohibited. + maxLength: 30 + minLength: 6 + pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ + type: string + required: + - keyRing + - name + - projectID + type: object + type: object + ibmcloud: + description: ibmcloud is used to configure the IBM Cloud CSI driver. + properties: + encryptionKeyCRN: + description: |- + encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use + for disk encryption of volumes for the default storage classes. + maxLength: 154 + minLength: 144 + pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ + type: string + required: + - encryptionKeyCRN + type: object + vSphere: + description: vsphere is used to configure the vsphere CSI driver. + properties: + globalMaxSnapshotsPerBlockVolume: + description: |- + globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of + datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. + Snapshots can not be disabled using this parameter. + Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 + Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html + format: int32 + maximum: 32 + minimum: 1 + type: integer + granularMaxSnapshotsPerBlockVolumeInVSAN: + description: |- + granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It + overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + Snapshots for VSAN can not be disabled using this parameter. + format: int32 + maximum: 32 + minimum: 1 + type: integer + granularMaxSnapshotsPerBlockVolumeInVVOL: + description: |- + granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. + It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + Snapshots for VVOL can not be disabled using this parameter. + format: int32 + maximum: 32 + minimum: 1 + type: integer + topologyCategories: + description: |- + topologyCategories indicates tag categories with which + vcenter resources such as hostcluster or datacenter were tagged with. + If cluster Infrastructure object has a topology, values specified in + Infrastructure object will be used and modifications to topologyCategories + will be rejected. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + required: + - driverType + type: object + x-kubernetes-validations: + - message: ibmcloud must be set if driverType is 'IBMCloud', but remain + unset otherwise + rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? + has(self.ibmcloud) : !has(self.ibmcloud)' + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + storageClassState: + description: |- + StorageClassState determines if CSI operator should create and manage storage classes. + If this field value is empty or Managed - CSI operator will continuously reconcile + storage class and create if necessary. + If this field value is Unmanaged - CSI operator will not reconcile any previously created + storage class. + If this field value is Removed - CSI operator will delete the storage class it created previously. + When omitted, this means the user has no opinion and the platform chooses a reasonable default, + which is subject to change over time. + The current default behaviour is Managed. + enum: + - "" + - Managed + - Unmanaged + - Removed + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/doc.go b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/doc.go new file mode 100644 index 000000000..644e03c3c --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.crd-manifests/doc.go @@ -0,0 +1 @@ +package operator_v1_crdmanifests diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.deepcopy.go b/pkg/schemes/machineconfiguration/mctypes/zz_generated.deepcopy.go new file mode 100644 index 000000000..e208fec1f --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.deepcopy.go @@ -0,0 +1,5330 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package mctypes + +import ( + configv1 "github.com/openshift/api/config/v1" + authorizationv1 "k8s.io/api/authorization/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSCSIDriverConfigSpec) DeepCopyInto(out *AWSCSIDriverConfigSpec) { + *out = *in + if in.EFSVolumeMetrics != nil { + in, out := &in.EFSVolumeMetrics, &out.EFSVolumeMetrics + *out = new(AWSEFSVolumeMetrics) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSCSIDriverConfigSpec. +func (in *AWSCSIDriverConfigSpec) DeepCopy() *AWSCSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(AWSCSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSClassicLoadBalancerParameters) DeepCopyInto(out *AWSClassicLoadBalancerParameters) { + *out = *in + out.ConnectionIdleTimeout = in.ConnectionIdleTimeout + if in.Subnets != nil { + in, out := &in.Subnets, &out.Subnets + *out = new(AWSSubnets) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSClassicLoadBalancerParameters. +func (in *AWSClassicLoadBalancerParameters) DeepCopy() *AWSClassicLoadBalancerParameters { + if in == nil { + return nil + } + out := new(AWSClassicLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSEFSVolumeMetrics) DeepCopyInto(out *AWSEFSVolumeMetrics) { + *out = *in + if in.RecursiveWalk != nil { + in, out := &in.RecursiveWalk, &out.RecursiveWalk + *out = new(AWSEFSVolumeMetricsRecursiveWalkConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSEFSVolumeMetrics. +func (in *AWSEFSVolumeMetrics) DeepCopy() *AWSEFSVolumeMetrics { + if in == nil { + return nil + } + out := new(AWSEFSVolumeMetrics) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSEFSVolumeMetricsRecursiveWalkConfig) DeepCopyInto(out *AWSEFSVolumeMetricsRecursiveWalkConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSEFSVolumeMetricsRecursiveWalkConfig. +func (in *AWSEFSVolumeMetricsRecursiveWalkConfig) DeepCopy() *AWSEFSVolumeMetricsRecursiveWalkConfig { + if in == nil { + return nil + } + out := new(AWSEFSVolumeMetricsRecursiveWalkConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSLoadBalancerParameters) DeepCopyInto(out *AWSLoadBalancerParameters) { + *out = *in + if in.ClassicLoadBalancerParameters != nil { + in, out := &in.ClassicLoadBalancerParameters, &out.ClassicLoadBalancerParameters + *out = new(AWSClassicLoadBalancerParameters) + (*in).DeepCopyInto(*out) + } + if in.NetworkLoadBalancerParameters != nil { + in, out := &in.NetworkLoadBalancerParameters, &out.NetworkLoadBalancerParameters + *out = new(AWSNetworkLoadBalancerParameters) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSLoadBalancerParameters. +func (in *AWSLoadBalancerParameters) DeepCopy() *AWSLoadBalancerParameters { + if in == nil { + return nil + } + out := new(AWSLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSNetworkLoadBalancerParameters) DeepCopyInto(out *AWSNetworkLoadBalancerParameters) { + *out = *in + if in.Subnets != nil { + in, out := &in.Subnets, &out.Subnets + *out = new(AWSSubnets) + (*in).DeepCopyInto(*out) + } + if in.EIPAllocations != nil { + in, out := &in.EIPAllocations, &out.EIPAllocations + *out = make([]EIPAllocation, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSNetworkLoadBalancerParameters. +func (in *AWSNetworkLoadBalancerParameters) DeepCopy() *AWSNetworkLoadBalancerParameters { + if in == nil { + return nil + } + out := new(AWSNetworkLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSSubnets) DeepCopyInto(out *AWSSubnets) { + *out = *in + if in.IDs != nil { + in, out := &in.IDs, &out.IDs + *out = make([]AWSSubnetID, len(*in)) + copy(*out, *in) + } + if in.Names != nil { + in, out := &in.Names, &out.Names + *out = make([]AWSSubnetName, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSSubnets. +func (in *AWSSubnets) DeepCopy() *AWSSubnets { + if in == nil { + return nil + } + out := new(AWSSubnets) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessLogging) DeepCopyInto(out *AccessLogging) { + *out = *in + in.Destination.DeepCopyInto(&out.Destination) + in.HTTPCaptureHeaders.DeepCopyInto(&out.HTTPCaptureHeaders) + if in.HTTPCaptureCookies != nil { + in, out := &in.HTTPCaptureCookies, &out.HTTPCaptureCookies + *out = make([]IngressControllerCaptureHTTPCookie, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogging. +func (in *AccessLogging) DeepCopy() *AccessLogging { + if in == nil { + return nil + } + out := new(AccessLogging) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddPage) DeepCopyInto(out *AddPage) { + *out = *in + if in.DisabledActions != nil { + in, out := &in.DisabledActions, &out.DisabledActions + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddPage. +func (in *AddPage) DeepCopy() *AddPage { + if in == nil { + return nil + } + out := new(AddPage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalNetworkDefinition) DeepCopyInto(out *AdditionalNetworkDefinition) { + *out = *in + if in.SimpleMacvlanConfig != nil { + in, out := &in.SimpleMacvlanConfig, &out.SimpleMacvlanConfig + *out = new(SimpleMacvlanConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalNetworkDefinition. +func (in *AdditionalNetworkDefinition) DeepCopy() *AdditionalNetworkDefinition { + if in == nil { + return nil + } + out := new(AdditionalNetworkDefinition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalRoutingCapabilities) DeepCopyInto(out *AdditionalRoutingCapabilities) { + *out = *in + if in.Providers != nil { + in, out := &in.Providers, &out.Providers + *out = make([]RoutingCapabilitiesProvider, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalRoutingCapabilities. +func (in *AdditionalRoutingCapabilities) DeepCopy() *AdditionalRoutingCapabilities { + if in == nil { + return nil + } + out := new(AdditionalRoutingCapabilities) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Authentication) DeepCopyInto(out *Authentication) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authentication. +func (in *Authentication) DeepCopy() *Authentication { + if in == nil { + return nil + } + out := new(Authentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Authentication) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticationList) DeepCopyInto(out *AuthenticationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Authentication, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationList. +func (in *AuthenticationList) DeepCopy() *AuthenticationList { + if in == nil { + return nil + } + out := new(AuthenticationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AuthenticationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationSpec. +func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec { + if in == nil { + return nil + } + out := new(AuthenticationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticationStatus) DeepCopyInto(out *AuthenticationStatus) { + *out = *in + out.OAuthAPIServer = in.OAuthAPIServer + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationStatus. +func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus { + if in == nil { + return nil + } + out := new(AuthenticationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureCSIDriverConfigSpec) DeepCopyInto(out *AzureCSIDriverConfigSpec) { + *out = *in + if in.DiskEncryptionSet != nil { + in, out := &in.DiskEncryptionSet, &out.DiskEncryptionSet + *out = new(AzureDiskEncryptionSet) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureCSIDriverConfigSpec. +func (in *AzureCSIDriverConfigSpec) DeepCopy() *AzureCSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(AzureCSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureDiskEncryptionSet) DeepCopyInto(out *AzureDiskEncryptionSet) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureDiskEncryptionSet. +func (in *AzureDiskEncryptionSet) DeepCopy() *AzureDiskEncryptionSet { + if in == nil { + return nil + } + out := new(AzureDiskEncryptionSet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CSIDriverConfigSpec) DeepCopyInto(out *CSIDriverConfigSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSCSIDriverConfigSpec) + (*in).DeepCopyInto(*out) + } + if in.Azure != nil { + in, out := &in.Azure, &out.Azure + *out = new(AzureCSIDriverConfigSpec) + (*in).DeepCopyInto(*out) + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPCSIDriverConfigSpec) + (*in).DeepCopyInto(*out) + } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudCSIDriverConfigSpec) + **out = **in + } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = new(VSphereCSIDriverConfigSpec) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIDriverConfigSpec. +func (in *CSIDriverConfigSpec) DeepCopy() *CSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(CSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CSISnapshotController) DeepCopyInto(out *CSISnapshotController) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSISnapshotController. +func (in *CSISnapshotController) DeepCopy() *CSISnapshotController { + if in == nil { + return nil + } + out := new(CSISnapshotController) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CSISnapshotController) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CSISnapshotControllerList) DeepCopyInto(out *CSISnapshotControllerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CSISnapshotController, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSISnapshotControllerList. +func (in *CSISnapshotControllerList) DeepCopy() *CSISnapshotControllerList { + if in == nil { + return nil + } + out := new(CSISnapshotControllerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CSISnapshotControllerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CSISnapshotControllerSpec) DeepCopyInto(out *CSISnapshotControllerSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSISnapshotControllerSpec. +func (in *CSISnapshotControllerSpec) DeepCopy() *CSISnapshotControllerSpec { + if in == nil { + return nil + } + out := new(CSISnapshotControllerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CSISnapshotControllerStatus) DeepCopyInto(out *CSISnapshotControllerStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSISnapshotControllerStatus. +func (in *CSISnapshotControllerStatus) DeepCopy() *CSISnapshotControllerStatus { + if in == nil { + return nil + } + out := new(CSISnapshotControllerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Capability) DeepCopyInto(out *Capability) { + *out = *in + out.Visibility = in.Visibility + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Capability. +func (in *Capability) DeepCopy() *Capability { + if in == nil { + return nil + } + out := new(Capability) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CapabilityVisibility) DeepCopyInto(out *CapabilityVisibility) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilityVisibility. +func (in *CapabilityVisibility) DeepCopy() *CapabilityVisibility { + if in == nil { + return nil + } + out := new(CapabilityVisibility) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientTLS) DeepCopyInto(out *ClientTLS) { + *out = *in + out.ClientCA = in.ClientCA + if in.AllowedSubjectPatterns != nil { + in, out := &in.AllowedSubjectPatterns, &out.AllowedSubjectPatterns + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLS. +func (in *ClientTLS) DeepCopy() *ClientTLS { + if in == nil { + return nil + } + out := new(ClientTLS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudCredential) DeepCopyInto(out *CloudCredential) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudCredential. +func (in *CloudCredential) DeepCopy() *CloudCredential { + if in == nil { + return nil + } + out := new(CloudCredential) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CloudCredential) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudCredentialList) DeepCopyInto(out *CloudCredentialList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CloudCredential, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudCredentialList. +func (in *CloudCredentialList) DeepCopy() *CloudCredentialList { + if in == nil { + return nil + } + out := new(CloudCredentialList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CloudCredentialList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudCredentialSpec) DeepCopyInto(out *CloudCredentialSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudCredentialSpec. +func (in *CloudCredentialSpec) DeepCopy() *CloudCredentialSpec { + if in == nil { + return nil + } + out := new(CloudCredentialSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudCredentialStatus) DeepCopyInto(out *CloudCredentialStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudCredentialStatus. +func (in *CloudCredentialStatus) DeepCopy() *CloudCredentialStatus { + if in == nil { + return nil + } + out := new(CloudCredentialStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCSIDriver) DeepCopyInto(out *ClusterCSIDriver) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCSIDriver. +func (in *ClusterCSIDriver) DeepCopy() *ClusterCSIDriver { + if in == nil { + return nil + } + out := new(ClusterCSIDriver) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterCSIDriver) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCSIDriverList) DeepCopyInto(out *ClusterCSIDriverList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterCSIDriver, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCSIDriverList. +func (in *ClusterCSIDriverList) DeepCopy() *ClusterCSIDriverList { + if in == nil { + return nil + } + out := new(ClusterCSIDriverList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterCSIDriverList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCSIDriverSpec) DeepCopyInto(out *ClusterCSIDriverSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + in.DriverConfig.DeepCopyInto(&out.DriverConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCSIDriverSpec. +func (in *ClusterCSIDriverSpec) DeepCopy() *ClusterCSIDriverSpec { + if in == nil { + return nil + } + out := new(ClusterCSIDriverSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCSIDriverStatus) DeepCopyInto(out *ClusterCSIDriverStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCSIDriverStatus. +func (in *ClusterCSIDriverStatus) DeepCopy() *ClusterCSIDriverStatus { + if in == nil { + return nil + } + out := new(ClusterCSIDriverStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterNetworkEntry) DeepCopyInto(out *ClusterNetworkEntry) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkEntry. +func (in *ClusterNetworkEntry) DeepCopy() *ClusterNetworkEntry { + if in == nil { + return nil + } + out := new(ClusterNetworkEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Config) DeepCopyInto(out *Config) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config. +func (in *Config) DeepCopy() *Config { + if in == nil { + return nil + } + out := new(Config) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Config) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigList) DeepCopyInto(out *ConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Config, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigList. +func (in *ConfigList) DeepCopy() *ConfigList { + if in == nil { + return nil + } + out := new(ConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSpec) DeepCopyInto(out *ConfigSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSpec. +func (in *ConfigSpec) DeepCopy() *ConfigSpec { + if in == nil { + return nil + } + out := new(ConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigStatus) DeepCopyInto(out *ConfigStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigStatus. +func (in *ConfigStatus) DeepCopy() *ConfigStatus { + if in == nil { + return nil + } + out := new(ConfigStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Console) DeepCopyInto(out *Console) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Console. +func (in *Console) DeepCopy() *Console { + if in == nil { + return nil + } + out := new(Console) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Console) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleConfigRoute) DeepCopyInto(out *ConsoleConfigRoute) { + *out = *in + out.Secret = in.Secret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleConfigRoute. +func (in *ConsoleConfigRoute) DeepCopy() *ConsoleConfigRoute { + if in == nil { + return nil + } + out := new(ConsoleConfigRoute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleCustomization) DeepCopyInto(out *ConsoleCustomization) { + *out = *in + if in.Capabilities != nil { + in, out := &in.Capabilities, &out.Capabilities + *out = make([]Capability, len(*in)) + copy(*out, *in) + } + out.CustomLogoFile = in.CustomLogoFile + in.DeveloperCatalog.DeepCopyInto(&out.DeveloperCatalog) + in.ProjectAccess.DeepCopyInto(&out.ProjectAccess) + in.QuickStarts.DeepCopyInto(&out.QuickStarts) + in.AddPage.DeepCopyInto(&out.AddPage) + if in.Perspectives != nil { + in, out := &in.Perspectives, &out.Perspectives + *out = make([]Perspective, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleCustomization. +func (in *ConsoleCustomization) DeepCopy() *ConsoleCustomization { + if in == nil { + return nil + } + out := new(ConsoleCustomization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleList) DeepCopyInto(out *ConsoleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Console, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleList. +func (in *ConsoleList) DeepCopy() *ConsoleList { + if in == nil { + return nil + } + out := new(ConsoleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConsoleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleProviders) DeepCopyInto(out *ConsoleProviders) { + *out = *in + if in.Statuspage != nil { + in, out := &in.Statuspage, &out.Statuspage + *out = new(StatuspageProvider) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleProviders. +func (in *ConsoleProviders) DeepCopy() *ConsoleProviders { + if in == nil { + return nil + } + out := new(ConsoleProviders) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleSpec) DeepCopyInto(out *ConsoleSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + in.Customization.DeepCopyInto(&out.Customization) + in.Providers.DeepCopyInto(&out.Providers) + out.Route = in.Route + if in.Plugins != nil { + in, out := &in.Plugins, &out.Plugins + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.Ingress = in.Ingress + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleSpec. +func (in *ConsoleSpec) DeepCopy() *ConsoleSpec { + if in == nil { + return nil + } + out := new(ConsoleSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleStatus) DeepCopyInto(out *ConsoleStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleStatus. +func (in *ConsoleStatus) DeepCopy() *ConsoleStatus { + if in == nil { + return nil + } + out := new(ConsoleStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerLoggingDestinationParameters) DeepCopyInto(out *ContainerLoggingDestinationParameters) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerLoggingDestinationParameters. +func (in *ContainerLoggingDestinationParameters) DeepCopy() *ContainerLoggingDestinationParameters { + if in == nil { + return nil + } + out := new(ContainerLoggingDestinationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNS) DeepCopyInto(out *DNS) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNS. +func (in *DNS) DeepCopy() *DNS { + if in == nil { + return nil + } + out := new(DNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *DNS) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSCache) DeepCopyInto(out *DNSCache) { + *out = *in + out.PositiveTTL = in.PositiveTTL + out.NegativeTTL = in.NegativeTTL + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSCache. +func (in *DNSCache) DeepCopy() *DNSCache { + if in == nil { + return nil + } + out := new(DNSCache) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSList) DeepCopyInto(out *DNSList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]DNS, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSList. +func (in *DNSList) DeepCopy() *DNSList { + if in == nil { + return nil + } + out := new(DNSList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *DNSList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSNodePlacement) DeepCopyInto(out *DNSNodePlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSNodePlacement. +func (in *DNSNodePlacement) DeepCopy() *DNSNodePlacement { + if in == nil { + return nil + } + out := new(DNSNodePlacement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSOverTLSConfig) DeepCopyInto(out *DNSOverTLSConfig) { + *out = *in + out.CABundle = in.CABundle + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSOverTLSConfig. +func (in *DNSOverTLSConfig) DeepCopy() *DNSOverTLSConfig { + if in == nil { + return nil + } + out := new(DNSOverTLSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSSpec) DeepCopyInto(out *DNSSpec) { + *out = *in + if in.Servers != nil { + in, out := &in.Servers, &out.Servers + *out = make([]Server, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.UpstreamResolvers.DeepCopyInto(&out.UpstreamResolvers) + in.NodePlacement.DeepCopyInto(&out.NodePlacement) + out.Cache = in.Cache + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSSpec. +func (in *DNSSpec) DeepCopy() *DNSSpec { + if in == nil { + return nil + } + out := new(DNSSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSStatus) DeepCopyInto(out *DNSStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]OperatorCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSStatus. +func (in *DNSStatus) DeepCopy() *DNSStatus { + if in == nil { + return nil + } + out := new(DNSStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSTransportConfig) DeepCopyInto(out *DNSTransportConfig) { + *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(DNSOverTLSConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSTransportConfig. +func (in *DNSTransportConfig) DeepCopy() *DNSTransportConfig { + if in == nil { + return nil + } + out := new(DNSTransportConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DefaultNetworkDefinition) DeepCopyInto(out *DefaultNetworkDefinition) { + *out = *in + if in.OpenShiftSDNConfig != nil { + in, out := &in.OpenShiftSDNConfig, &out.OpenShiftSDNConfig + *out = new(OpenShiftSDNConfig) + (*in).DeepCopyInto(*out) + } + if in.OVNKubernetesConfig != nil { + in, out := &in.OVNKubernetesConfig, &out.OVNKubernetesConfig + *out = new(OVNKubernetesConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultNetworkDefinition. +func (in *DefaultNetworkDefinition) DeepCopy() *DefaultNetworkDefinition { + if in == nil { + return nil + } + out := new(DefaultNetworkDefinition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeveloperConsoleCatalogCategory) DeepCopyInto(out *DeveloperConsoleCatalogCategory) { + *out = *in + in.DeveloperConsoleCatalogCategoryMeta.DeepCopyInto(&out.DeveloperConsoleCatalogCategoryMeta) + if in.Subcategories != nil { + in, out := &in.Subcategories, &out.Subcategories + *out = make([]DeveloperConsoleCatalogCategoryMeta, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeveloperConsoleCatalogCategory. +func (in *DeveloperConsoleCatalogCategory) DeepCopy() *DeveloperConsoleCatalogCategory { + if in == nil { + return nil + } + out := new(DeveloperConsoleCatalogCategory) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeveloperConsoleCatalogCategoryMeta) DeepCopyInto(out *DeveloperConsoleCatalogCategoryMeta) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeveloperConsoleCatalogCategoryMeta. +func (in *DeveloperConsoleCatalogCategoryMeta) DeepCopy() *DeveloperConsoleCatalogCategoryMeta { + if in == nil { + return nil + } + out := new(DeveloperConsoleCatalogCategoryMeta) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeveloperConsoleCatalogCustomization) DeepCopyInto(out *DeveloperConsoleCatalogCustomization) { + *out = *in + if in.Categories != nil { + in, out := &in.Categories, &out.Categories + *out = make([]DeveloperConsoleCatalogCategory, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.Types.DeepCopyInto(&out.Types) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeveloperConsoleCatalogCustomization. +func (in *DeveloperConsoleCatalogCustomization) DeepCopy() *DeveloperConsoleCatalogCustomization { + if in == nil { + return nil + } + out := new(DeveloperConsoleCatalogCustomization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeveloperConsoleCatalogTypes) DeepCopyInto(out *DeveloperConsoleCatalogTypes) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = new([]string) + if **in != nil { + in, out := *in, *out + *out = make([]string, len(*in)) + copy(*out, *in) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeveloperConsoleCatalogTypes. +func (in *DeveloperConsoleCatalogTypes) DeepCopy() *DeveloperConsoleCatalogTypes { + if in == nil { + return nil + } + out := new(DeveloperConsoleCatalogTypes) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressIPConfig) DeepCopyInto(out *EgressIPConfig) { + *out = *in + if in.ReachabilityTotalTimeoutSeconds != nil { + in, out := &in.ReachabilityTotalTimeoutSeconds, &out.ReachabilityTotalTimeoutSeconds + *out = new(uint32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressIPConfig. +func (in *EgressIPConfig) DeepCopy() *EgressIPConfig { + if in == nil { + return nil + } + out := new(EgressIPConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EndpointPublishingStrategy) DeepCopyInto(out *EndpointPublishingStrategy) { + *out = *in + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(LoadBalancerStrategy) + (*in).DeepCopyInto(*out) + } + if in.HostNetwork != nil { + in, out := &in.HostNetwork, &out.HostNetwork + *out = new(HostNetworkStrategy) + **out = **in + } + if in.Private != nil { + in, out := &in.Private, &out.Private + *out = new(PrivateStrategy) + **out = **in + } + if in.NodePort != nil { + in, out := &in.NodePort, &out.NodePort + *out = new(NodePortStrategy) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointPublishingStrategy. +func (in *EndpointPublishingStrategy) DeepCopy() *EndpointPublishingStrategy { + if in == nil { + return nil + } + out := new(EndpointPublishingStrategy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Etcd) DeepCopyInto(out *Etcd) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Etcd. +func (in *Etcd) DeepCopy() *Etcd { + if in == nil { + return nil + } + out := new(Etcd) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Etcd) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdList) DeepCopyInto(out *EtcdList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Etcd, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdList. +func (in *EtcdList) DeepCopy() *EtcdList { + if in == nil { + return nil + } + out := new(EtcdList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EtcdList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdSpec) DeepCopyInto(out *EtcdSpec) { + *out = *in + in.StaticPodOperatorSpec.DeepCopyInto(&out.StaticPodOperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdSpec. +func (in *EtcdSpec) DeepCopy() *EtcdSpec { + if in == nil { + return nil + } + out := new(EtcdSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdStatus) DeepCopyInto(out *EtcdStatus) { + *out = *in + in.StaticPodOperatorStatus.DeepCopyInto(&out.StaticPodOperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdStatus. +func (in *EtcdStatus) DeepCopy() *EtcdStatus { + if in == nil { + return nil + } + out := new(EtcdStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExportNetworkFlows) DeepCopyInto(out *ExportNetworkFlows) { + *out = *in + if in.NetFlow != nil { + in, out := &in.NetFlow, &out.NetFlow + *out = new(NetFlowConfig) + (*in).DeepCopyInto(*out) + } + if in.SFlow != nil { + in, out := &in.SFlow, &out.SFlow + *out = new(SFlowConfig) + (*in).DeepCopyInto(*out) + } + if in.IPFIX != nil { + in, out := &in.IPFIX, &out.IPFIX + *out = new(IPFIXConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExportNetworkFlows. +func (in *ExportNetworkFlows) DeepCopy() *ExportNetworkFlows { + if in == nil { + return nil + } + out := new(ExportNetworkFlows) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeaturesMigration) DeepCopyInto(out *FeaturesMigration) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeaturesMigration. +func (in *FeaturesMigration) DeepCopy() *FeaturesMigration { + if in == nil { + return nil + } + out := new(FeaturesMigration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ForwardPlugin) DeepCopyInto(out *ForwardPlugin) { + *out = *in + if in.Upstreams != nil { + in, out := &in.Upstreams, &out.Upstreams + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.TransportConfig.DeepCopyInto(&out.TransportConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForwardPlugin. +func (in *ForwardPlugin) DeepCopy() *ForwardPlugin { + if in == nil { + return nil + } + out := new(ForwardPlugin) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPCSIDriverConfigSpec) DeepCopyInto(out *GCPCSIDriverConfigSpec) { + *out = *in + if in.KMSKey != nil { + in, out := &in.KMSKey, &out.KMSKey + *out = new(GCPKMSKeyReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPCSIDriverConfigSpec. +func (in *GCPCSIDriverConfigSpec) DeepCopy() *GCPCSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(GCPCSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPKMSKeyReference) DeepCopyInto(out *GCPKMSKeyReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPKMSKeyReference. +func (in *GCPKMSKeyReference) DeepCopy() *GCPKMSKeyReference { + if in == nil { + return nil + } + out := new(GCPKMSKeyReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPLoadBalancerParameters) DeepCopyInto(out *GCPLoadBalancerParameters) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPLoadBalancerParameters. +func (in *GCPLoadBalancerParameters) DeepCopy() *GCPLoadBalancerParameters { + if in == nil { + return nil + } + out := new(GCPLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatewayConfig) DeepCopyInto(out *GatewayConfig) { + *out = *in + out.IPv4 = in.IPv4 + out.IPv6 = in.IPv6 + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfig. +func (in *GatewayConfig) DeepCopy() *GatewayConfig { + if in == nil { + return nil + } + out := new(GatewayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GatherStatus) DeepCopyInto(out *GatherStatus) { + *out = *in + in.LastGatherTime.DeepCopyInto(&out.LastGatherTime) + out.LastGatherDuration = in.LastGatherDuration + if in.Gatherers != nil { + in, out := &in.Gatherers, &out.Gatherers + *out = make([]GathererStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatherStatus. +func (in *GatherStatus) DeepCopy() *GatherStatus { + if in == nil { + return nil + } + out := new(GatherStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GathererStatus) DeepCopyInto(out *GathererStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.LastGatherDuration = in.LastGatherDuration + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GathererStatus. +func (in *GathererStatus) DeepCopy() *GathererStatus { + if in == nil { + return nil + } + out := new(GathererStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GenerationStatus) DeepCopyInto(out *GenerationStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenerationStatus. +func (in *GenerationStatus) DeepCopy() *GenerationStatus { + if in == nil { + return nil + } + out := new(GenerationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPCompressionPolicy) DeepCopyInto(out *HTTPCompressionPolicy) { + *out = *in + if in.MimeTypes != nil { + in, out := &in.MimeTypes, &out.MimeTypes + *out = make([]CompressionMIMEType, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPCompressionPolicy. +func (in *HTTPCompressionPolicy) DeepCopy() *HTTPCompressionPolicy { + if in == nil { + return nil + } + out := new(HTTPCompressionPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HealthCheck) DeepCopyInto(out *HealthCheck) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthCheck. +func (in *HealthCheck) DeepCopy() *HealthCheck { + if in == nil { + return nil + } + out := new(HealthCheck) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HostNetworkStrategy) DeepCopyInto(out *HostNetworkStrategy) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostNetworkStrategy. +func (in *HostNetworkStrategy) DeepCopy() *HostNetworkStrategy { + if in == nil { + return nil + } + out := new(HostNetworkStrategy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HybridOverlayConfig) DeepCopyInto(out *HybridOverlayConfig) { + *out = *in + if in.HybridClusterNetwork != nil { + in, out := &in.HybridClusterNetwork, &out.HybridClusterNetwork + *out = make([]ClusterNetworkEntry, len(*in)) + copy(*out, *in) + } + if in.HybridOverlayVXLANPort != nil { + in, out := &in.HybridOverlayVXLANPort, &out.HybridOverlayVXLANPort + *out = new(uint32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HybridOverlayConfig. +func (in *HybridOverlayConfig) DeepCopy() *HybridOverlayConfig { + if in == nil { + return nil + } + out := new(HybridOverlayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudCSIDriverConfigSpec) DeepCopyInto(out *IBMCloudCSIDriverConfigSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudCSIDriverConfigSpec. +func (in *IBMCloudCSIDriverConfigSpec) DeepCopy() *IBMCloudCSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(IBMCloudCSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMLoadBalancerParameters) DeepCopyInto(out *IBMLoadBalancerParameters) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMLoadBalancerParameters. +func (in *IBMLoadBalancerParameters) DeepCopy() *IBMLoadBalancerParameters { + if in == nil { + return nil + } + out := new(IBMLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAMConfig) DeepCopyInto(out *IPAMConfig) { + *out = *in + if in.StaticIPAMConfig != nil { + in, out := &in.StaticIPAMConfig, &out.StaticIPAMConfig + *out = new(StaticIPAMConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMConfig. +func (in *IPAMConfig) DeepCopy() *IPAMConfig { + if in == nil { + return nil + } + out := new(IPAMConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPFIXConfig) DeepCopyInto(out *IPFIXConfig) { + *out = *in + if in.Collectors != nil { + in, out := &in.Collectors, &out.Collectors + *out = make([]IPPort, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPFIXConfig. +func (in *IPFIXConfig) DeepCopy() *IPFIXConfig { + if in == nil { + return nil + } + out := new(IPFIXConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPsecConfig) DeepCopyInto(out *IPsecConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPsecConfig. +func (in *IPsecConfig) DeepCopy() *IPsecConfig { + if in == nil { + return nil + } + out := new(IPsecConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv4GatewayConfig) DeepCopyInto(out *IPv4GatewayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4GatewayConfig. +func (in *IPv4GatewayConfig) DeepCopy() *IPv4GatewayConfig { + if in == nil { + return nil + } + out := new(IPv4GatewayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv4OVNKubernetesConfig) DeepCopyInto(out *IPv4OVNKubernetesConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4OVNKubernetesConfig. +func (in *IPv4OVNKubernetesConfig) DeepCopy() *IPv4OVNKubernetesConfig { + if in == nil { + return nil + } + out := new(IPv4OVNKubernetesConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv6GatewayConfig) DeepCopyInto(out *IPv6GatewayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv6GatewayConfig. +func (in *IPv6GatewayConfig) DeepCopy() *IPv6GatewayConfig { + if in == nil { + return nil + } + out := new(IPv6GatewayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv6OVNKubernetesConfig) DeepCopyInto(out *IPv6OVNKubernetesConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv6OVNKubernetesConfig. +func (in *IPv6OVNKubernetesConfig) DeepCopy() *IPv6OVNKubernetesConfig { + if in == nil { + return nil + } + out := new(IPv6OVNKubernetesConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Ingress) DeepCopyInto(out *Ingress) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress. +func (in *Ingress) DeepCopy() *Ingress { + if in == nil { + return nil + } + out := new(Ingress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressController) DeepCopyInto(out *IngressController) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressController. +func (in *IngressController) DeepCopy() *IngressController { + if in == nil { + return nil + } + out := new(IngressController) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IngressController) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerCaptureHTTPCookie) DeepCopyInto(out *IngressControllerCaptureHTTPCookie) { + *out = *in + out.IngressControllerCaptureHTTPCookieUnion = in.IngressControllerCaptureHTTPCookieUnion + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerCaptureHTTPCookie. +func (in *IngressControllerCaptureHTTPCookie) DeepCopy() *IngressControllerCaptureHTTPCookie { + if in == nil { + return nil + } + out := new(IngressControllerCaptureHTTPCookie) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerCaptureHTTPCookieUnion) DeepCopyInto(out *IngressControllerCaptureHTTPCookieUnion) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerCaptureHTTPCookieUnion. +func (in *IngressControllerCaptureHTTPCookieUnion) DeepCopy() *IngressControllerCaptureHTTPCookieUnion { + if in == nil { + return nil + } + out := new(IngressControllerCaptureHTTPCookieUnion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerCaptureHTTPHeader) DeepCopyInto(out *IngressControllerCaptureHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerCaptureHTTPHeader. +func (in *IngressControllerCaptureHTTPHeader) DeepCopy() *IngressControllerCaptureHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerCaptureHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerCaptureHTTPHeaders) DeepCopyInto(out *IngressControllerCaptureHTTPHeaders) { + *out = *in + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]IngressControllerCaptureHTTPHeader, len(*in)) + copy(*out, *in) + } + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]IngressControllerCaptureHTTPHeader, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerCaptureHTTPHeaders. +func (in *IngressControllerCaptureHTTPHeaders) DeepCopy() *IngressControllerCaptureHTTPHeaders { + if in == nil { + return nil + } + out := new(IngressControllerCaptureHTTPHeaders) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeader) DeepCopyInto(out *IngressControllerHTTPHeader) { + *out = *in + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeader. +func (in *IngressControllerHTTPHeader) DeepCopy() *IngressControllerHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderActionUnion) DeepCopyInto(out *IngressControllerHTTPHeaderActionUnion) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = new(IngressControllerSetHTTPHeader) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderActionUnion. +func (in *IngressControllerHTTPHeaderActionUnion) DeepCopy() *IngressControllerHTTPHeaderActionUnion { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderActionUnion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderActions) DeepCopyInto(out *IngressControllerHTTPHeaderActions) { + *out = *in + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]IngressControllerHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]IngressControllerHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderActions. +func (in *IngressControllerHTTPHeaderActions) DeepCopy() *IngressControllerHTTPHeaderActions { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderActions) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPHeaders) { + *out = *in + out.UniqueId = in.UniqueId + if in.HeaderNameCaseAdjustments != nil { + in, out := &in.HeaderNameCaseAdjustments, &out.HeaderNameCaseAdjustments + *out = make([]IngressControllerHTTPHeaderNameCaseAdjustment, len(*in)) + copy(*out, *in) + } + in.Actions.DeepCopyInto(&out.Actions) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaders. +func (in *IngressControllerHTTPHeaders) DeepCopy() *IngressControllerHTTPHeaders { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaders) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPUniqueIdHeaderPolicy) DeepCopyInto(out *IngressControllerHTTPUniqueIdHeaderPolicy) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPUniqueIdHeaderPolicy. +func (in *IngressControllerHTTPUniqueIdHeaderPolicy) DeepCopy() *IngressControllerHTTPUniqueIdHeaderPolicy { + if in == nil { + return nil + } + out := new(IngressControllerHTTPUniqueIdHeaderPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerList) DeepCopyInto(out *IngressControllerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]IngressController, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerList. +func (in *IngressControllerList) DeepCopy() *IngressControllerList { + if in == nil { + return nil + } + out := new(IngressControllerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IngressControllerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerLogging) DeepCopyInto(out *IngressControllerLogging) { + *out = *in + if in.Access != nil { + in, out := &in.Access, &out.Access + *out = new(AccessLogging) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerLogging. +func (in *IngressControllerLogging) DeepCopy() *IngressControllerLogging { + if in == nil { + return nil + } + out := new(IngressControllerLogging) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerSetHTTPHeader) DeepCopyInto(out *IngressControllerSetHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerSetHTTPHeader. +func (in *IngressControllerSetHTTPHeader) DeepCopy() *IngressControllerSetHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerSetHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerSpec) DeepCopyInto(out *IngressControllerSpec) { + *out = *in + out.HttpErrorCodePages = in.HttpErrorCodePages + if in.Replicas != nil { + in, out := &in.Replicas, &out.Replicas + *out = new(int32) + **out = **in + } + if in.EndpointPublishingStrategy != nil { + in, out := &in.EndpointPublishingStrategy, &out.EndpointPublishingStrategy + *out = new(EndpointPublishingStrategy) + (*in).DeepCopyInto(*out) + } + if in.DefaultCertificate != nil { + in, out := &in.DefaultCertificate, &out.DefaultCertificate + *out = new(corev1.LocalObjectReference) + **out = **in + } + if in.NamespaceSelector != nil { + in, out := &in.NamespaceSelector, &out.NamespaceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.RouteSelector != nil { + in, out := &in.RouteSelector, &out.RouteSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.NodePlacement != nil { + in, out := &in.NodePlacement, &out.NodePlacement + *out = new(NodePlacement) + (*in).DeepCopyInto(*out) + } + if in.TLSSecurityProfile != nil { + in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile + *out = new(configv1.TLSSecurityProfile) + (*in).DeepCopyInto(*out) + } + in.ClientTLS.DeepCopyInto(&out.ClientTLS) + if in.RouteAdmission != nil { + in, out := &in.RouteAdmission, &out.RouteAdmission + *out = new(RouteAdmissionPolicy) + **out = **in + } + if in.Logging != nil { + in, out := &in.Logging, &out.Logging + *out = new(IngressControllerLogging) + (*in).DeepCopyInto(*out) + } + if in.HTTPHeaders != nil { + in, out := &in.HTTPHeaders, &out.HTTPHeaders + *out = new(IngressControllerHTTPHeaders) + (*in).DeepCopyInto(*out) + } + in.TuningOptions.DeepCopyInto(&out.TuningOptions) + in.UnsupportedConfigOverrides.DeepCopyInto(&out.UnsupportedConfigOverrides) + in.HTTPCompression.DeepCopyInto(&out.HTTPCompression) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerSpec. +func (in *IngressControllerSpec) DeepCopy() *IngressControllerSpec { + if in == nil { + return nil + } + out := new(IngressControllerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerStatus) DeepCopyInto(out *IngressControllerStatus) { + *out = *in + if in.EndpointPublishingStrategy != nil { + in, out := &in.EndpointPublishingStrategy, &out.EndpointPublishingStrategy + *out = new(EndpointPublishingStrategy) + (*in).DeepCopyInto(*out) + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]OperatorCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TLSProfile != nil { + in, out := &in.TLSProfile, &out.TLSProfile + *out = new(configv1.TLSProfileSpec) + (*in).DeepCopyInto(*out) + } + if in.NamespaceSelector != nil { + in, out := &in.NamespaceSelector, &out.NamespaceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.RouteSelector != nil { + in, out := &in.RouteSelector, &out.RouteSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerStatus. +func (in *IngressControllerStatus) DeepCopy() *IngressControllerStatus { + if in == nil { + return nil + } + out := new(IngressControllerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerTuningOptions) DeepCopyInto(out *IngressControllerTuningOptions) { + *out = *in + if in.ClientTimeout != nil { + in, out := &in.ClientTimeout, &out.ClientTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.ClientFinTimeout != nil { + in, out := &in.ClientFinTimeout, &out.ClientFinTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.ServerTimeout != nil { + in, out := &in.ServerTimeout, &out.ServerTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.ServerFinTimeout != nil { + in, out := &in.ServerFinTimeout, &out.ServerFinTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.TunnelTimeout != nil { + in, out := &in.TunnelTimeout, &out.TunnelTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.ConnectTimeout != nil { + in, out := &in.ConnectTimeout, &out.ConnectTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.TLSInspectDelay != nil { + in, out := &in.TLSInspectDelay, &out.TLSInspectDelay + *out = new(metav1.Duration) + **out = **in + } + if in.HealthCheckInterval != nil { + in, out := &in.HealthCheckInterval, &out.HealthCheckInterval + *out = new(metav1.Duration) + **out = **in + } + out.ReloadInterval = in.ReloadInterval + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerTuningOptions. +func (in *IngressControllerTuningOptions) DeepCopy() *IngressControllerTuningOptions { + if in == nil { + return nil + } + out := new(IngressControllerTuningOptions) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InsightsOperator) DeepCopyInto(out *InsightsOperator) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsOperator. +func (in *InsightsOperator) DeepCopy() *InsightsOperator { + if in == nil { + return nil + } + out := new(InsightsOperator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InsightsOperator) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InsightsOperatorList) DeepCopyInto(out *InsightsOperatorList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]InsightsOperator, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsOperatorList. +func (in *InsightsOperatorList) DeepCopy() *InsightsOperatorList { + if in == nil { + return nil + } + out := new(InsightsOperatorList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InsightsOperatorList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InsightsOperatorSpec) DeepCopyInto(out *InsightsOperatorSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsOperatorSpec. +func (in *InsightsOperatorSpec) DeepCopy() *InsightsOperatorSpec { + if in == nil { + return nil + } + out := new(InsightsOperatorSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InsightsOperatorStatus) DeepCopyInto(out *InsightsOperatorStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + in.GatherStatus.DeepCopyInto(&out.GatherStatus) + in.InsightsReport.DeepCopyInto(&out.InsightsReport) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsOperatorStatus. +func (in *InsightsOperatorStatus) DeepCopy() *InsightsOperatorStatus { + if in == nil { + return nil + } + out := new(InsightsOperatorStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InsightsReport) DeepCopyInto(out *InsightsReport) { + *out = *in + in.DownloadedAt.DeepCopyInto(&out.DownloadedAt) + if in.HealthChecks != nil { + in, out := &in.HealthChecks, &out.HealthChecks + *out = make([]HealthCheck, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsReport. +func (in *InsightsReport) DeepCopy() *InsightsReport { + if in == nil { + return nil + } + out := new(InsightsReport) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeAPIServer) DeepCopyInto(out *KubeAPIServer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServer. +func (in *KubeAPIServer) DeepCopy() *KubeAPIServer { + if in == nil { + return nil + } + out := new(KubeAPIServer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeAPIServer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeAPIServerList) DeepCopyInto(out *KubeAPIServerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KubeAPIServer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerList. +func (in *KubeAPIServerList) DeepCopy() *KubeAPIServerList { + if in == nil { + return nil + } + out := new(KubeAPIServerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeAPIServerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeAPIServerSpec) DeepCopyInto(out *KubeAPIServerSpec) { + *out = *in + in.StaticPodOperatorSpec.DeepCopyInto(&out.StaticPodOperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerSpec. +func (in *KubeAPIServerSpec) DeepCopy() *KubeAPIServerSpec { + if in == nil { + return nil + } + out := new(KubeAPIServerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeAPIServerStatus) DeepCopyInto(out *KubeAPIServerStatus) { + *out = *in + in.StaticPodOperatorStatus.DeepCopyInto(&out.StaticPodOperatorStatus) + if in.ServiceAccountIssuers != nil { + in, out := &in.ServiceAccountIssuers, &out.ServiceAccountIssuers + *out = make([]ServiceAccountIssuerStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeAPIServerStatus. +func (in *KubeAPIServerStatus) DeepCopy() *KubeAPIServerStatus { + if in == nil { + return nil + } + out := new(KubeAPIServerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeControllerManager) DeepCopyInto(out *KubeControllerManager) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeControllerManager. +func (in *KubeControllerManager) DeepCopy() *KubeControllerManager { + if in == nil { + return nil + } + out := new(KubeControllerManager) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeControllerManager) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeControllerManagerList) DeepCopyInto(out *KubeControllerManagerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KubeControllerManager, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeControllerManagerList. +func (in *KubeControllerManagerList) DeepCopy() *KubeControllerManagerList { + if in == nil { + return nil + } + out := new(KubeControllerManagerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeControllerManagerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeControllerManagerSpec) DeepCopyInto(out *KubeControllerManagerSpec) { + *out = *in + in.StaticPodOperatorSpec.DeepCopyInto(&out.StaticPodOperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeControllerManagerSpec. +func (in *KubeControllerManagerSpec) DeepCopy() *KubeControllerManagerSpec { + if in == nil { + return nil + } + out := new(KubeControllerManagerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeControllerManagerStatus) DeepCopyInto(out *KubeControllerManagerStatus) { + *out = *in + in.StaticPodOperatorStatus.DeepCopyInto(&out.StaticPodOperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeControllerManagerStatus. +func (in *KubeControllerManagerStatus) DeepCopy() *KubeControllerManagerStatus { + if in == nil { + return nil + } + out := new(KubeControllerManagerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeScheduler) DeepCopyInto(out *KubeScheduler) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeScheduler. +func (in *KubeScheduler) DeepCopy() *KubeScheduler { + if in == nil { + return nil + } + out := new(KubeScheduler) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeScheduler) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeSchedulerList) DeepCopyInto(out *KubeSchedulerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KubeScheduler, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSchedulerList. +func (in *KubeSchedulerList) DeepCopy() *KubeSchedulerList { + if in == nil { + return nil + } + out := new(KubeSchedulerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeSchedulerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeSchedulerSpec) DeepCopyInto(out *KubeSchedulerSpec) { + *out = *in + in.StaticPodOperatorSpec.DeepCopyInto(&out.StaticPodOperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSchedulerSpec. +func (in *KubeSchedulerSpec) DeepCopy() *KubeSchedulerSpec { + if in == nil { + return nil + } + out := new(KubeSchedulerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeSchedulerStatus) DeepCopyInto(out *KubeSchedulerStatus) { + *out = *in + in.StaticPodOperatorStatus.DeepCopyInto(&out.StaticPodOperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeSchedulerStatus. +func (in *KubeSchedulerStatus) DeepCopy() *KubeSchedulerStatus { + if in == nil { + return nil + } + out := new(KubeSchedulerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeStorageVersionMigrator) DeepCopyInto(out *KubeStorageVersionMigrator) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStorageVersionMigrator. +func (in *KubeStorageVersionMigrator) DeepCopy() *KubeStorageVersionMigrator { + if in == nil { + return nil + } + out := new(KubeStorageVersionMigrator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeStorageVersionMigrator) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeStorageVersionMigratorList) DeepCopyInto(out *KubeStorageVersionMigratorList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KubeStorageVersionMigrator, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStorageVersionMigratorList. +func (in *KubeStorageVersionMigratorList) DeepCopy() *KubeStorageVersionMigratorList { + if in == nil { + return nil + } + out := new(KubeStorageVersionMigratorList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KubeStorageVersionMigratorList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeStorageVersionMigratorSpec) DeepCopyInto(out *KubeStorageVersionMigratorSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStorageVersionMigratorSpec. +func (in *KubeStorageVersionMigratorSpec) DeepCopy() *KubeStorageVersionMigratorSpec { + if in == nil { + return nil + } + out := new(KubeStorageVersionMigratorSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeStorageVersionMigratorStatus) DeepCopyInto(out *KubeStorageVersionMigratorStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeStorageVersionMigratorStatus. +func (in *KubeStorageVersionMigratorStatus) DeepCopy() *KubeStorageVersionMigratorStatus { + if in == nil { + return nil + } + out := new(KubeStorageVersionMigratorStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoadBalancerStrategy) DeepCopyInto(out *LoadBalancerStrategy) { + *out = *in + if in.AllowedSourceRanges != nil { + in, out := &in.AllowedSourceRanges, &out.AllowedSourceRanges + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } + if in.ProviderParameters != nil { + in, out := &in.ProviderParameters, &out.ProviderParameters + *out = new(ProviderLoadBalancerParameters) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerStrategy. +func (in *LoadBalancerStrategy) DeepCopy() *LoadBalancerStrategy { + if in == nil { + return nil + } + out := new(LoadBalancerStrategy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoggingDestination) DeepCopyInto(out *LoggingDestination) { + *out = *in + if in.Syslog != nil { + in, out := &in.Syslog, &out.Syslog + *out = new(SyslogLoggingDestinationParameters) + **out = **in + } + if in.Container != nil { + in, out := &in.Container, &out.Container + *out = new(ContainerLoggingDestinationParameters) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingDestination. +func (in *LoggingDestination) DeepCopy() *LoggingDestination { + if in == nil { + return nil + } + out := new(LoggingDestination) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MTUMigration) DeepCopyInto(out *MTUMigration) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(MTUMigrationValues) + (*in).DeepCopyInto(*out) + } + if in.Machine != nil { + in, out := &in.Machine, &out.Machine + *out = new(MTUMigrationValues) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MTUMigration. +func (in *MTUMigration) DeepCopy() *MTUMigration { + if in == nil { + return nil + } + out := new(MTUMigration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MTUMigrationValues) DeepCopyInto(out *MTUMigrationValues) { + *out = *in + if in.To != nil { + in, out := &in.To, &out.To + *out = new(uint32) + **out = **in + } + if in.From != nil { + in, out := &in.From, &out.From + *out = new(uint32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MTUMigrationValues. +func (in *MTUMigrationValues) DeepCopy() *MTUMigrationValues { + if in == nil { + return nil + } + out := new(MTUMigrationValues) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfiguration) DeepCopyInto(out *MachineConfiguration) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfiguration. +func (in *MachineConfiguration) DeepCopy() *MachineConfiguration { + if in == nil { + return nil + } + out := new(MachineConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MachineConfiguration) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigurationList) DeepCopyInto(out *MachineConfigurationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]MachineConfiguration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigurationList. +func (in *MachineConfigurationList) DeepCopy() *MachineConfigurationList { + if in == nil { + return nil + } + out := new(MachineConfigurationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MachineConfigurationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigurationSpec) DeepCopyInto(out *MachineConfigurationSpec) { + *out = *in + in.StaticPodOperatorSpec.DeepCopyInto(&out.StaticPodOperatorSpec) + in.ManagedBootImages.DeepCopyInto(&out.ManagedBootImages) + in.NodeDisruptionPolicy.DeepCopyInto(&out.NodeDisruptionPolicy) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigurationSpec. +func (in *MachineConfigurationSpec) DeepCopy() *MachineConfigurationSpec { + if in == nil { + return nil + } + out := new(MachineConfigurationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigurationStatus) DeepCopyInto(out *MachineConfigurationStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.NodeDisruptionPolicyStatus.DeepCopyInto(&out.NodeDisruptionPolicyStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigurationStatus. +func (in *MachineConfigurationStatus) DeepCopy() *MachineConfigurationStatus { + if in == nil { + return nil + } + out := new(MachineConfigurationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineManager) DeepCopyInto(out *MachineManager) { + *out = *in + in.Selection.DeepCopyInto(&out.Selection) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineManager. +func (in *MachineManager) DeepCopy() *MachineManager { + if in == nil { + return nil + } + out := new(MachineManager) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineManagerSelector) DeepCopyInto(out *MachineManagerSelector) { + *out = *in + if in.Partial != nil { + in, out := &in.Partial, &out.Partial + *out = new(PartialSelector) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineManagerSelector. +func (in *MachineManagerSelector) DeepCopy() *MachineManagerSelector { + if in == nil { + return nil + } + out := new(MachineManagerSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedBootImages) DeepCopyInto(out *ManagedBootImages) { + *out = *in + if in.MachineManagers != nil { + in, out := &in.MachineManagers, &out.MachineManagers + *out = make([]MachineManager, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedBootImages. +func (in *ManagedBootImages) DeepCopy() *ManagedBootImages { + if in == nil { + return nil + } + out := new(ManagedBootImages) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MyOperatorResource) DeepCopyInto(out *MyOperatorResource) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MyOperatorResource. +func (in *MyOperatorResource) DeepCopy() *MyOperatorResource { + if in == nil { + return nil + } + out := new(MyOperatorResource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MyOperatorResourceSpec) DeepCopyInto(out *MyOperatorResourceSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MyOperatorResourceSpec. +func (in *MyOperatorResourceSpec) DeepCopy() *MyOperatorResourceSpec { + if in == nil { + return nil + } + out := new(MyOperatorResourceSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MyOperatorResourceStatus) DeepCopyInto(out *MyOperatorResourceStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MyOperatorResourceStatus. +func (in *MyOperatorResourceStatus) DeepCopy() *MyOperatorResourceStatus { + if in == nil { + return nil + } + out := new(MyOperatorResourceStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetFlowConfig) DeepCopyInto(out *NetFlowConfig) { + *out = *in + if in.Collectors != nil { + in, out := &in.Collectors, &out.Collectors + *out = make([]IPPort, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetFlowConfig. +func (in *NetFlowConfig) DeepCopy() *NetFlowConfig { + if in == nil { + return nil + } + out := new(NetFlowConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Network) DeepCopyInto(out *Network) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Network. +func (in *Network) DeepCopy() *Network { + if in == nil { + return nil + } + out := new(Network) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Network) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkList) DeepCopyInto(out *NetworkList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Network, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkList. +func (in *NetworkList) DeepCopy() *NetworkList { + if in == nil { + return nil + } + out := new(NetworkList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkMigration) DeepCopyInto(out *NetworkMigration) { + *out = *in + if in.MTU != nil { + in, out := &in.MTU, &out.MTU + *out = new(MTUMigration) + (*in).DeepCopyInto(*out) + } + if in.Features != nil { + in, out := &in.Features, &out.Features + *out = new(FeaturesMigration) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkMigration. +func (in *NetworkMigration) DeepCopy() *NetworkMigration { + if in == nil { + return nil + } + out := new(NetworkMigration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + if in.ClusterNetwork != nil { + in, out := &in.ClusterNetwork, &out.ClusterNetwork + *out = make([]ClusterNetworkEntry, len(*in)) + copy(*out, *in) + } + if in.ServiceNetwork != nil { + in, out := &in.ServiceNetwork, &out.ServiceNetwork + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.DefaultNetwork.DeepCopyInto(&out.DefaultNetwork) + if in.AdditionalNetworks != nil { + in, out := &in.AdditionalNetworks, &out.AdditionalNetworks + *out = make([]AdditionalNetworkDefinition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.DisableMultiNetwork != nil { + in, out := &in.DisableMultiNetwork, &out.DisableMultiNetwork + *out = new(bool) + **out = **in + } + if in.UseMultiNetworkPolicy != nil { + in, out := &in.UseMultiNetworkPolicy, &out.UseMultiNetworkPolicy + *out = new(bool) + **out = **in + } + if in.DeployKubeProxy != nil { + in, out := &in.DeployKubeProxy, &out.DeployKubeProxy + *out = new(bool) + **out = **in + } + if in.KubeProxyConfig != nil { + in, out := &in.KubeProxyConfig, &out.KubeProxyConfig + *out = new(ProxyConfig) + (*in).DeepCopyInto(*out) + } + if in.ExportNetworkFlows != nil { + in, out := &in.ExportNetworkFlows, &out.ExportNetworkFlows + *out = new(ExportNetworkFlows) + (*in).DeepCopyInto(*out) + } + if in.Migration != nil { + in, out := &in.Migration, &out.Migration + *out = new(NetworkMigration) + (*in).DeepCopyInto(*out) + } + if in.AdditionalRoutingCapabilities != nil { + in, out := &in.AdditionalRoutingCapabilities, &out.AdditionalRoutingCapabilities + *out = new(AdditionalRoutingCapabilities) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkSpec. +func (in *NetworkSpec) DeepCopy() *NetworkSpec { + if in == nil { + return nil + } + out := new(NetworkSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkStatus. +func (in *NetworkStatus) DeepCopy() *NetworkStatus { + if in == nil { + return nil + } + out := new(NetworkStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyClusterStatus) DeepCopyInto(out *NodeDisruptionPolicyClusterStatus) { + *out = *in + if in.Files != nil { + in, out := &in.Files, &out.Files + *out = make([]NodeDisruptionPolicyStatusFile, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Units != nil { + in, out := &in.Units, &out.Units + *out = make([]NodeDisruptionPolicyStatusUnit, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.SSHKey.DeepCopyInto(&out.SSHKey) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyClusterStatus. +func (in *NodeDisruptionPolicyClusterStatus) DeepCopy() *NodeDisruptionPolicyClusterStatus { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyClusterStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyConfig) DeepCopyInto(out *NodeDisruptionPolicyConfig) { + *out = *in + if in.Files != nil { + in, out := &in.Files, &out.Files + *out = make([]NodeDisruptionPolicySpecFile, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Units != nil { + in, out := &in.Units, &out.Units + *out = make([]NodeDisruptionPolicySpecUnit, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.SSHKey.DeepCopyInto(&out.SSHKey) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyConfig. +func (in *NodeDisruptionPolicyConfig) DeepCopy() *NodeDisruptionPolicyConfig { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecAction) DeepCopyInto(out *NodeDisruptionPolicySpecAction) { + *out = *in + if in.Reload != nil { + in, out := &in.Reload, &out.Reload + *out = new(ReloadService) + **out = **in + } + if in.Restart != nil { + in, out := &in.Restart, &out.Restart + *out = new(RestartService) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecAction. +func (in *NodeDisruptionPolicySpecAction) DeepCopy() *NodeDisruptionPolicySpecAction { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecAction) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecFile) DeepCopyInto(out *NodeDisruptionPolicySpecFile) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecFile. +func (in *NodeDisruptionPolicySpecFile) DeepCopy() *NodeDisruptionPolicySpecFile { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecFile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecSSHKey) DeepCopyInto(out *NodeDisruptionPolicySpecSSHKey) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecSSHKey. +func (in *NodeDisruptionPolicySpecSSHKey) DeepCopy() *NodeDisruptionPolicySpecSSHKey { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecSSHKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecUnit) DeepCopyInto(out *NodeDisruptionPolicySpecUnit) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecUnit. +func (in *NodeDisruptionPolicySpecUnit) DeepCopy() *NodeDisruptionPolicySpecUnit { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecUnit) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatus) DeepCopyInto(out *NodeDisruptionPolicyStatus) { + *out = *in + in.ClusterPolicies.DeepCopyInto(&out.ClusterPolicies) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatus. +func (in *NodeDisruptionPolicyStatus) DeepCopy() *NodeDisruptionPolicyStatus { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusAction) DeepCopyInto(out *NodeDisruptionPolicyStatusAction) { + *out = *in + if in.Reload != nil { + in, out := &in.Reload, &out.Reload + *out = new(ReloadService) + **out = **in + } + if in.Restart != nil { + in, out := &in.Restart, &out.Restart + *out = new(RestartService) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusAction. +func (in *NodeDisruptionPolicyStatusAction) DeepCopy() *NodeDisruptionPolicyStatusAction { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusAction) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusFile) DeepCopyInto(out *NodeDisruptionPolicyStatusFile) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusFile. +func (in *NodeDisruptionPolicyStatusFile) DeepCopy() *NodeDisruptionPolicyStatusFile { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusFile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusSSHKey) DeepCopyInto(out *NodeDisruptionPolicyStatusSSHKey) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusSSHKey. +func (in *NodeDisruptionPolicyStatusSSHKey) DeepCopy() *NodeDisruptionPolicyStatusSSHKey { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusSSHKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusUnit) DeepCopyInto(out *NodeDisruptionPolicyStatusUnit) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusUnit. +func (in *NodeDisruptionPolicyStatusUnit) DeepCopy() *NodeDisruptionPolicyStatusUnit { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusUnit) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePlacement) DeepCopyInto(out *NodePlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePlacement. +func (in *NodePlacement) DeepCopy() *NodePlacement { + if in == nil { + return nil + } + out := new(NodePlacement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePortStrategy) DeepCopyInto(out *NodePortStrategy) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePortStrategy. +func (in *NodePortStrategy) DeepCopy() *NodePortStrategy { + if in == nil { + return nil + } + out := new(NodePortStrategy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeStatus) DeepCopyInto(out *NodeStatus) { + *out = *in + if in.LastFailedTime != nil { + in, out := &in.LastFailedTime, &out.LastFailedTime + *out = (*in).DeepCopy() + } + if in.LastFailedRevisionErrors != nil { + in, out := &in.LastFailedRevisionErrors, &out.LastFailedRevisionErrors + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeStatus. +func (in *NodeStatus) DeepCopy() *NodeStatus { + if in == nil { + return nil + } + out := new(NodeStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthAPIServerStatus) DeepCopyInto(out *OAuthAPIServerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthAPIServerStatus. +func (in *OAuthAPIServerStatus) DeepCopy() *OAuthAPIServerStatus { + if in == nil { + return nil + } + out := new(OAuthAPIServerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OLM) DeepCopyInto(out *OLM) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OLM. +func (in *OLM) DeepCopy() *OLM { + if in == nil { + return nil + } + out := new(OLM) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OLM) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OLMList) DeepCopyInto(out *OLMList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OLM, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OLMList. +func (in *OLMList) DeepCopy() *OLMList { + if in == nil { + return nil + } + out := new(OLMList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OLMList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OLMSpec) DeepCopyInto(out *OLMSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OLMSpec. +func (in *OLMSpec) DeepCopy() *OLMSpec { + if in == nil { + return nil + } + out := new(OLMSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OLMStatus) DeepCopyInto(out *OLMStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OLMStatus. +func (in *OLMStatus) DeepCopy() *OLMStatus { + if in == nil { + return nil + } + out := new(OLMStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { + *out = *in + if in.MTU != nil { + in, out := &in.MTU, &out.MTU + *out = new(uint32) + **out = **in + } + if in.GenevePort != nil { + in, out := &in.GenevePort, &out.GenevePort + *out = new(uint32) + **out = **in + } + if in.HybridOverlayConfig != nil { + in, out := &in.HybridOverlayConfig, &out.HybridOverlayConfig + *out = new(HybridOverlayConfig) + (*in).DeepCopyInto(*out) + } + if in.IPsecConfig != nil { + in, out := &in.IPsecConfig, &out.IPsecConfig + *out = new(IPsecConfig) + **out = **in + } + if in.PolicyAuditConfig != nil { + in, out := &in.PolicyAuditConfig, &out.PolicyAuditConfig + *out = new(PolicyAuditConfig) + (*in).DeepCopyInto(*out) + } + if in.GatewayConfig != nil { + in, out := &in.GatewayConfig, &out.GatewayConfig + *out = new(GatewayConfig) + **out = **in + } + in.EgressIPConfig.DeepCopyInto(&out.EgressIPConfig) + if in.IPv4 != nil { + in, out := &in.IPv4, &out.IPv4 + *out = new(IPv4OVNKubernetesConfig) + **out = **in + } + if in.IPv6 != nil { + in, out := &in.IPv6, &out.IPv6 + *out = new(IPv6OVNKubernetesConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OVNKubernetesConfig. +func (in *OVNKubernetesConfig) DeepCopy() *OVNKubernetesConfig { + if in == nil { + return nil + } + out := new(OVNKubernetesConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftAPIServer) DeepCopyInto(out *OpenShiftAPIServer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftAPIServer. +func (in *OpenShiftAPIServer) DeepCopy() *OpenShiftAPIServer { + if in == nil { + return nil + } + out := new(OpenShiftAPIServer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OpenShiftAPIServer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftAPIServerList) DeepCopyInto(out *OpenShiftAPIServerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OpenShiftAPIServer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftAPIServerList. +func (in *OpenShiftAPIServerList) DeepCopy() *OpenShiftAPIServerList { + if in == nil { + return nil + } + out := new(OpenShiftAPIServerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OpenShiftAPIServerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftAPIServerSpec) DeepCopyInto(out *OpenShiftAPIServerSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftAPIServerSpec. +func (in *OpenShiftAPIServerSpec) DeepCopy() *OpenShiftAPIServerSpec { + if in == nil { + return nil + } + out := new(OpenShiftAPIServerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftAPIServerStatus) DeepCopyInto(out *OpenShiftAPIServerStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftAPIServerStatus. +func (in *OpenShiftAPIServerStatus) DeepCopy() *OpenShiftAPIServerStatus { + if in == nil { + return nil + } + out := new(OpenShiftAPIServerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftControllerManager) DeepCopyInto(out *OpenShiftControllerManager) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftControllerManager. +func (in *OpenShiftControllerManager) DeepCopy() *OpenShiftControllerManager { + if in == nil { + return nil + } + out := new(OpenShiftControllerManager) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OpenShiftControllerManager) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftControllerManagerList) DeepCopyInto(out *OpenShiftControllerManagerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OpenShiftControllerManager, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftControllerManagerList. +func (in *OpenShiftControllerManagerList) DeepCopy() *OpenShiftControllerManagerList { + if in == nil { + return nil + } + out := new(OpenShiftControllerManagerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OpenShiftControllerManagerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftControllerManagerSpec) DeepCopyInto(out *OpenShiftControllerManagerSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftControllerManagerSpec. +func (in *OpenShiftControllerManagerSpec) DeepCopy() *OpenShiftControllerManagerSpec { + if in == nil { + return nil + } + out := new(OpenShiftControllerManagerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftControllerManagerStatus) DeepCopyInto(out *OpenShiftControllerManagerStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftControllerManagerStatus. +func (in *OpenShiftControllerManagerStatus) DeepCopy() *OpenShiftControllerManagerStatus { + if in == nil { + return nil + } + out := new(OpenShiftControllerManagerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenShiftSDNConfig) DeepCopyInto(out *OpenShiftSDNConfig) { + *out = *in + if in.VXLANPort != nil { + in, out := &in.VXLANPort, &out.VXLANPort + *out = new(uint32) + **out = **in + } + if in.MTU != nil { + in, out := &in.MTU, &out.MTU + *out = new(uint32) + **out = **in + } + if in.UseExternalOpenvswitch != nil { + in, out := &in.UseExternalOpenvswitch, &out.UseExternalOpenvswitch + *out = new(bool) + **out = **in + } + if in.EnableUnidling != nil { + in, out := &in.EnableUnidling, &out.EnableUnidling + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftSDNConfig. +func (in *OpenShiftSDNConfig) DeepCopy() *OpenShiftSDNConfig { + if in == nil { + return nil + } + out := new(OpenShiftSDNConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackLoadBalancerParameters) DeepCopyInto(out *OpenStackLoadBalancerParameters) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackLoadBalancerParameters. +func (in *OpenStackLoadBalancerParameters) DeepCopy() *OpenStackLoadBalancerParameters { + if in == nil { + return nil + } + out := new(OpenStackLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorCondition) DeepCopyInto(out *OperatorCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorCondition. +func (in *OperatorCondition) DeepCopy() *OperatorCondition { + if in == nil { + return nil + } + out := new(OperatorCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorSpec) DeepCopyInto(out *OperatorSpec) { + *out = *in + in.UnsupportedConfigOverrides.DeepCopyInto(&out.UnsupportedConfigOverrides) + in.ObservedConfig.DeepCopyInto(&out.ObservedConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorSpec. +func (in *OperatorSpec) DeepCopy() *OperatorSpec { + if in == nil { + return nil + } + out := new(OperatorSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorStatus) DeepCopyInto(out *OperatorStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]OperatorCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Generations != nil { + in, out := &in.Generations, &out.Generations + *out = make([]GenerationStatus, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorStatus. +func (in *OperatorStatus) DeepCopy() *OperatorStatus { + if in == nil { + return nil + } + out := new(OperatorStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PartialSelector) DeepCopyInto(out *PartialSelector) { + *out = *in + if in.MachineResourceSelector != nil { + in, out := &in.MachineResourceSelector, &out.MachineResourceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartialSelector. +func (in *PartialSelector) DeepCopy() *PartialSelector { + if in == nil { + return nil + } + out := new(PartialSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Perspective) DeepCopyInto(out *Perspective) { + *out = *in + in.Visibility.DeepCopyInto(&out.Visibility) + if in.PinnedResources != nil { + in, out := &in.PinnedResources, &out.PinnedResources + *out = new([]PinnedResourceReference) + if **in != nil { + in, out := *in, *out + *out = make([]PinnedResourceReference, len(*in)) + copy(*out, *in) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Perspective. +func (in *Perspective) DeepCopy() *Perspective { + if in == nil { + return nil + } + out := new(Perspective) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PerspectiveVisibility) DeepCopyInto(out *PerspectiveVisibility) { + *out = *in + if in.AccessReview != nil { + in, out := &in.AccessReview, &out.AccessReview + *out = new(ResourceAttributesAccessReview) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerspectiveVisibility. +func (in *PerspectiveVisibility) DeepCopy() *PerspectiveVisibility { + if in == nil { + return nil + } + out := new(PerspectiveVisibility) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedResourceReference) DeepCopyInto(out *PinnedResourceReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedResourceReference. +func (in *PinnedResourceReference) DeepCopy() *PinnedResourceReference { + if in == nil { + return nil + } + out := new(PinnedResourceReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyAuditConfig) DeepCopyInto(out *PolicyAuditConfig) { + *out = *in + if in.RateLimit != nil { + in, out := &in.RateLimit, &out.RateLimit + *out = new(uint32) + **out = **in + } + if in.MaxFileSize != nil { + in, out := &in.MaxFileSize, &out.MaxFileSize + *out = new(uint32) + **out = **in + } + if in.MaxLogFiles != nil { + in, out := &in.MaxLogFiles, &out.MaxLogFiles + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyAuditConfig. +func (in *PolicyAuditConfig) DeepCopy() *PolicyAuditConfig { + if in == nil { + return nil + } + out := new(PolicyAuditConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrivateStrategy) DeepCopyInto(out *PrivateStrategy) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateStrategy. +func (in *PrivateStrategy) DeepCopy() *PrivateStrategy { + if in == nil { + return nil + } + out := new(PrivateStrategy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectAccess) DeepCopyInto(out *ProjectAccess) { + *out = *in + if in.AvailableClusterRoles != nil { + in, out := &in.AvailableClusterRoles, &out.AvailableClusterRoles + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectAccess. +func (in *ProjectAccess) DeepCopy() *ProjectAccess { + if in == nil { + return nil + } + out := new(ProjectAccess) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProviderLoadBalancerParameters) DeepCopyInto(out *ProviderLoadBalancerParameters) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSLoadBalancerParameters) + (*in).DeepCopyInto(*out) + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPLoadBalancerParameters) + **out = **in + } + if in.IBM != nil { + in, out := &in.IBM, &out.IBM + *out = new(IBMLoadBalancerParameters) + **out = **in + } + if in.OpenStack != nil { + in, out := &in.OpenStack, &out.OpenStack + *out = new(OpenStackLoadBalancerParameters) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderLoadBalancerParameters. +func (in *ProviderLoadBalancerParameters) DeepCopy() *ProviderLoadBalancerParameters { + if in == nil { + return nil + } + out := new(ProviderLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ProxyArgumentList) DeepCopyInto(out *ProxyArgumentList) { + { + in := &in + *out = make(ProxyArgumentList, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyArgumentList. +func (in ProxyArgumentList) DeepCopy() ProxyArgumentList { + if in == nil { + return nil + } + out := new(ProxyArgumentList) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProxyConfig) DeepCopyInto(out *ProxyConfig) { + *out = *in + if in.ProxyArguments != nil { + in, out := &in.ProxyArguments, &out.ProxyArguments + *out = make(map[string]ProxyArgumentList, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ProxyArgumentList, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfig. +func (in *ProxyConfig) DeepCopy() *ProxyConfig { + if in == nil { + return nil + } + out := new(ProxyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuickStarts) DeepCopyInto(out *QuickStarts) { + *out = *in + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuickStarts. +func (in *QuickStarts) DeepCopy() *QuickStarts { + if in == nil { + return nil + } + out := new(QuickStarts) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReloadService) DeepCopyInto(out *ReloadService) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReloadService. +func (in *ReloadService) DeepCopy() *ReloadService { + if in == nil { + return nil + } + out := new(ReloadService) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ResourceAttributesAccessReview) DeepCopyInto(out *ResourceAttributesAccessReview) { + *out = *in + if in.Required != nil { + in, out := &in.Required, &out.Required + *out = make([]authorizationv1.ResourceAttributes, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Missing != nil { + in, out := &in.Missing, &out.Missing + *out = make([]authorizationv1.ResourceAttributes, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceAttributesAccessReview. +func (in *ResourceAttributesAccessReview) DeepCopy() *ResourceAttributesAccessReview { + if in == nil { + return nil + } + out := new(ResourceAttributesAccessReview) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestartService) DeepCopyInto(out *RestartService) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestartService. +func (in *RestartService) DeepCopy() *RestartService { + if in == nil { + return nil + } + out := new(RestartService) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RouteAdmissionPolicy) DeepCopyInto(out *RouteAdmissionPolicy) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteAdmissionPolicy. +func (in *RouteAdmissionPolicy) DeepCopy() *RouteAdmissionPolicy { + if in == nil { + return nil + } + out := new(RouteAdmissionPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SFlowConfig) DeepCopyInto(out *SFlowConfig) { + *out = *in + if in.Collectors != nil { + in, out := &in.Collectors, &out.Collectors + *out = make([]IPPort, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SFlowConfig. +func (in *SFlowConfig) DeepCopy() *SFlowConfig { + if in == nil { + return nil + } + out := new(SFlowConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Server) DeepCopyInto(out *Server) { + *out = *in + if in.Zones != nil { + in, out := &in.Zones, &out.Zones + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.ForwardPlugin.DeepCopyInto(&out.ForwardPlugin) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Server. +func (in *Server) DeepCopy() *Server { + if in == nil { + return nil + } + out := new(Server) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountIssuerStatus) DeepCopyInto(out *ServiceAccountIssuerStatus) { + *out = *in + if in.ExpirationTime != nil { + in, out := &in.ExpirationTime, &out.ExpirationTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountIssuerStatus. +func (in *ServiceAccountIssuerStatus) DeepCopy() *ServiceAccountIssuerStatus { + if in == nil { + return nil + } + out := new(ServiceAccountIssuerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCA) DeepCopyInto(out *ServiceCA) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCA. +func (in *ServiceCA) DeepCopy() *ServiceCA { + if in == nil { + return nil + } + out := new(ServiceCA) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ServiceCA) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCAList) DeepCopyInto(out *ServiceCAList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ServiceCA, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCAList. +func (in *ServiceCAList) DeepCopy() *ServiceCAList { + if in == nil { + return nil + } + out := new(ServiceCAList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ServiceCAList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCASpec) DeepCopyInto(out *ServiceCASpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCASpec. +func (in *ServiceCASpec) DeepCopy() *ServiceCASpec { + if in == nil { + return nil + } + out := new(ServiceCASpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCAStatus) DeepCopyInto(out *ServiceCAStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCAStatus. +func (in *ServiceCAStatus) DeepCopy() *ServiceCAStatus { + if in == nil { + return nil + } + out := new(ServiceCAStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCatalogAPIServer) DeepCopyInto(out *ServiceCatalogAPIServer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCatalogAPIServer. +func (in *ServiceCatalogAPIServer) DeepCopy() *ServiceCatalogAPIServer { + if in == nil { + return nil + } + out := new(ServiceCatalogAPIServer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ServiceCatalogAPIServer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCatalogAPIServerList) DeepCopyInto(out *ServiceCatalogAPIServerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ServiceCatalogAPIServer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCatalogAPIServerList. +func (in *ServiceCatalogAPIServerList) DeepCopy() *ServiceCatalogAPIServerList { + if in == nil { + return nil + } + out := new(ServiceCatalogAPIServerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ServiceCatalogAPIServerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCatalogAPIServerSpec) DeepCopyInto(out *ServiceCatalogAPIServerSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCatalogAPIServerSpec. +func (in *ServiceCatalogAPIServerSpec) DeepCopy() *ServiceCatalogAPIServerSpec { + if in == nil { + return nil + } + out := new(ServiceCatalogAPIServerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCatalogAPIServerStatus) DeepCopyInto(out *ServiceCatalogAPIServerStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCatalogAPIServerStatus. +func (in *ServiceCatalogAPIServerStatus) DeepCopy() *ServiceCatalogAPIServerStatus { + if in == nil { + return nil + } + out := new(ServiceCatalogAPIServerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCatalogControllerManager) DeepCopyInto(out *ServiceCatalogControllerManager) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCatalogControllerManager. +func (in *ServiceCatalogControllerManager) DeepCopy() *ServiceCatalogControllerManager { + if in == nil { + return nil + } + out := new(ServiceCatalogControllerManager) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ServiceCatalogControllerManager) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCatalogControllerManagerList) DeepCopyInto(out *ServiceCatalogControllerManagerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ServiceCatalogControllerManager, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCatalogControllerManagerList. +func (in *ServiceCatalogControllerManagerList) DeepCopy() *ServiceCatalogControllerManagerList { + if in == nil { + return nil + } + out := new(ServiceCatalogControllerManagerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ServiceCatalogControllerManagerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCatalogControllerManagerSpec) DeepCopyInto(out *ServiceCatalogControllerManagerSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCatalogControllerManagerSpec. +func (in *ServiceCatalogControllerManagerSpec) DeepCopy() *ServiceCatalogControllerManagerSpec { + if in == nil { + return nil + } + out := new(ServiceCatalogControllerManagerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceCatalogControllerManagerStatus) DeepCopyInto(out *ServiceCatalogControllerManagerStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceCatalogControllerManagerStatus. +func (in *ServiceCatalogControllerManagerStatus) DeepCopy() *ServiceCatalogControllerManagerStatus { + if in == nil { + return nil + } + out := new(ServiceCatalogControllerManagerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SimpleMacvlanConfig) DeepCopyInto(out *SimpleMacvlanConfig) { + *out = *in + if in.IPAMConfig != nil { + in, out := &in.IPAMConfig, &out.IPAMConfig + *out = new(IPAMConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SimpleMacvlanConfig. +func (in *SimpleMacvlanConfig) DeepCopy() *SimpleMacvlanConfig { + if in == nil { + return nil + } + out := new(SimpleMacvlanConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StaticIPAMAddresses) DeepCopyInto(out *StaticIPAMAddresses) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticIPAMAddresses. +func (in *StaticIPAMAddresses) DeepCopy() *StaticIPAMAddresses { + if in == nil { + return nil + } + out := new(StaticIPAMAddresses) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StaticIPAMConfig) DeepCopyInto(out *StaticIPAMConfig) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]StaticIPAMAddresses, len(*in)) + copy(*out, *in) + } + if in.Routes != nil { + in, out := &in.Routes, &out.Routes + *out = make([]StaticIPAMRoutes, len(*in)) + copy(*out, *in) + } + if in.DNS != nil { + in, out := &in.DNS, &out.DNS + *out = new(StaticIPAMDNS) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticIPAMConfig. +func (in *StaticIPAMConfig) DeepCopy() *StaticIPAMConfig { + if in == nil { + return nil + } + out := new(StaticIPAMConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StaticIPAMDNS) DeepCopyInto(out *StaticIPAMDNS) { + *out = *in + if in.Nameservers != nil { + in, out := &in.Nameservers, &out.Nameservers + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Search != nil { + in, out := &in.Search, &out.Search + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticIPAMDNS. +func (in *StaticIPAMDNS) DeepCopy() *StaticIPAMDNS { + if in == nil { + return nil + } + out := new(StaticIPAMDNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StaticIPAMRoutes) DeepCopyInto(out *StaticIPAMRoutes) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticIPAMRoutes. +func (in *StaticIPAMRoutes) DeepCopy() *StaticIPAMRoutes { + if in == nil { + return nil + } + out := new(StaticIPAMRoutes) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StaticPodOperatorSpec) DeepCopyInto(out *StaticPodOperatorSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticPodOperatorSpec. +func (in *StaticPodOperatorSpec) DeepCopy() *StaticPodOperatorSpec { + if in == nil { + return nil + } + out := new(StaticPodOperatorSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StaticPodOperatorStatus) DeepCopyInto(out *StaticPodOperatorStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + if in.NodeStatuses != nil { + in, out := &in.NodeStatuses, &out.NodeStatuses + *out = make([]NodeStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticPodOperatorStatus. +func (in *StaticPodOperatorStatus) DeepCopy() *StaticPodOperatorStatus { + if in == nil { + return nil + } + out := new(StaticPodOperatorStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatuspageProvider) DeepCopyInto(out *StatuspageProvider) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatuspageProvider. +func (in *StatuspageProvider) DeepCopy() *StatuspageProvider { + if in == nil { + return nil + } + out := new(StatuspageProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Storage) DeepCopyInto(out *Storage) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Storage. +func (in *Storage) DeepCopy() *Storage { + if in == nil { + return nil + } + out := new(Storage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Storage) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageList) DeepCopyInto(out *StorageList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Storage, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageList. +func (in *StorageList) DeepCopy() *StorageList { + if in == nil { + return nil + } + out := new(StorageList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *StorageList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageSpec) DeepCopyInto(out *StorageSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageSpec. +func (in *StorageSpec) DeepCopy() *StorageSpec { + if in == nil { + return nil + } + out := new(StorageSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageStatus) DeepCopyInto(out *StorageStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageStatus. +func (in *StorageStatus) DeepCopy() *StorageStatus { + if in == nil { + return nil + } + out := new(StorageStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyslogLoggingDestinationParameters) DeepCopyInto(out *SyslogLoggingDestinationParameters) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyslogLoggingDestinationParameters. +func (in *SyslogLoggingDestinationParameters) DeepCopy() *SyslogLoggingDestinationParameters { + if in == nil { + return nil + } + out := new(SyslogLoggingDestinationParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Upstream) DeepCopyInto(out *Upstream) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Upstream. +func (in *Upstream) DeepCopy() *Upstream { + if in == nil { + return nil + } + out := new(Upstream) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpstreamResolvers) DeepCopyInto(out *UpstreamResolvers) { + *out = *in + if in.Upstreams != nil { + in, out := &in.Upstreams, &out.Upstreams + *out = make([]Upstream, len(*in)) + copy(*out, *in) + } + in.TransportConfig.DeepCopyInto(&out.TransportConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamResolvers. +func (in *UpstreamResolvers) DeepCopy() *UpstreamResolvers { + if in == nil { + return nil + } + out := new(UpstreamResolvers) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSphereCSIDriverConfigSpec) DeepCopyInto(out *VSphereCSIDriverConfigSpec) { + *out = *in + if in.TopologyCategories != nil { + in, out := &in.TopologyCategories, &out.TopologyCategories + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.GlobalMaxSnapshotsPerBlockVolume != nil { + in, out := &in.GlobalMaxSnapshotsPerBlockVolume, &out.GlobalMaxSnapshotsPerBlockVolume + *out = new(uint32) + **out = **in + } + if in.GranularMaxSnapshotsPerBlockVolumeInVSAN != nil { + in, out := &in.GranularMaxSnapshotsPerBlockVolumeInVSAN, &out.GranularMaxSnapshotsPerBlockVolumeInVSAN + *out = new(uint32) + **out = **in + } + if in.GranularMaxSnapshotsPerBlockVolumeInVVOL != nil { + in, out := &in.GranularMaxSnapshotsPerBlockVolumeInVVOL, &out.GranularMaxSnapshotsPerBlockVolumeInVVOL + *out = new(uint32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSphereCSIDriverConfigSpec. +func (in *VSphereCSIDriverConfigSpec) DeepCopy() *VSphereCSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(VSphereCSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 000000000..4feeafff9 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,455 @@ +authentications.operator.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: authentications.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: authentication + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: Authentication + Labels: {} + PluralName: authentications + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +csisnapshotcontrollers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/562 + CRDName: csisnapshotcontrollers.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: csi-snapshot-controller + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" + GroupName: operator.openshift.io + HasStatus: true + KindName: CSISnapshotController + Labels: {} + PluralName: csisnapshotcontrollers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +cloudcredentials.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/692 + CRDName: cloudcredentials.operator.openshift.io + Capability: CloudCredential + Category: "" + FeatureGates: [] + FilenameOperatorName: cloud-credential + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_40" + GroupName: operator.openshift.io + HasStatus: true + KindName: CloudCredential + Labels: {} + PluralName: cloudcredentials + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +clustercsidrivers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/701 + CRDName: clustercsidrivers.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - AWSEFSDriverVolumeMetrics + - VSphereDriverConfiguration + FilenameOperatorName: csi-driver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_90" + GroupName: operator.openshift.io + HasStatus: true + KindName: ClusterCSIDriver + Labels: {} + PluralName: clustercsidrivers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +configs.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/612 + CRDName: configs.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: Config + Labels: {} + PluralName: configs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consoles.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/486 + CRDName: consoles.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: console + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: Console + Labels: {} + PluralName: consoles + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +dnses.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: dnses.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: dns + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_70" + GroupName: operator.openshift.io + HasStatus: true + KindName: DNS + Labels: {} + PluralName: dnses + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +etcds.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/752 + CRDName: etcds.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: + - EtcdBackendQuota + - HardwareSpeed + FilenameOperatorName: etcd + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_12" + GroupName: operator.openshift.io + HasStatus: true + KindName: Etcd + Labels: {} + PluralName: etcds + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +ingresscontrollers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/616 + CRDName: ingresscontrollers.operator.openshift.io + Capability: Ingress + Category: "" + FeatureGates: + - IngressControllerLBSubnetsAWS + - SetEIPForNLBIngressController + FilenameOperatorName: ingress + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: IngressController + Labels: {} + PluralName: ingresscontrollers + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +insightsoperators.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1237 + CRDName: insightsoperators.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: insights + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: InsightsOperator + Labels: {} + PluralName: insightsoperators + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +kubeapiservers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: kubeapiservers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: kube-apiserver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_20" + GroupName: operator.openshift.io + HasStatus: true + KindName: KubeAPIServer + Labels: {} + PluralName: kubeapiservers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +kubecontrollermanagers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: kubecontrollermanagers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: kube-controller-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_25" + GroupName: operator.openshift.io + HasStatus: true + KindName: KubeControllerManager + Labels: {} + PluralName: kubecontrollermanagers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +kubeschedulers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: kubeschedulers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: kube-scheduler + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_25" + GroupName: operator.openshift.io + HasStatus: true + KindName: KubeScheduler + Labels: {} + PluralName: kubeschedulers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +kubestorageversionmigrators.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/503 + CRDName: kubestorageversionmigrators.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: kube-storage-version-migrator + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_40" + GroupName: operator.openshift.io + HasStatus: true + KindName: KubeStorageVersionMigrator + Labels: {} + PluralName: kubestorageversionmigrators + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +machineconfigurations.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1453 + CRDName: machineconfigurations.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ManagedBootImages + - NodeDisruptionPolicy + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" + GroupName: operator.openshift.io + HasStatus: true + KindName: MachineConfiguration + Labels: {} + PluralName: machineconfigurations + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +networks.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: networks.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - AdditionalRoutingCapabilities + - NetworkLiveMigration + - RouteAdvertisements + FilenameOperatorName: network + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_70" + GroupName: operator.openshift.io + HasStatus: true + KindName: Network + Labels: {} + PluralName: networks + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +olms.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1504 + CRDName: olms.operator.openshift.io + Capability: OperatorLifecycleManagerV1 + Category: "" + FeatureGates: + - NewOLM + FilenameOperatorName: operator-lifecycle-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: OLM + Labels: {} + PluralName: olms + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - NewOLM + Version: v1 + +openshiftapiservers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: openshiftapiservers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: openshift-apiserver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_30" + GroupName: operator.openshift.io + HasStatus: true + KindName: OpenShiftAPIServer + Labels: {} + PluralName: openshiftapiservers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +openshiftcontrollermanagers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: openshiftcontrollermanagers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: openshift-controller-manager + FilenameOperatorOrdering: "02" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: OpenShiftControllerManager + Labels: {} + PluralName: openshiftcontrollermanagers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +servicecas.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: servicecas.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: service-ca + FilenameOperatorOrdering: "02" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: ServiceCA + Labels: {} + PluralName: servicecas + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +storages.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/670 + CRDName: storages.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: storage + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: Storage + Labels: {} + PluralName: storages + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/authentications.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/authentications.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..771c6cd8b --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/authentications.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,221 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: authentication + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + include.release.openshift.io/self-managed-high-availability: "true" + name: authentications.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Authentication + listKind: AuthenticationList + plural: authentications + singular: authentication + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Authentication provides information to configure an operator to manage authentication. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + oauthAPIServer: + description: OAuthAPIServer holds status specific only to oauth-apiserver + properties: + latestAvailableRevision: + description: |- + LatestAvailableRevision is the latest revision used as suffix of revisioned + secrets like encryption-config. A new revision causes a new deployment of pods. + format: int32 + minimum: 0 + type: integer + type: object + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/cloudcredentials.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/cloudcredentials.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..11382fb87 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/cloudcredentials.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,231 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/692 + api.openshift.io/filename-cvo-runlevel: "0000_40" + api.openshift.io/filename-operator: cloud-credential + api.openshift.io/filename-ordering: "00" + capability.openshift.io/name: CloudCredential + feature-gate.release.openshift.io/: "true" + name: cloudcredentials.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: CloudCredential + listKind: CloudCredentialList + plural: cloudcredentials + singular: cloudcredential + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + CloudCredential provides a means to configure an operator to manage CredentialsRequests. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CloudCredentialSpec is the specification of the desired behavior + of the cloud-credential-operator. + properties: + credentialsMode: + description: |- + CredentialsMode allows informing CCO that it should not attempt to dynamically + determine the root cloud credentials capabilities, and it should just run in + the specified mode. + It also allows putting the operator into "manual" mode if desired. + Leaving the field in default mode runs CCO so that the cluster's cloud credentials + will be dynamically probed for capabilities (on supported clouds/platforms). + Supported modes: + AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" + Others: Do not set value as other platforms only support running in "Passthrough" + enum: + - "" + - Manual + - Mint + - Passthrough + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: CloudCredentialStatus defines the observed status of the + cloud-credential-operator. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..8aa6490fa --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,395 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/701 + api.openshift.io/filename-cvo-runlevel: "0000_90" + api.openshift.io/filename-operator: csi-driver + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: clustercsidrivers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: ClusterCSIDriver + listKind: ClusterCSIDriverList + plural: clustercsidrivers + singular: clustercsidriver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ClusterCSIDriver object allows management and configuration of a CSI driver operator + installed by default in OpenShift. Name of the object must be name of the CSI driver + it operates. See CSIDriverName type for list of allowed values. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + driverConfig: + description: |- + driverConfig can be used to specify platform specific driver configuration. + When omitted, this means no opinion and the platform is left to choose reasonable + defaults. These defaults are subject to change over time. + properties: + aws: + description: aws is used to configure the AWS CSI driver. + properties: + kmsKeyARN: + description: |- + kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, + rather than the default KMS key used by AWS. + The value may be either the ARN or Alias ARN of a KMS key. + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ + type: string + type: object + azure: + description: azure is used to configure the Azure CSI driver. + properties: + diskEncryptionSet: + description: |- + diskEncryptionSet sets the cluster default storage class to encrypt volumes with a + customer-managed encryption set, rather than the default platform-managed keys. + properties: + name: + description: |- + name is the name of the disk encryption set that will be set on the default storage class. + The value should consist of only alphanumberic characters, + underscores (_), hyphens, and be at most 80 characters in length. + maxLength: 80 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + resourceGroup: + description: |- + resourceGroup defines the Azure resource group that contains the disk encryption set. + The value should consist of only alphanumberic characters, + underscores (_), parentheses, hyphens and periods. + The value should not end in a period and be at most 90 characters in + length. + maxLength: 90 + pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ + type: string + subscriptionID: + description: |- + subscriptionID defines the Azure subscription that contains the disk encryption set. + The value should meet the following conditions: + 1. It should be a 128-bit number. + 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. + 3. It should be displayed in five groups separated by hyphens (-). + 4. The first group should be 8 characters long. + 5. The second, third, and fourth groups should be 4 characters long. + 6. The fifth group should be 12 characters long. + An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378 + maxLength: 36 + pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ + type: string + required: + - name + - resourceGroup + - subscriptionID + type: object + type: object + driverType: + description: |- + driverType indicates type of CSI driver for which the + driverConfig is being applied to. + Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + Consumers should treat unknown values as a NO-OP. + enum: + - "" + - AWS + - Azure + - GCP + - IBMCloud + - vSphere + type: string + gcp: + description: gcp is used to configure the GCP CSI driver. + properties: + kmsKey: + description: |- + kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied + encryption keys, rather than the default keys managed by GCP. + properties: + keyRing: + description: |- + keyRing is the name of the KMS Key Ring which the KMS Key belongs to. + The value should correspond to an existing KMS key ring and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + location: + description: |- + location is the GCP location in which the Key Ring exists. + The value must match an existing GCP location, or "global". + Defaults to global, if not set. + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + name: + description: |- + name is the name of the customer-managed encryption key to be used for disk encryption. + The value should correspond to an existing KMS key and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + projectID: + description: |- + projectID is the ID of the Project in which the KMS Key Ring exists. + It must be 6 to 30 lowercase letters, digits, or hyphens. + It must start with a letter. Trailing hyphens are prohibited. + maxLength: 30 + minLength: 6 + pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ + type: string + required: + - keyRing + - name + - projectID + type: object + type: object + ibmcloud: + description: ibmcloud is used to configure the IBM Cloud CSI driver. + properties: + encryptionKeyCRN: + description: |- + encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use + for disk encryption of volumes for the default storage classes. + maxLength: 154 + minLength: 144 + pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ + type: string + required: + - encryptionKeyCRN + type: object + vSphere: + description: vsphere is used to configure the vsphere CSI driver. + properties: + topologyCategories: + description: |- + topologyCategories indicates tag categories with which + vcenter resources such as hostcluster or datacenter were tagged with. + If cluster Infrastructure object has a topology, values specified in + Infrastructure object will be used and modifications to topologyCategories + will be rejected. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + required: + - driverType + type: object + x-kubernetes-validations: + - message: ibmcloud must be set if driverType is 'IBMCloud', but remain + unset otherwise + rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? + has(self.ibmcloud) : !has(self.ibmcloud)' + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + storageClassState: + description: |- + StorageClassState determines if CSI operator should create and manage storage classes. + If this field value is empty or Managed - CSI operator will continuously reconcile + storage class and create if necessary. + If this field value is Unmanaged - CSI operator will not reconcile any previously created + storage class. + If this field value is Removed - CSI operator will delete the storage class it created previously. + When omitted, this means the user has no opinion and the platform chooses a reasonable default, + which is subject to change over time. + The current default behaviour is Managed. + enum: + - "" + - Managed + - Unmanaged + - Removed + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AWSEFSDriverVolumeMetrics.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AWSEFSDriverVolumeMetrics.yaml new file mode 100644 index 000000000..f9ca94a60 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/AWSEFSDriverVolumeMetrics.yaml @@ -0,0 +1,439 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/701 + api.openshift.io/filename-cvo-runlevel: "0000_90" + api.openshift.io/filename-operator: csi-driver + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/AWSEFSDriverVolumeMetrics: "true" + name: clustercsidrivers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: ClusterCSIDriver + listKind: ClusterCSIDriverList + plural: clustercsidrivers + singular: clustercsidriver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ClusterCSIDriver object allows management and configuration of a CSI driver operator + installed by default in OpenShift. Name of the object must be name of the CSI driver + it operates. See CSIDriverName type for list of allowed values. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + driverConfig: + description: |- + driverConfig can be used to specify platform specific driver configuration. + When omitted, this means no opinion and the platform is left to choose reasonable + defaults. These defaults are subject to change over time. + properties: + aws: + description: aws is used to configure the AWS CSI driver. + properties: + efsVolumeMetrics: + description: efsVolumeMetrics sets the configuration for collecting + metrics from EFS volumes used by the EFS CSI Driver. + properties: + recursiveWalk: + description: |- + recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver + when the state is set to RecursiveWalk. + properties: + fsRateLimit: + description: |- + fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is 5. + The valid range is from 1 to 100 goroutines. + format: int32 + maximum: 100 + minimum: 1 + type: integer + refreshPeriodMinutes: + description: |- + refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is 240. + The valid range is from 1 to 43200 minutes (30 days). + format: int32 + maximum: 43200 + minimum: 1 + type: integer + type: object + state: + description: |- + state defines the state of metric collection in the AWS EFS CSI Driver. + This field is required and must be set to one of the following values: Disabled or RecursiveWalk. + Disabled means no metrics collection will be performed. This is the default value. + RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. + This process may result in high CPU and memory usage, depending on the volume size. + enum: + - RecursiveWalk + - Disabled + type: string + required: + - state + type: object + kmsKeyARN: + description: |- + kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, + rather than the default KMS key used by AWS. + The value may be either the ARN or Alias ARN of a KMS key. + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ + type: string + type: object + azure: + description: azure is used to configure the Azure CSI driver. + properties: + diskEncryptionSet: + description: |- + diskEncryptionSet sets the cluster default storage class to encrypt volumes with a + customer-managed encryption set, rather than the default platform-managed keys. + properties: + name: + description: |- + name is the name of the disk encryption set that will be set on the default storage class. + The value should consist of only alphanumberic characters, + underscores (_), hyphens, and be at most 80 characters in length. + maxLength: 80 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + resourceGroup: + description: |- + resourceGroup defines the Azure resource group that contains the disk encryption set. + The value should consist of only alphanumberic characters, + underscores (_), parentheses, hyphens and periods. + The value should not end in a period and be at most 90 characters in + length. + maxLength: 90 + pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ + type: string + subscriptionID: + description: |- + subscriptionID defines the Azure subscription that contains the disk encryption set. + The value should meet the following conditions: + 1. It should be a 128-bit number. + 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. + 3. It should be displayed in five groups separated by hyphens (-). + 4. The first group should be 8 characters long. + 5. The second, third, and fourth groups should be 4 characters long. + 6. The fifth group should be 12 characters long. + An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378 + maxLength: 36 + pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ + type: string + required: + - name + - resourceGroup + - subscriptionID + type: object + type: object + driverType: + description: |- + driverType indicates type of CSI driver for which the + driverConfig is being applied to. + Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + Consumers should treat unknown values as a NO-OP. + enum: + - "" + - AWS + - Azure + - GCP + - IBMCloud + - vSphere + type: string + gcp: + description: gcp is used to configure the GCP CSI driver. + properties: + kmsKey: + description: |- + kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied + encryption keys, rather than the default keys managed by GCP. + properties: + keyRing: + description: |- + keyRing is the name of the KMS Key Ring which the KMS Key belongs to. + The value should correspond to an existing KMS key ring and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + location: + description: |- + location is the GCP location in which the Key Ring exists. + The value must match an existing GCP location, or "global". + Defaults to global, if not set. + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + name: + description: |- + name is the name of the customer-managed encryption key to be used for disk encryption. + The value should correspond to an existing KMS key and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + projectID: + description: |- + projectID is the ID of the Project in which the KMS Key Ring exists. + It must be 6 to 30 lowercase letters, digits, or hyphens. + It must start with a letter. Trailing hyphens are prohibited. + maxLength: 30 + minLength: 6 + pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ + type: string + required: + - keyRing + - name + - projectID + type: object + type: object + ibmcloud: + description: ibmcloud is used to configure the IBM Cloud CSI driver. + properties: + encryptionKeyCRN: + description: |- + encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use + for disk encryption of volumes for the default storage classes. + maxLength: 154 + minLength: 144 + pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ + type: string + required: + - encryptionKeyCRN + type: object + vSphere: + description: vsphere is used to configure the vsphere CSI driver. + properties: + topologyCategories: + description: |- + topologyCategories indicates tag categories with which + vcenter resources such as hostcluster or datacenter were tagged with. + If cluster Infrastructure object has a topology, values specified in + Infrastructure object will be used and modifications to topologyCategories + will be rejected. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + required: + - driverType + type: object + x-kubernetes-validations: + - message: ibmcloud must be set if driverType is 'IBMCloud', but remain + unset otherwise + rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? + has(self.ibmcloud) : !has(self.ibmcloud)' + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + storageClassState: + description: |- + StorageClassState determines if CSI operator should create and manage storage classes. + If this field value is empty or Managed - CSI operator will continuously reconcile + storage class and create if necessary. + If this field value is Unmanaged - CSI operator will not reconcile any previously created + storage class. + If this field value is Removed - CSI operator will delete the storage class it created previously. + When omitted, this means the user has no opinion and the platform chooses a reasonable default, + which is subject to change over time. + The current default behaviour is Managed. + enum: + - "" + - Managed + - Unmanaged + - Removed + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/VSphereDriverConfiguration.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/VSphereDriverConfiguration.yaml new file mode 100644 index 000000000..999424809 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/clustercsidrivers.operator.openshift.io/VSphereDriverConfiguration.yaml @@ -0,0 +1,424 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/701 + api.openshift.io/filename-cvo-runlevel: "0000_90" + api.openshift.io/filename-operator: csi-driver + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/VSphereDriverConfiguration: "true" + name: clustercsidrivers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: ClusterCSIDriver + listKind: ClusterCSIDriverList + plural: clustercsidrivers + singular: clustercsidriver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ClusterCSIDriver object allows management and configuration of a CSI driver operator + installed by default in OpenShift. Name of the object must be name of the CSI driver + it operates. See CSIDriverName type for list of allowed values. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + driverConfig: + description: |- + driverConfig can be used to specify platform specific driver configuration. + When omitted, this means no opinion and the platform is left to choose reasonable + defaults. These defaults are subject to change over time. + properties: + aws: + description: aws is used to configure the AWS CSI driver. + properties: + kmsKeyARN: + description: |- + kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, + rather than the default KMS key used by AWS. + The value may be either the ARN or Alias ARN of a KMS key. + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ + type: string + type: object + azure: + description: azure is used to configure the Azure CSI driver. + properties: + diskEncryptionSet: + description: |- + diskEncryptionSet sets the cluster default storage class to encrypt volumes with a + customer-managed encryption set, rather than the default platform-managed keys. + properties: + name: + description: |- + name is the name of the disk encryption set that will be set on the default storage class. + The value should consist of only alphanumberic characters, + underscores (_), hyphens, and be at most 80 characters in length. + maxLength: 80 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + resourceGroup: + description: |- + resourceGroup defines the Azure resource group that contains the disk encryption set. + The value should consist of only alphanumberic characters, + underscores (_), parentheses, hyphens and periods. + The value should not end in a period and be at most 90 characters in + length. + maxLength: 90 + pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ + type: string + subscriptionID: + description: |- + subscriptionID defines the Azure subscription that contains the disk encryption set. + The value should meet the following conditions: + 1. It should be a 128-bit number. + 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. + 3. It should be displayed in five groups separated by hyphens (-). + 4. The first group should be 8 characters long. + 5. The second, third, and fourth groups should be 4 characters long. + 6. The fifth group should be 12 characters long. + An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378 + maxLength: 36 + pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ + type: string + required: + - name + - resourceGroup + - subscriptionID + type: object + type: object + driverType: + description: |- + driverType indicates type of CSI driver for which the + driverConfig is being applied to. + Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + Consumers should treat unknown values as a NO-OP. + enum: + - "" + - AWS + - Azure + - GCP + - IBMCloud + - vSphere + type: string + gcp: + description: gcp is used to configure the GCP CSI driver. + properties: + kmsKey: + description: |- + kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied + encryption keys, rather than the default keys managed by GCP. + properties: + keyRing: + description: |- + keyRing is the name of the KMS Key Ring which the KMS Key belongs to. + The value should correspond to an existing KMS key ring and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + location: + description: |- + location is the GCP location in which the Key Ring exists. + The value must match an existing GCP location, or "global". + Defaults to global, if not set. + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + name: + description: |- + name is the name of the customer-managed encryption key to be used for disk encryption. + The value should correspond to an existing KMS key and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + projectID: + description: |- + projectID is the ID of the Project in which the KMS Key Ring exists. + It must be 6 to 30 lowercase letters, digits, or hyphens. + It must start with a letter. Trailing hyphens are prohibited. + maxLength: 30 + minLength: 6 + pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ + type: string + required: + - keyRing + - name + - projectID + type: object + type: object + ibmcloud: + description: ibmcloud is used to configure the IBM Cloud CSI driver. + properties: + encryptionKeyCRN: + description: |- + encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use + for disk encryption of volumes for the default storage classes. + maxLength: 154 + minLength: 144 + pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ + type: string + required: + - encryptionKeyCRN + type: object + vSphere: + description: vsphere is used to configure the vsphere CSI driver. + properties: + globalMaxSnapshotsPerBlockVolume: + description: |- + globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of + datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. + Snapshots can not be disabled using this parameter. + Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 + Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html + format: int32 + maximum: 32 + minimum: 1 + type: integer + granularMaxSnapshotsPerBlockVolumeInVSAN: + description: |- + granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It + overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + Snapshots for VSAN can not be disabled using this parameter. + format: int32 + maximum: 32 + minimum: 1 + type: integer + granularMaxSnapshotsPerBlockVolumeInVVOL: + description: |- + granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. + It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + Snapshots for VVOL can not be disabled using this parameter. + format: int32 + maximum: 32 + minimum: 1 + type: integer + topologyCategories: + description: |- + topologyCategories indicates tag categories with which + vcenter resources such as hostcluster or datacenter were tagged with. + If cluster Infrastructure object has a topology, values specified in + Infrastructure object will be used and modifications to topologyCategories + will be rejected. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + required: + - driverType + type: object + x-kubernetes-validations: + - message: ibmcloud must be set if driverType is 'IBMCloud', but remain + unset otherwise + rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? + has(self.ibmcloud) : !has(self.ibmcloud)' + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + storageClassState: + description: |- + StorageClassState determines if CSI operator should create and manage storage classes. + If this field value is empty or Managed - CSI operator will continuously reconcile + storage class and create if necessary. + If this field value is Unmanaged - CSI operator will not reconcile any previously created + storage class. + If this field value is Removed - CSI operator will delete the storage class it created previously. + When omitted, this means the user has no opinion and the platform chooses a reasonable default, + which is subject to change over time. + The current default behaviour is Managed. + enum: + - "" + - Managed + - Unmanaged + - Removed + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/configs.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/configs.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..703b2c89b --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/configs.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,215 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/612 + api.openshift.io/filename-cvo-runlevel: "0000_10" + api.openshift.io/filename-operator: config-operator + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: configs.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Config + listKind: ConfigList + plural: configs + singular: config + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components + on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Config Operator. + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status defines the observed status of the Config Operator. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/consoles.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/consoles.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..93d4f95fc --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/consoles.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,954 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/486 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: console + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: consoles.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Console + listKind: ConsoleList + plural: consoles + singular: console + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Console provides a means to configure an operator to manage the console. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConsoleSpec is the specification of the desired behavior + of the Console. + properties: + customization: + description: |- + customization is used to optionally provide a small set of + customization options to the web console. + properties: + addPage: + description: addPage allows customizing actions on the Add page + in developer perspective. + properties: + disabledActions: + description: |- + disabledActions is a list of actions that are not shown to users. + Each action in the list is represented by its ID. + items: + type: string + minItems: 1 + type: array + type: object + brand: + description: |- + brand is the default branding of the web console which can be overridden by + providing the brand field. There is a limited set of specific brand options. + This field controls elements of the console such as the logo. + Invalid value will prevent a console rollout. + enum: + - openshift + - okd + - online + - ocp + - dedicated + - azure + - OpenShift + - OKD + - Online + - OCP + - Dedicated + - Azure + - ROSA + type: string + capabilities: + description: |- + capabilities defines an array of capabilities that can be interacted with in the console UI. + Each capability defines a visual state that can be interacted with the console to render in the UI. + Available capabilities are LightspeedButton and GettingStartedBanner. + Each of the available capabilities may appear only once in the list. + items: + description: Capabilities contains set of UI capabilities and + their state in the console UI. + properties: + name: + description: |- + name is the unique name of a capability. + Available capabilities are LightspeedButton and GettingStartedBanner. + enum: + - LightspeedButton + - GettingStartedBanner + type: string + visibility: + description: visibility defines the visibility state of + the capability. + properties: + state: + description: |- + state defines if the capability is enabled or disabled in the console UI. + Enabling the capability in the console UI is represented by the "Enabled" value. + Disabling the capability in the console UI is represented by the "Disabled" value. + enum: + - Enabled + - Disabled + type: string + required: + - state + type: object + required: + - name + - visibility + type: object + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + customLogoFile: + description: |- + customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a + ConfigMap in the openshift-config namespace. This can be created with a command like + 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. + Image size must be less than 1 MB due to constraints on the ConfigMap size. + The ConfigMap key should include a file extension so that the console serves the file + with the correct MIME type. + Recommended logo specifications: + Dimensions: Max height of 68px and max width of 200px + SVG format preferred + properties: + key: + description: Key allows pointing to a specific key/value inside + of the configmap. This is useful for logical file references. + type: string + name: + type: string + type: object + customProductName: + description: |- + customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog + instead of the normal OpenShift product name. + type: string + developerCatalog: + description: developerCatalog allows to configure the shown developer + catalog categories (filters) and types (sub-catalogs). + properties: + categories: + description: categories which are shown in the developer catalog. + items: + description: DeveloperConsoleCatalogCategory for the developer + console catalog. + properties: + id: + description: |- + ID is an identifier used in the URL to enable deep linking in console. + ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + maxLength: 32 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + type: string + label: + description: label defines a category display label. + It is required and must have 1-64 characters. + maxLength: 64 + minLength: 1 + type: string + subcategories: + description: subcategories defines a list of child categories. + items: + description: DeveloperConsoleCatalogCategoryMeta are + the key identifiers of a developer catalog category. + properties: + id: + description: |- + ID is an identifier used in the URL to enable deep linking in console. + ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + maxLength: 32 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + type: string + label: + description: label defines a category display + label. It is required and must have 1-64 characters. + maxLength: 64 + minLength: 1 + type: string + tags: + description: |- + tags is a list of strings that will match the category. A selected category + show all items which has at least one overlapping tag between category and item. + items: + type: string + type: array + required: + - id + - label + type: object + type: array + tags: + description: |- + tags is a list of strings that will match the category. A selected category + show all items which has at least one overlapping tag between category and item. + items: + type: string + type: array + required: + - id + - label + type: object + type: array + types: + description: |- + types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. + When omitted, all the sub-catalog types will be shown. + properties: + disabled: + description: |- + disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. + Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available + in the console on the cluster configuration page, or when editing the YAML in the console. + Example: "Devfile", "HelmChart", "BuilderImage" + If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden. + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + description: |- + enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. + Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available + in the console on the cluster configuration page, or when editing the YAML in the console. + Example: "Devfile", "HelmChart", "BuilderImage" + If the list is non-empty, a new type will not be shown to the user until it is added to list. + If the list is empty the complete developer catalog will be shown. + items: + type: string + type: array + x-kubernetes-list-type: set + state: + default: Enabled + description: state defines if a list of catalog types + should be enabled or disabled. + enum: + - Enabled + - Disabled + type: string + required: + - state + type: object + x-kubernetes-validations: + - message: enabled is forbidden when state is not Enabled + rule: 'self.state == ''Enabled'' ? true : !has(self.enabled)' + - message: disabled is forbidden when state is not Disabled + rule: 'self.state == ''Disabled'' ? true : !has(self.disabled)' + type: object + documentationBaseURL: + description: |- + documentationBaseURL links to external documentation are shown in various sections + of the web console. Providing documentationBaseURL will override the default + documentation URL. + Invalid value will prevent a console rollout. + pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ + type: string + perspectives: + description: perspectives allows enabling/disabling of perspective(s) + that user can see in the Perspective switcher dropdown. + items: + description: Perspective defines a perspective that cluster + admins want to show/hide in the perspective switcher dropdown + properties: + id: + description: |- + id defines the id of the perspective. + Example: "dev", "admin". + The available perspective ids can be found in the code snippet section next to the yaml editor. + Incorrect or unknown ids will be ignored. + type: string + pinnedResources: + description: |- + pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. + The list of available Kubernetes resources could be read via `kubectl api-resources`. + The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. + Incorrect or unknown resources will be ignored. + items: + description: PinnedResourceReference includes the group, + version and type of resource + properties: + group: + description: |- + group is the API Group of the Resource. + Enter empty string for the core group. + This value should consist of only lowercase alphanumeric characters, hyphens and periods. + Example: "", "apps", "build.openshift.io", etc. + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + resource: + description: |- + resource is the type that is being referenced. + It is normally the plural form of the resource kind in lowercase. + This value should consist of only lowercase alphanumeric characters and hyphens. + Example: "deployments", "deploymentconfigs", "pods", etc. + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + version: + description: |- + version is the API Version of the Resource. + This value should consist of only lowercase alphanumeric characters. + Example: "v1", "v1beta1", etc. + pattern: ^[a-z0-9]+$ + type: string + required: + - group + - resource + - version + type: object + maxItems: 100 + type: array + visibility: + description: visibility defines the state of perspective + along with access review checks if needed for that perspective. + properties: + accessReview: + description: accessReview defines required and missing + access review checks. + minProperties: 1 + properties: + missing: + description: missing defines a list of permission + checks. The perspective will only be shown when + at least one check fails. When omitted, the access + review is skipped and the perspective will not + be shown unless it is required to do so based + on the configuration of the required access review + list. + items: + description: ResourceAttributes includes the authorization + attributes available for resource requests to + the Authorizer interface + properties: + fieldSelector: + description: |- + fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a field selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + FieldSelectorRequirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the field selector + key that the requirement applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + The list of operators may grow in the future. + type: string + values: + description: |- + values is an array of string values. + If the operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values array must be empty. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + group: + description: Group is the API Group of the + Resource. "*" means all. + type: string + labelSelector: + description: |- + labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a label selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + name: + description: Name is the name of the resource + being requested for a "get" or deleted for + a "delete". "" (empty) means all. + type: string + namespace: + description: |- + Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces + "" (empty) is defaulted for LocalSubjectAccessReviews + "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + type: string + resource: + description: Resource is one of the existing + resource types. "*" means all. + type: string + subresource: + description: Subresource is one of the existing + resource types. "" means none. + type: string + verb: + description: 'Verb is a kubernetes resource + API verb, like: get, list, watch, create, + update, delete, proxy. "*" means all.' + type: string + version: + description: Version is the API Version of + the Resource. "*" means all. + type: string + type: object + type: array + required: + description: required defines a list of permission + checks. The perspective will only be shown when + all checks are successful. When omitted, the access + review is skipped and the perspective will not + be shown unless it is required to do so based + on the configuration of the missing access review + list. + items: + description: ResourceAttributes includes the authorization + attributes available for resource requests to + the Authorizer interface + properties: + fieldSelector: + description: |- + fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a field selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + FieldSelectorRequirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the field selector + key that the requirement applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + The list of operators may grow in the future. + type: string + values: + description: |- + values is an array of string values. + If the operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values array must be empty. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + group: + description: Group is the API Group of the + Resource. "*" means all. + type: string + labelSelector: + description: |- + labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a label selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + name: + description: Name is the name of the resource + being requested for a "get" or deleted for + a "delete". "" (empty) means all. + type: string + namespace: + description: |- + Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces + "" (empty) is defaulted for LocalSubjectAccessReviews + "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + type: string + resource: + description: Resource is one of the existing + resource types. "*" means all. + type: string + subresource: + description: Subresource is one of the existing + resource types. "" means none. + type: string + verb: + description: 'Verb is a kubernetes resource + API verb, like: get, list, watch, create, + update, delete, proxy. "*" means all.' + type: string + version: + description: Version is the API Version of + the Resource. "*" means all. + type: string + type: object + type: array + type: object + state: + description: state defines the perspective is enabled + or disabled or access review check is required. + enum: + - Enabled + - Disabled + - AccessReview + type: string + required: + - state + type: object + x-kubernetes-validations: + - message: accessReview configuration is required when state + is AccessReview, and forbidden otherwise + rule: 'self.state == ''AccessReview'' ? has(self.accessReview) + : !has(self.accessReview)' + required: + - id + - visibility + type: object + x-kubernetes-validations: + - message: pinnedResources is allowed only for dev and forbidden + for other perspectives + rule: 'has(self.id) && self.id != ''dev''? !has(self.pinnedResources) + : true' + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + projectAccess: + description: |- + projectAccess allows customizing the available list of ClusterRoles in the Developer perspective + Project access page which can be used by a project admin to specify roles to other users and + restrict access within the project. If set, the list will replace the default ClusterRole options. + properties: + availableClusterRoles: + description: |- + availableClusterRoles is the list of ClusterRole names that are assignable to users + through the project access tab. + items: + type: string + type: array + type: object + quickStarts: + description: quickStarts allows customization of available ConsoleQuickStart + resources in console. + properties: + disabled: + description: disabled is a list of ConsoleQuickStart resource + names that are not shown to users. + items: + type: string + type: array + type: object + type: object + ingress: + description: |- + ingress allows to configure the alternative ingress for the console. + This field is intended for clusters without ingress capability, + where access to routes is not possible. + properties: + clientDownloadsURL: + description: |- + clientDownloadsURL is a URL to be used as the address to download client binaries. + If not specified, the downloads route hostname will be used. + This field is required for clusters without ingress capability, + where access to routes is not possible. + The console operator will monitor the URL and may go degraded + if it's unreachable for an extended period. + Must use the HTTPS scheme. + maxLength: 1024 + type: string + x-kubernetes-validations: + - message: client downloads url must be a valid absolute URL + rule: size(self) == 0 || isURL(self) + - message: client downloads url scheme must be https + rule: size(self) == 0 || url(self).getScheme() == 'https' + consoleURL: + description: |- + consoleURL is a URL to be used as the base console address. + If not specified, the console route hostname will be used. + This field is required for clusters without ingress capability, + where access to routes is not possible. + Make sure that appropriate ingress is set up at this URL. + The console operator will monitor the URL and may go degraded + if it's unreachable for an extended period. + Must use the HTTPS scheme. + maxLength: 1024 + type: string + x-kubernetes-validations: + - message: console url must be a valid absolute URL + rule: size(self) == 0 || isURL(self) + - message: console url scheme must be https + rule: size(self) == 0 || url(self).getScheme() == 'https' + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + plugins: + description: plugins defines a list of enabled console plugin names. + items: + type: string + type: array + providers: + description: providers contains configuration for using specific service + providers. + properties: + statuspage: + description: statuspage contains ID for statuspage.io page that + provides status info about. + properties: + pageID: + description: pageID is the unique ID assigned by Statuspage + for your page. This must be a public page. + type: string + type: object + type: object + route: + description: |- + route contains hostname and secret reference that contains the serving certificate. + If a custom route is specified, a new route will be created with the + provided hostname, under which console will be available. + In case of custom hostname uses the default routing suffix of the cluster, + the Secret specification for a serving certificate will not be needed. + In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. + The default console route will be maintained to reserve the default hostname + for console if the custom route is removed. + If not specified, default route will be used. + DEPRECATED + properties: + hostname: + description: hostname is the desired custom domain under which + console will be available. + type: string + secret: + description: |- + secret points to secret in the openshift-config namespace that contains custom + certificate and key and needs to be created manually by the cluster admin. + Referenced Secret is required to contain following key value pairs: + - "tls.crt" - to specifies custom certificate + - "tls.key" - to specifies private key of the custom certificate + If the custom hostname uses the default routing suffix of the cluster, + the Secret specification for a serving certificate will not be needed. + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + required: + - name + type: object + type: object + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: ConsoleStatus defines the observed status of the Console. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/csisnapshotcontrollers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/csisnapshotcontrollers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..838e85928 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/csisnapshotcontrollers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,212 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/562 + api.openshift.io/filename-cvo-runlevel: "0000_80" + api.openshift.io/filename-operator: csi-snapshot-controller + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: csisnapshotcontrollers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: CSISnapshotController + listKind: CSISnapshotControllerList + plural: csisnapshotcontrollers + singular: csisnapshotcontroller + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/dnses.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/dnses.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..877f7ca8a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/dnses.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,593 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_70" + api.openshift.io/filename-operator: dns + api.openshift.io/filename-ordering: "00" + feature-gate.release.openshift.io/: "true" + name: dnses.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + DNS manages the CoreDNS component to provide a name resolution service + for pods and services in the cluster. + + This supports the DNS-based service discovery specification: + https://github.com/kubernetes/dns/blob/master/docs/specification.md + + More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + DNS. + properties: + cache: + description: |- + cache describes the caching configuration that applies to all server blocks listed in the Corefile. + This field allows a cluster admin to optionally configure: + * positiveTTL which is a duration for which positive responses should be cached. + * negativeTTL which is a duration for which negative responses should be cached. + If this is not configured, OpenShift will configure positive and negative caching with a default value that is + subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is + 30 seconds or as noted in the respective Corefile for your version of OpenShift. + properties: + negativeTTL: + description: |- + negativeTTL is optional and specifies the amount of time that a negative response should be cached. + + If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This + field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, + e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. + If the configured value is less than 1s, the default value will be used. + If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted + otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject + to change. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + positiveTTL: + description: |- + positiveTTL is optional and specifies the amount of time that a positive response should be cached. + + If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This + field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, + e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. + If the configured value is less than 1s, the default value will be used. + If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted + otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject + to change. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + type: object + logLevel: + default: Normal + description: |- + logLevel describes the desired logging verbosity for CoreDNS. + Any one of the following values may be specified: + * Normal logs errors from upstream resolvers. + * Debug logs errors, NXDOMAIN responses, and NODATA responses. + * Trace logs errors and all responses. + Setting logLevel: Trace will produce extremely verbose logs. + Valid values are: "Normal", "Debug", "Trace". + Defaults to "Normal". + enum: + - Normal + - Debug + - Trace + type: string + managementState: + description: |- + managementState indicates whether the DNS operator should manage cluster + DNS + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + nodePlacement: + description: |- + nodePlacement provides explicit control over the scheduling of DNS + pods. + + Generally, it is useful to run a DNS pod on every node so that DNS + queries are always handled by a local DNS pod instead of going over + the network to a DNS pod on another node. However, security policies + may require restricting the placement of DNS pods to specific nodes. + For example, if a security policy prohibits pods on arbitrary nodes + from communicating with the API, a node selector can be specified to + restrict DNS pods to nodes that are permitted to communicate with the + API. Conversely, if running DNS pods on nodes with a particular + taint is desired, a toleration can be specified for that taint. + + If unset, defaults are used. See nodePlacement for more details. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + nodeSelector is the node selector applied to DNS pods. + + If empty, the default is used, which is currently the following: + + kubernetes.io/os: linux + + This default is subject to change. + + If set, the specified selector is used and replaces the default. + type: object + tolerations: + description: |- + tolerations is a list of tolerations applied to DNS pods. + + If empty, the DNS operator sets a toleration for the + "node-role.kubernetes.io/master" taint. This default is subject to + change. Specifying tolerations without including a toleration for + the "node-role.kubernetes.io/master" taint may be risky as it could + lead to an outage if all worker nodes become unavailable. + + Note that the daemon controller adds some tolerations as well. See + https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel controls the logging level of the DNS Operator. + Valid values are: "Normal", "Debug", "Trace". + Defaults to "Normal". + setting operatorLogLevel: Trace will produce extremely verbose logs. + enum: + - Normal + - Debug + - Trace + type: string + servers: + description: |- + servers is a list of DNS resolvers that provide name query delegation for one or + more subdomains outside the scope of the cluster domain. If servers consists of + more than one Server, longest suffix match will be used to determine the Server. + + For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", + and the name query is for "www.a.foo.com", it will be routed to the Server with Zone + "a.foo.com". + + If this field is nil, no servers are created. + items: + description: Server defines the schema for a server that runs per + instance of CoreDNS. + properties: + forwardPlugin: + description: |- + forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages + to upstream resolvers. + properties: + policy: + default: Random + description: |- + policy is used to determine the order in which upstream servers are selected for querying. + Any one of the following values may be specified: + + * "Random" picks a random upstream server for each query. + * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. + * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + + The default value is "Random" + enum: + - Random + - RoundRobin + - Sequential + type: string + protocolStrategy: + description: |- + protocolStrategy specifies the protocol to use for upstream DNS + requests. + Valid values for protocolStrategy are "TCP" and omitted. + When omitted, this means no opinion and the platform is left to choose + a reasonable default, which is subject to change over time. + The current default is to use the protocol of the original client request. + "TCP" specifies that the platform should use TCP for all upstream DNS requests, + even if the client request uses UDP. + "TCP" is useful for UDP-specific issues such as those created by + non-compliant upstream resolvers, but may consume more bandwidth or + increase DNS response time. Note that protocolStrategy only affects + the protocol of DNS requests that CoreDNS makes to upstream resolvers. + It does not affect the protocol of DNS requests between clients and + CoreDNS. + enum: + - TCP + - "" + type: string + transportConfig: + description: |- + transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use + when forwarding DNS requests to an upstream resolver. + + The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS + requests to an upstream resolver. + properties: + tls: + description: tls contains the additional configuration + options to use when Transport is set to "TLS". + properties: + caBundle: + description: |- + caBundle references a ConfigMap that must contain either a single + CA Certificate or a CA Bundle. This allows cluster administrators to provide their + own CA or CA bundle for validating the certificate of upstream resolvers. + + 1. The configmap must contain a `ca-bundle.crt` key. + 2. The value must be a PEM encoded CA certificate or CA bundle. + 3. The administrator must create this configmap in the openshift-config namespace. + 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. + properties: + name: + description: name is the metadata.name of the + referenced config map + type: string + required: + - name + type: object + serverName: + description: |- + serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is + set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the + TLS certificate installed in the upstream resolver(s). + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - serverName + type: object + transport: + description: |- + transport allows cluster administrators to opt-in to using a DNS-over-TLS + connection between cluster DNS and an upstream resolver(s). Configuring + TLS as the transport at this level without configuring a CABundle will + result in the system certificates being used to verify the serving + certificate of the upstream resolver(s). + + Possible values: + "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject + to change over time. The current default is "Cleartext". + "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality + as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, + or wants to switch from "TLS" to "Cleartext" explicitly. + "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, + you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default + per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. + enum: + - TLS + - Cleartext + - "" + type: string + type: object + upstreams: + description: |- + upstreams is a list of resolvers to forward name queries for subdomains of Zones. + Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream + returns an error during the exchange, another resolver is tried from Upstreams. The + Upstreams are selected in the order specified in Policy. Each upstream is represented + by an IP address or IP:port if the upstream listens on a port other than 53. + + A maximum of 15 upstreams is allowed per ForwardPlugin. + items: + type: string + maxItems: 15 + type: array + type: object + name: + description: |- + name is required and specifies a unique name for the server. Name must comply + with the Service Name Syntax of rfc6335. + type: string + zones: + description: |- + zones is required and specifies the subdomains that Server is authoritative for. + Zones must conform to the rfc1123 definition of a subdomain. Specifying the + cluster domain (i.e., "cluster.local") is invalid. + items: + type: string + type: array + type: object + type: array + upstreamResolvers: + description: |- + upstreamResolvers defines a schema for configuring CoreDNS + to proxy DNS messages to upstream resolvers for the case of the + default (".") server + + If this field is not specified, the upstream used will default to + /etc/resolv.conf, with policy "sequential" + properties: + policy: + default: Sequential + description: |- + Policy is used to determine the order in which upstream servers are selected for querying. + Any one of the following values may be specified: + + * "Random" picks a random upstream server for each query. + * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. + * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + + The default value is "Sequential" + enum: + - Random + - RoundRobin + - Sequential + type: string + protocolStrategy: + description: |- + protocolStrategy specifies the protocol to use for upstream DNS + requests. + Valid values for protocolStrategy are "TCP" and omitted. + When omitted, this means no opinion and the platform is left to choose + a reasonable default, which is subject to change over time. + The current default is to use the protocol of the original client request. + "TCP" specifies that the platform should use TCP for all upstream DNS requests, + even if the client request uses UDP. + "TCP" is useful for UDP-specific issues such as those created by + non-compliant upstream resolvers, but may consume more bandwidth or + increase DNS response time. Note that protocolStrategy only affects + the protocol of DNS requests that CoreDNS makes to upstream resolvers. + It does not affect the protocol of DNS requests between clients and + CoreDNS. + enum: + - TCP + - "" + type: string + transportConfig: + description: |- + transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use + when forwarding DNS requests to an upstream resolver. + + The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS + requests to an upstream resolver. + properties: + tls: + description: tls contains the additional configuration options + to use when Transport is set to "TLS". + properties: + caBundle: + description: |- + caBundle references a ConfigMap that must contain either a single + CA Certificate or a CA Bundle. This allows cluster administrators to provide their + own CA or CA bundle for validating the certificate of upstream resolvers. + + 1. The configmap must contain a `ca-bundle.crt` key. + 2. The value must be a PEM encoded CA certificate or CA bundle. + 3. The administrator must create this configmap in the openshift-config namespace. + 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + serverName: + description: |- + serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is + set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the + TLS certificate installed in the upstream resolver(s). + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + required: + - serverName + type: object + transport: + description: |- + transport allows cluster administrators to opt-in to using a DNS-over-TLS + connection between cluster DNS and an upstream resolver(s). Configuring + TLS as the transport at this level without configuring a CABundle will + result in the system certificates being used to verify the serving + certificate of the upstream resolver(s). + + Possible values: + "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject + to change over time. The current default is "Cleartext". + "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality + as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, + or wants to switch from "TLS" to "Cleartext" explicitly. + "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, + you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default + per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. + enum: + - TLS + - Cleartext + - "" + type: string + type: object + upstreams: + default: + - type: SystemResolvConf + description: |- + Upstreams is a list of resolvers to forward name queries for the "." domain. + Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream + returns an error during the exchange, another resolver is tried from Upstreams. The + Upstreams are selected in the order specified in Policy. + + A maximum of 15 upstreams is allowed per ForwardPlugin. + If no Upstreams are specified, /etc/resolv.conf is used by default + items: + description: |- + Upstream can either be of type SystemResolvConf, or of type Network. + + - For an Upstream of type SystemResolvConf, no further fields are necessary: + The upstream will be configured to use /etc/resolv.conf. + - For an Upstream of type Network, a NetworkResolver field needs to be defined + with an IP address or IP:port if the upstream listens on a port other than 53. + properties: + address: + description: |- + Address must be defined when Type is set to Network. It will be ignored otherwise. + It must be a valid ipv4 or ipv6 address. + type: string + port: + default: 53 + description: |- + Port may be defined when Type is set to Network. It will be ignored otherwise. + Port must be between 65535 + format: int32 + maximum: 65535 + minimum: 1 + type: integer + type: + description: |- + Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. + Type accepts 2 possible values: SystemResolvConf or Network. + + * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: + /etc/resolv.conf will be used + * When Network is used, the Upstream structure must contain at least an Address + enum: + - SystemResolvConf + - Network + - "" + type: string + required: + - type + type: object + maxItems: 15 + type: array + type: object + type: object + status: + description: status is the most recently observed status of the DNS. + properties: + clusterDomain: + description: |- + clusterDomain is the local cluster DNS domain suffix for DNS services. + This will be a subdomain as defined in RFC 1034, + section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 + Example: "cluster.local" + + More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service + type: string + clusterIP: + description: |- + clusterIP is the service IP through which this DNS is made available. + + In the case of the default DNS, this will be a well known IP that is used + as the default nameserver for pods that are using the default ClusterFirst DNS policy. + + In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list + or used explicitly when performing name resolution from within the cluster. + Example: dig foo.com @ + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + conditions: + description: |- + conditions provide information about the state of the DNS on the cluster. + + These are the supported DNS conditions: + + * Available + - True if the following conditions are met: + * DNS controller daemonset is available. + - False if any of those conditions are unsatisfied. + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + required: + - clusterDomain + - clusterIP + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..4db281744 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,297 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/filename-cvo-runlevel: "0000_12" + api.openshift.io/filename-operator: etcd + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/EtcdBackendQuota.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/EtcdBackendQuota.yaml new file mode 100644 index 000000000..136df9907 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/EtcdBackendQuota.yaml @@ -0,0 +1,310 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/filename-cvo-runlevel: "0000_12" + api.openshift.io/filename-operator: etcd + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/EtcdBackendQuota: "true" + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + backendQuotaGiB: + default: 8 + description: |- + backendQuotaGiB sets the etcd backend storage size limit in gibibytes. + The value should be an integer not less than 8 and not more than 32. + When not specified, the default value is 8. + format: int32 + maximum: 32 + minimum: 8 + type: integer + x-kubernetes-validations: + - message: etcd backendQuotaGiB may not be decreased + rule: self>=oldSelf + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/HardwareSpeed.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/HardwareSpeed.yaml new file mode 100644 index 000000000..73a47031f --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/HardwareSpeed.yaml @@ -0,0 +1,310 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/filename-cvo-runlevel: "0000_12" + api.openshift.io/filename-operator: etcd + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/HardwareSpeed: "true" + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + controlPlaneHardwareSpeed: + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." + enum: + - "" + - Standard + - Slower + type: string + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..a0caca44a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,2739 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/616 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: ingress + api.openshift.io/filename-ordering: "00" + capability.openshift.io/name: Ingress + feature-gate.release.openshift.io/: "true" + name: ingresscontrollers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: IngressController + listKind: IngressControllerList + plural: ingresscontrollers + singular: ingresscontroller + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + IngressController describes a managed ingress controller for the cluster. The + controller can service OpenShift Route and Kubernetes Ingress resources. + + When an IngressController is created, a new ingress controller deployment is + created to allow external traffic to reach the services that expose Ingress + or Route resources. Updating this resource may lead to disruption for public + facing network connections as a new ingress controller revision may be rolled + out. + + https://kubernetes.io/docs/concepts/services-networking/ingress-controllers + + Whenever possible, sensible defaults for the platform are used. See each + field for more details. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + IngressController. + properties: + clientTLS: + description: |- + clientTLS specifies settings for requesting and verifying client + certificates, which can be used to enable mutual TLS for + edge-terminated and reencrypt routes. + properties: + allowedSubjectPatterns: + description: |- + allowedSubjectPatterns specifies a list of regular expressions that + should be matched against the distinguished name on a valid client + certificate to filter requests. The regular expressions must use + PCRE syntax. If this list is empty, no filtering is performed. If + the list is nonempty, then at least one pattern must match a client + certificate's distinguished name or else the ingress controller + rejects the certificate and denies the connection. + items: + type: string + type: array + x-kubernetes-list-type: atomic + clientCA: + description: |- + clientCA specifies a configmap containing the PEM-encoded CA + certificate bundle that should be used to verify a client's + certificate. The administrator must create this configmap in the + openshift-config namespace. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + clientCertificatePolicy: + description: |- + clientCertificatePolicy specifies whether the ingress controller + requires clients to provide certificates. This field accepts the + values "Required" or "Optional". + + Note that the ingress controller only checks client certificates for + edge-terminated and reencrypt TLS routes; it cannot check + certificates for cleartext HTTP or passthrough TLS routes. + enum: + - "" + - Required + - Optional + type: string + required: + - clientCA + - clientCertificatePolicy + type: object + defaultCertificate: + description: |- + defaultCertificate is a reference to a secret containing the default + certificate served by the ingress controller. When Routes don't specify + their own certificate, defaultCertificate is used. + + The secret must contain the following keys and data: + + tls.crt: certificate file contents + tls.key: key file contents + + If unset, a wildcard certificate is automatically generated and used. The + certificate is valid for the ingress controller domain (and subdomains) and + the generated certificate's CA will be automatically integrated with the + cluster's trust store. + + If a wildcard certificate is used and shared by multiple + HTTP/2 enabled routes (which implies ALPN) then clients + (i.e., notably browsers) are at liberty to reuse open + connections. This means a client can reuse a connection to + another route and that is likely to fail. This behaviour is + generally known as connection coalescing. + + The in-use certificate (whether generated or user-specified) will be + automatically integrated with OpenShift's built-in OAuth server. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + domain: + description: |- + domain is a DNS name serviced by the ingress controller and is used to + configure multiple features: + + * For the LoadBalancerService endpoint publishing strategy, domain is + used to configure DNS records. See endpointPublishingStrategy. + + * When using a generated default certificate, the certificate will be valid + for domain and its subdomains. See defaultCertificate. + + * The value is published to individual Route statuses so that end-users + know where to target external DNS records. + + domain must be unique among all IngressControllers, and cannot be + updated. + + If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. + type: string + endpointPublishingStrategy: + description: |- + endpointPublishingStrategy is used to publish the ingress controller + endpoints to other networks, enable load balancer integrations, etc. + + If unset, the default is based on + infrastructure.config.openshift.io/cluster .status.platform: + + AWS: LoadBalancerService (with External scope) + Azure: LoadBalancerService (with External scope) + GCP: LoadBalancerService (with External scope) + IBMCloud: LoadBalancerService (with External scope) + AlibabaCloud: LoadBalancerService (with External scope) + Libvirt: HostNetwork + + Any other platform types (including None) default to HostNetwork. + + endpointPublishingStrategy cannot be updated. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + type: object + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + httpCompression: + description: |- + httpCompression defines a policy for HTTP traffic compression. + By default, there is no HTTP compression. + properties: + mimeTypes: + description: |- + mimeTypes is a list of MIME types that should have compression applied. + This list can be empty, in which case the ingress controller does not apply compression. + + Note: Not all MIME types benefit from compression, but HAProxy will still use resources + to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) + formats benefit from compression, but formats that are already compressed (image, + audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing + again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 + items: + description: |- + CompressionMIMEType defines the format of a single MIME type. + E.g. "text/css; charset=utf-8", "text/html", "text/*", "image/svg+xml", + "application/octet-stream", "X-custom/customsub", etc. + + The format should follow the Content-Type definition in RFC 1341: + Content-Type := type "/" subtype *[";" parameter] + - The type in Content-Type can be one of: + application, audio, image, message, multipart, text, video, or a custom + type preceded by "X-" and followed by a token as defined below. + - The token is a string of at least one character, and not containing white + space, control characters, or any of the characters in the tspecials set. + - The tspecials set contains the characters ()<>@,;:\"/[]?.= + - The subtype in Content-Type is also a token. + - The optional parameter/s following the subtype are defined as: + token "=" (token / quoted-string) + - The quoted-string, as defined in RFC 822, is surrounded by double quotes + and can contain white space plus any character EXCEPT \, ", and CR. + It can also contain any single ASCII character as long as it is escaped by \. + pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ + type: string + type: array + x-kubernetes-list-type: set + type: object + httpEmptyRequestsPolicy: + default: Respond + description: |- + httpEmptyRequestsPolicy describes how HTTP connections should be + handled if the connection times out before a request is received. + Allowed values for this field are "Respond" and "Ignore". If the + field is set to "Respond", the ingress controller sends an HTTP 400 + or 408 response, logs the connection (if access logging is enabled), + and counts the connection in the appropriate metrics. If the field + is set to "Ignore", the ingress controller closes the connection + without sending a response, logging the connection, or incrementing + metrics. The default value is "Respond". + + Typically, these connections come from load balancers' health probes + or Web browsers' speculative connections ("preconnect") and can be + safely ignored. However, these requests may also be caused by + network errors, and so setting this field to "Ignore" may impede + detection and diagnosis of problems. In addition, these requests may + be caused by port scans, in which case logging empty requests may aid + in detecting intrusion attempts. + enum: + - Respond + - Ignore + type: string + httpErrorCodePages: + description: |- + httpErrorCodePages specifies a configmap with custom error pages. + The administrator must create this configmap in the openshift-config namespace. + This configmap should have keys in the format "error-page-.http", + where is an HTTP error code. + For example, "error-page-503.http" defines an error page for HTTP 503 responses. + Currently only error pages for 503 and 404 responses can be customized. + Each value in the configmap should be the full response, including HTTP headers. + Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http + If this field is empty, the ingress controller uses the default error pages. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + httpHeaders: + description: |- + httpHeaders defines policy for HTTP headers. + + If this field is empty, the default values are used. + properties: + actions: + description: |- + actions specifies options for modifying headers and their values. + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be modified for TLS passthrough + connections. + Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + Any actions defined here are applied after any actions related to the following other fields: + cache-control, spec.clientTLS, + spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + and spec.httpHeaders.headerNameCaseAdjustments. + In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + the actions specified in the IngressController's spec.httpHeaders.actions field. + In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + executed after the actions specified in the Route's spec.httpHeaders.actions field. + Headers set using this API cannot be captured for use in access logs. + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. Please refer to the documentation + for that API field for more details. + properties: + request: + description: |- + request is a list of HTTP request headers to modify. + Actions defined here will modify the request headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for request headers will be executed before Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 request header actions may be configured. + Sample fetchers allowed are "req.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are req.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: |- + response is a list of HTTP response headers to modify. + Actions defined here will modify the response headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for response headers will be executed after Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 response header actions may be configured. + Sample fetchers allowed are "res.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are res.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object + forwardedHeaderPolicy: + description: |- + forwardedHeaderPolicy specifies when and how the IngressController + sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version + HTTP headers. The value may be one of the following: + + * "Append", which specifies that the IngressController appends the + headers, preserving existing headers. + + * "Replace", which specifies that the IngressController sets the + headers, replacing any existing Forwarded or X-Forwarded-* headers. + + * "IfNone", which specifies that the IngressController sets the + headers if they are not already set. + + * "Never", which specifies that the IngressController never sets the + headers, preserving any existing headers. + + By default, the policy is "Append". + enum: + - Append + - Replace + - IfNone + - Never + type: string + headerNameCaseAdjustments: + description: |- + headerNameCaseAdjustments specifies case adjustments that can be + applied to HTTP header names. Each adjustment is specified as an + HTTP header name with the desired capitalization. For example, + specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + HTTP header should be adjusted to have the specified capitalization. + + These adjustments are only applied to cleartext, edge-terminated, and + re-encrypt routes, and only when using HTTP/1. + + For request headers, these adjustments are applied only for routes + that have the haproxy.router.openshift.io/h1-adjust-case=true + annotation. For response headers, these adjustments are applied to + all HTTP responses. + + If this field is empty, no request headers are adjusted. + items: + description: |- + IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header + (for example, "X-Forwarded-For") in the desired capitalization. The value + must be a valid HTTP header name as defined in RFC 2616 section 4.2. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + uniqueId: + description: |- + uniqueId describes configuration for a custom HTTP header that the + ingress controller should inject into incoming HTTP requests. + Typically, this header is configured to have a value that is unique + to the HTTP request. The header can be used by applications or + included in access logs to facilitate tracing individual HTTP + requests. + + If this field is empty, no such header is injected into requests. + properties: + format: + description: |- + format specifies the format for the injected HTTP header's value. + This field has no effect unless name is specified. For the + HAProxy-based ingress controller implementation, this format uses the + same syntax as the HTTP log format. If the field is empty, the + default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + corresponding HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + maxLength: 1024 + minLength: 0 + pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ + type: string + name: + description: |- + name specifies the name of the HTTP header (for example, "unique-id") + that the ingress controller should inject into HTTP requests. The + field's value must be a valid HTTP header name as defined in RFC 2616 + section 4.2. If the field is empty, no header is injected. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + type: object + type: object + logging: + description: |- + logging defines parameters for what should be logged where. If this + field is empty, operational logs are enabled but access logs are + disabled. + properties: + access: + description: |- + access describes how the client requests should be logged. + + If this field is empty, access logging is disabled. + properties: + destination: + description: destination is where access logs go. + properties: + container: + description: |- + container holds parameters for the Container logging destination. + Present only if type is Container. + properties: + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 8192, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 8192 + minimum: 480 + type: integer + type: object + syslog: + description: |- + syslog holds parameters for a syslog endpoint. Present only if + type is Syslog. + properties: + address: + description: |- + address is the IP address of the syslog endpoint that receives log + messages. + type: string + facility: + description: |- + facility specifies the syslog facility of log messages. + + If this field is empty, the facility is "local1". + enum: + - kern + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - auth2 + - ftp + - ntp + - audit + - alert + - cron2 + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + type: string + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 4096, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 4096 + minimum: 480 + type: integer + port: + description: |- + port is the UDP port number of the syslog endpoint that receives log + messages. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + type: + description: |- + type is the type of destination for logs. It must be one of the + following: + + * Container + + The ingress operator configures the sidecar container named "logs" on + the ingress controller pod and configures the ingress controller to + write logs to the sidecar. The logs are then available as container + logs. The expectation is that the administrator configures a custom + logging solution that reads logs from this sidecar. Note that using + container logs means that logs may be dropped if the rate of logs + exceeds the container runtime's or the custom logging solution's + capacity. + + * Syslog + + Logs are sent to a syslog endpoint. The administrator must specify + an endpoint that can receive syslog messages. The expectation is + that the administrator has configured a custom syslog instance. + enum: + - Container + - Syslog + type: string + required: + - type + type: object + httpCaptureCookies: + description: |- + httpCaptureCookies specifies HTTP cookies that should be captured in + access logs. If this field is empty, no cookies are captured. + items: + description: |- + IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be + captured. + properties: + matchType: + description: |- + matchType specifies the type of match to be performed on the cookie + name. Allowed values are "Exact" for an exact string match and + "Prefix" for a string prefix match. If "Exact" is specified, a name + must be specified in the name field. If "Prefix" is provided, a + prefix must be specified in the namePrefix field. For example, + specifying matchType "Prefix" and namePrefix "foo" will capture a + cookie named "foo" or "foobar" but not one named "bar". The first + matching cookie is captured. + enum: + - Exact + - Prefix + type: string + maxLength: + description: |- + maxLength specifies a maximum length of the string that will be + logged, which includes the cookie name, cookie value, and + one-character delimiter. If the log entry exceeds this length, the + value will be truncated in the log message. Note that the ingress + controller may impose a separate bound on the total length of HTTP + headers in a request. + maximum: 1024 + minimum: 1 + type: integer + name: + description: |- + name specifies a cookie name. Its value must be a valid HTTP cookie + name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + namePrefix: + description: |- + namePrefix specifies a cookie name prefix. Its value must be a valid + HTTP cookie name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + required: + - matchType + - maxLength + type: object + maxItems: 1 + nullable: true + type: array + x-kubernetes-list-type: atomic + httpCaptureHeaders: + description: |- + httpCaptureHeaders defines HTTP headers that should be captured in + access logs. If this field is empty, no headers are captured. + + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be captured for TLS passthrough + connections. + properties: + request: + description: |- + request specifies which HTTP request headers to capture. + + If this field is empty, no request headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + response: + description: |- + response specifies which HTTP response headers to capture. + + If this field is empty, no response headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + type: object + httpLogFormat: + description: |- + httpLogFormat specifies the format of the log message for an HTTP + request. + + If this field is empty, log messages use the implementation's default + HTTP log format. For HAProxy's default HTTP log format, see the + HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + + Note that this format only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). It does not affect the log format for TLS passthrough + connections. + type: string + logEmptyRequests: + default: Log + description: |- + logEmptyRequests specifies how connections on which no request is + received should be logged. Typically, these empty requests come from + load balancers' health probes or Web browsers' speculative + connections ("preconnect"), in which case logging these requests may + be undesirable. However, these requests may also be caused by + network errors, in which case logging empty requests may be useful + for diagnosing the errors. In addition, these requests may be caused + by port scans, in which case logging empty requests may aid in + detecting intrusion attempts. Allowed values for this field are + "Log" and "Ignore". The default value is "Log". + enum: + - Log + - Ignore + type: string + required: + - destination + type: object + type: object + namespaceSelector: + description: |- + namespaceSelector is used to filter the set of namespaces serviced by the + ingress controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodePlacement: + description: |- + nodePlacement enables explicit control over the scheduling of the ingress + controller. + + If unset, defaults are used. See NodePlacement for more details. + properties: + nodeSelector: + description: |- + nodeSelector is the node selector applied to ingress controller + deployments. + + If set, the specified selector is used and replaces the default. + + If unset, the default depends on the value of the defaultPlacement + field in the cluster config.openshift.io/v1/ingresses status. + + When defaultPlacement is Workers, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/worker: '' + + When defaultPlacement is ControlPlane, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/master: '' + + These defaults are subject to change. + + Note that using nodeSelector.matchExpressions is not supported. Only + nodeSelector.matchLabels may be used. This is a limitation of the + Kubernetes API: the pod spec does not allow complex expressions for + node selectors. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tolerations: + description: |- + tolerations is a list of tolerations applied to ingress controller + deployments. + + The default is an empty list. + + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + replicas: + description: |- + replicas is the desired number of ingress controller replicas. If unset, + the default depends on the value of the defaultPlacement field in the + cluster config.openshift.io/v1/ingresses status. + + The value of replicas is set based on the value of a chosen field in the + Infrastructure CR. If defaultPlacement is set to ControlPlane, the + chosen field will be controlPlaneTopology. If it is set to Workers the + chosen field will be infrastructureTopology. Replicas will then be set to 1 + or 2 based whether the chosen field's value is SingleReplica or + HighlyAvailable, respectively. + + These defaults are subject to change. + format: int32 + type: integer + routeAdmission: + description: |- + routeAdmission defines a policy for handling new route claims (for example, + to allow or deny claims across namespaces). + + If empty, defaults will be applied. See specific routeAdmission fields + for details about their defaults. + properties: + namespaceOwnership: + description: |- + namespaceOwnership describes how host name claims across namespaces should + be handled. + + Value must be one of: + + - Strict: Do not allow routes in different namespaces to claim the same host. + + - InterNamespaceAllowed: Allow routes to claim different paths of the same + host name across namespaces. + + If empty, the default is Strict. + enum: + - InterNamespaceAllowed + - Strict + type: string + wildcardPolicy: + description: |- + wildcardPolicy describes how routes with wildcard policies should + be handled for the ingress controller. WildcardPolicy controls use + of routes [1] exposed by the ingress controller based on the route's + wildcard policy. + + [1] https://github.com/openshift/api/blob/master/route/v1/types.go + + Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain to stop + working. These routes must be updated to a wildcard policy of None to be + readmitted by the ingress controller. + + WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + + If empty, defaults to "WildcardsDisallowed". + enum: + - WildcardsAllowed + - WildcardsDisallowed + type: string + type: object + routeSelector: + description: |- + routeSelector is used to filter the set of Routes serviced by the ingress + controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. + + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + + Note that when using the Old, Intermediate, and Modern profile types, the effective + profile configuration is subject to change between releases. For example, given + a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade + to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress + controller, resulting in a rollout. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. An example custom profile + looks like this: + + ciphers: + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + minTLSVersion: VersionTLS11 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + minTLSVersion: VersionTLS12 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + minTLSVersion: VersionTLS13 + nullable: true + type: object + old: + description: |- + old is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + - DHE-RSA-CHACHA20-POLY1305 + + - ECDHE-ECDSA-AES128-SHA256 + + - ECDHE-RSA-AES128-SHA256 + + - ECDHE-ECDSA-AES128-SHA + + - ECDHE-RSA-AES128-SHA + + - ECDHE-ECDSA-AES256-SHA384 + + - ECDHE-RSA-AES256-SHA384 + + - ECDHE-ECDSA-AES256-SHA + + - ECDHE-RSA-AES256-SHA + + - DHE-RSA-AES128-SHA256 + + - DHE-RSA-AES256-SHA256 + + - AES128-GCM-SHA256 + + - AES256-GCM-SHA384 + + - AES128-SHA256 + + - AES256-SHA256 + + - AES128-SHA + + - AES256-SHA + + - DES-CBC3-SHA + + minTLSVersion: VersionTLS10 + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides + the ability to specify individual TLS security profile parameters. + Old, Intermediate and Modern are TLS security profiles based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + + The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + reduced. + + Note that the Modern profile is currently not supported because it is not + yet well adopted by common software libraries. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + tuningOptions: + description: |- + tuningOptions defines parameters for adjusting the performance of + ingress controller pods. All fields are optional and will use their + respective defaults if not set. See specific tuningOptions fields for + more details. + + Setting fields within tuningOptions is generally not recommended. The + default values are suitable for most configurations. + properties: + clientFinTimeout: + description: |- + clientFinTimeout defines how long a connection will be held open while + waiting for the client response to the server/backend closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + clientTimeout: + description: |- + clientTimeout defines how long a connection will be held open while + waiting for a client response. + + If unset, the default timeout is 30s + format: duration + type: string + connectTimeout: + description: |- + ConnectTimeout defines the maximum time to wait for + a connection attempt to a server/backend to succeed. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 5s. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + headerBufferBytes: + description: |- + headerBufferBytes describes how much memory should be reserved + (in bytes) for IngressController connection sessions. + Note that this value must be at least 16384 if HTTP/2 is + enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + If this field is empty, the IngressController will use a default value + of 32768 bytes. + + Setting this field is generally not recommended as headerBufferBytes + values that are too small may break the IngressController and + headerBufferBytes values that are too large could cause the + IngressController to use significantly more memory than necessary. + format: int32 + minimum: 16384 + type: integer + headerBufferMaxRewriteBytes: + description: |- + headerBufferMaxRewriteBytes describes how much memory should be reserved + (in bytes) from headerBufferBytes for HTTP header rewriting + and appending for IngressController connection sessions. + Note that incoming HTTP requests will be limited to + (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning + headerBufferBytes must be greater than headerBufferMaxRewriteBytes. + If this field is empty, the IngressController will use a default value + of 8192 bytes. + + Setting this field is generally not recommended as + headerBufferMaxRewriteBytes values that are too small may break the + IngressController and headerBufferMaxRewriteBytes values that are too + large could cause the IngressController to use significantly more memory + than necessary. + format: int32 + minimum: 4096 + type: integer + healthCheckInterval: + description: |- + healthCheckInterval defines how long the router waits between two consecutive + health checks on its configured backends. This value is applied globally as + a default for all routes, but may be overridden per-route by the route annotation + "router.openshift.io/haproxy.health.check.interval". + + Expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Setting this to less than 5s can cause excess traffic due to too frequent + TCP health checks and accompanying SYN packet storms. Alternatively, setting + this too high can result in increased latency, due to backend servers that are no + longer available, but haven't yet been detected as such. + + An empty or zero healthCheckInterval means no opinion and IngressController chooses + a default, which is subject to change over time. + Currently the default healthCheckInterval value is 5s. + + Currently the minimum allowed value is 1s and the maximum allowed value is + 2147483647ms (24.85 days). Both are subject to change over time. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + maxConnections: + description: |- + maxConnections defines the maximum number of simultaneous + connections that can be established per HAProxy process. + Increasing this value allows each ingress controller pod to + handle more connections but at the cost of additional + system resources being consumed. + + Permitted values are: empty, 0, -1, and the range + 2000-2000000. + + If this field is empty or 0, the IngressController will use + the default value of 50000, but the default is subject to + change in future releases. + + If the value is -1 then HAProxy will dynamically compute a + maximum value based on the available ulimits in the running + container. Selecting -1 (i.e., auto) will result in a large + value being computed (~520000 on OpenShift >=4.10 clusters) + and therefore each HAProxy process will incur significant + memory usage compared to the current default of 50000. + + Setting a value that is greater than the current operating + system limit will prevent the HAProxy process from + starting. + + If you choose a discrete value (e.g., 750000) and the + router pod is migrated to a new node, there's no guarantee + that that new node has identical ulimits configured. In + such a scenario the pod would fail to start. If you have + nodes with different ulimits configured (e.g., different + tuned profiles) and you choose a discrete value then the + guidance is to use -1 and let the value be computed + dynamically at runtime. + + You can monitor memory usage for router containers with the + following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. + + You can monitor memory usage of individual HAProxy + processes in router containers with the following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. + format: int32 + type: integer + reloadInterval: + description: |- + reloadInterval defines the minimum interval at which the router is allowed to reload + to accept new changes. Increasing this value can prevent the accumulation of + HAProxy processes, depending on the scenario. Increasing this interval can + also lessen load imbalance on a backend's servers when using the roundrobin + balancing algorithm. Alternatively, decreasing this value may decrease latency + since updates to HAProxy's configuration can take effect more quickly. + + The value must be a time duration value; see . + Currently, the minimum value allowed is 1s, and the maximum allowed value is + 120s. Minimum and maximum allowed values may change in future versions of OpenShift. + Note that if a duration outside of these bounds is provided, the value of reloadInterval + will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to + 120s; the IngressController will not reject and replace this disallowed value with + the default). + + A zero value for reloadInterval tells the IngressController to choose the default, + which is currently 5s and subject to change without notice. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Note: Setting a value significantly larger than the default of 5s can cause latency + in observing updates to routes and their endpoints. HAProxy's configuration will + be reloaded less frequently, and newly created routes will not be served until the + subsequent reload. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + serverFinTimeout: + description: |- + serverFinTimeout defines how long a connection will be held open while + waiting for the server/backend response to the client closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + serverTimeout: + description: |- + serverTimeout defines how long a connection will be held open while + waiting for a server/backend response. + + If unset, the default timeout is 30s + format: duration + type: string + threadCount: + description: |- + threadCount defines the number of threads created per HAProxy process. + Creating more threads allows each ingress controller pod to handle more + connections, at the cost of more system resources being used. HAProxy + currently supports up to 64 threads. If this field is empty, the + IngressController will use the default value. The current default is 4 + threads, but this may change in future releases. + + Setting this field is generally not recommended. Increasing the number + of HAProxy threads allows ingress controller pods to utilize more CPU + time under load, potentially starving other pods if set too high. + Reducing the number of threads may cause the ingress controller to + perform poorly. + format: int32 + maximum: 64 + minimum: 1 + type: integer + tlsInspectDelay: + description: |- + tlsInspectDelay defines how long the router can hold data to find a + matching route. + + Setting this too short can cause the router to fall back to the default + certificate for edge-terminated or reencrypt routes even when a better + matching certificate could be used. + + If unset, the default inspect delay is 5s + format: duration + type: string + tunnelTimeout: + description: |- + tunnelTimeout defines how long a tunnel connection (including + websockets) will be held open while the tunnel is idle. + + If unset, the default timeout is 1h + format: duration + type: string + type: object + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides allows specifying unsupported + configuration options. Its use is unsupported. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the IngressController. + properties: + availableReplicas: + description: |- + availableReplicas is number of observed available replicas according to the + ingress controller deployment. + format: int32 + type: integer + conditions: + description: |- + conditions is a list of conditions and their status. + + Available means the ingress controller deployment is available and + servicing route and ingress resources (i.e, .status.availableReplicas + equals .spec.replicas) + + There are additional conditions which indicate the status of other + ingress controller features and capabilities. + + * LoadBalancerManaged + - True if the following conditions are met: + * The endpoint publishing strategy requires a service load balancer. + - False if any of those conditions are unsatisfied. + + * LoadBalancerReady + - True if the following conditions are met: + * A load balancer is managed. + * The load balancer is ready. + - False if any of those conditions are unsatisfied. + + * DNSManaged + - True if the following conditions are met: + * The endpoint publishing strategy and platform support DNS. + * The ingress controller domain is set. + * dns.config.openshift.io/cluster configures DNS zones. + - False if any of those conditions are unsatisfied. + + * DNSReady + - True if the following conditions are met: + * DNS is managed. + * DNS records have been successfully created. + - False if any of those conditions are unsatisfied. + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + domain: + description: domain is the actual domain in use. + type: string + endpointPublishingStrategy: + description: endpointPublishingStrategy is the actual strategy in + use. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + type: object + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + namespaceSelector: + description: namespaceSelector is the actual namespaceSelector in + use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: observedGeneration is the most recent generation observed. + format: int64 + type: integer + routeSelector: + description: routeSelector is the actual routeSelector in use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector, in string format, for ingress controller pods + corresponding to the IngressController. The number of matching pods should + equal the value of availableReplicas. + type: string + tlsProfile: + description: tlsProfile is the TLS connection configuration that is + in effect. + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml new file mode 100644 index 000000000..be89438d6 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerLBSubnetsAWS.yaml @@ -0,0 +1,3037 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/616 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: ingress + api.openshift.io/filename-ordering: "00" + capability.openshift.io/name: Ingress + feature-gate.release.openshift.io/IngressControllerLBSubnetsAWS: "true" + name: ingresscontrollers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: IngressController + listKind: IngressControllerList + plural: ingresscontrollers + singular: ingresscontroller + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + IngressController describes a managed ingress controller for the cluster. The + controller can service OpenShift Route and Kubernetes Ingress resources. + + When an IngressController is created, a new ingress controller deployment is + created to allow external traffic to reach the services that expose Ingress + or Route resources. Updating this resource may lead to disruption for public + facing network connections as a new ingress controller revision may be rolled + out. + + https://kubernetes.io/docs/concepts/services-networking/ingress-controllers + + Whenever possible, sensible defaults for the platform are used. See each + field for more details. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + IngressController. + properties: + clientTLS: + description: |- + clientTLS specifies settings for requesting and verifying client + certificates, which can be used to enable mutual TLS for + edge-terminated and reencrypt routes. + properties: + allowedSubjectPatterns: + description: |- + allowedSubjectPatterns specifies a list of regular expressions that + should be matched against the distinguished name on a valid client + certificate to filter requests. The regular expressions must use + PCRE syntax. If this list is empty, no filtering is performed. If + the list is nonempty, then at least one pattern must match a client + certificate's distinguished name or else the ingress controller + rejects the certificate and denies the connection. + items: + type: string + type: array + x-kubernetes-list-type: atomic + clientCA: + description: |- + clientCA specifies a configmap containing the PEM-encoded CA + certificate bundle that should be used to verify a client's + certificate. The administrator must create this configmap in the + openshift-config namespace. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + clientCertificatePolicy: + description: |- + clientCertificatePolicy specifies whether the ingress controller + requires clients to provide certificates. This field accepts the + values "Required" or "Optional". + + Note that the ingress controller only checks client certificates for + edge-terminated and reencrypt TLS routes; it cannot check + certificates for cleartext HTTP or passthrough TLS routes. + enum: + - "" + - Required + - Optional + type: string + required: + - clientCA + - clientCertificatePolicy + type: object + defaultCertificate: + description: |- + defaultCertificate is a reference to a secret containing the default + certificate served by the ingress controller. When Routes don't specify + their own certificate, defaultCertificate is used. + + The secret must contain the following keys and data: + + tls.crt: certificate file contents + tls.key: key file contents + + If unset, a wildcard certificate is automatically generated and used. The + certificate is valid for the ingress controller domain (and subdomains) and + the generated certificate's CA will be automatically integrated with the + cluster's trust store. + + If a wildcard certificate is used and shared by multiple + HTTP/2 enabled routes (which implies ALPN) then clients + (i.e., notably browsers) are at liberty to reuse open + connections. This means a client can reuse a connection to + another route and that is likely to fail. This behaviour is + generally known as connection coalescing. + + The in-use certificate (whether generated or user-specified) will be + automatically integrated with OpenShift's built-in OAuth server. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + domain: + description: |- + domain is a DNS name serviced by the ingress controller and is used to + configure multiple features: + + * For the LoadBalancerService endpoint publishing strategy, domain is + used to configure DNS records. See endpointPublishingStrategy. + + * When using a generated default certificate, the certificate will be valid + for domain and its subdomains. See defaultCertificate. + + * The value is published to individual Route statuses so that end-users + know where to target external DNS records. + + domain must be unique among all IngressControllers, and cannot be + updated. + + If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. + type: string + endpointPublishingStrategy: + description: |- + endpointPublishingStrategy is used to publish the ingress controller + endpoints to other networks, enable load balancer integrations, etc. + + If unset, the default is based on + infrastructure.config.openshift.io/cluster .status.platform: + + AWS: LoadBalancerService (with External scope) + Azure: LoadBalancerService (with External scope) + GCP: LoadBalancerService (with External scope) + IBMCloud: LoadBalancerService (with External scope) + AlibabaCloud: LoadBalancerService (with External scope) + Libvirt: HostNetwork + + Any other platform types (including None) default to HostNetwork. + + endpointPublishingStrategy cannot be updated. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + properties: + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + httpCompression: + description: |- + httpCompression defines a policy for HTTP traffic compression. + By default, there is no HTTP compression. + properties: + mimeTypes: + description: |- + mimeTypes is a list of MIME types that should have compression applied. + This list can be empty, in which case the ingress controller does not apply compression. + + Note: Not all MIME types benefit from compression, but HAProxy will still use resources + to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) + formats benefit from compression, but formats that are already compressed (image, + audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing + again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 + items: + description: |- + CompressionMIMEType defines the format of a single MIME type. + E.g. "text/css; charset=utf-8", "text/html", "text/*", "image/svg+xml", + "application/octet-stream", "X-custom/customsub", etc. + + The format should follow the Content-Type definition in RFC 1341: + Content-Type := type "/" subtype *[";" parameter] + - The type in Content-Type can be one of: + application, audio, image, message, multipart, text, video, or a custom + type preceded by "X-" and followed by a token as defined below. + - The token is a string of at least one character, and not containing white + space, control characters, or any of the characters in the tspecials set. + - The tspecials set contains the characters ()<>@,;:\"/[]?.= + - The subtype in Content-Type is also a token. + - The optional parameter/s following the subtype are defined as: + token "=" (token / quoted-string) + - The quoted-string, as defined in RFC 822, is surrounded by double quotes + and can contain white space plus any character EXCEPT \, ", and CR. + It can also contain any single ASCII character as long as it is escaped by \. + pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ + type: string + type: array + x-kubernetes-list-type: set + type: object + httpEmptyRequestsPolicy: + default: Respond + description: |- + httpEmptyRequestsPolicy describes how HTTP connections should be + handled if the connection times out before a request is received. + Allowed values for this field are "Respond" and "Ignore". If the + field is set to "Respond", the ingress controller sends an HTTP 400 + or 408 response, logs the connection (if access logging is enabled), + and counts the connection in the appropriate metrics. If the field + is set to "Ignore", the ingress controller closes the connection + without sending a response, logging the connection, or incrementing + metrics. The default value is "Respond". + + Typically, these connections come from load balancers' health probes + or Web browsers' speculative connections ("preconnect") and can be + safely ignored. However, these requests may also be caused by + network errors, and so setting this field to "Ignore" may impede + detection and diagnosis of problems. In addition, these requests may + be caused by port scans, in which case logging empty requests may aid + in detecting intrusion attempts. + enum: + - Respond + - Ignore + type: string + httpErrorCodePages: + description: |- + httpErrorCodePages specifies a configmap with custom error pages. + The administrator must create this configmap in the openshift-config namespace. + This configmap should have keys in the format "error-page-.http", + where is an HTTP error code. + For example, "error-page-503.http" defines an error page for HTTP 503 responses. + Currently only error pages for 503 and 404 responses can be customized. + Each value in the configmap should be the full response, including HTTP headers. + Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http + If this field is empty, the ingress controller uses the default error pages. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + httpHeaders: + description: |- + httpHeaders defines policy for HTTP headers. + + If this field is empty, the default values are used. + properties: + actions: + description: |- + actions specifies options for modifying headers and their values. + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be modified for TLS passthrough + connections. + Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + Any actions defined here are applied after any actions related to the following other fields: + cache-control, spec.clientTLS, + spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + and spec.httpHeaders.headerNameCaseAdjustments. + In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + the actions specified in the IngressController's spec.httpHeaders.actions field. + In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + executed after the actions specified in the Route's spec.httpHeaders.actions field. + Headers set using this API cannot be captured for use in access logs. + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. Please refer to the documentation + for that API field for more details. + properties: + request: + description: |- + request is a list of HTTP request headers to modify. + Actions defined here will modify the request headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for request headers will be executed before Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 request header actions may be configured. + Sample fetchers allowed are "req.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are req.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: |- + response is a list of HTTP response headers to modify. + Actions defined here will modify the response headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for response headers will be executed after Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 response header actions may be configured. + Sample fetchers allowed are "res.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are res.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object + forwardedHeaderPolicy: + description: |- + forwardedHeaderPolicy specifies when and how the IngressController + sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version + HTTP headers. The value may be one of the following: + + * "Append", which specifies that the IngressController appends the + headers, preserving existing headers. + + * "Replace", which specifies that the IngressController sets the + headers, replacing any existing Forwarded or X-Forwarded-* headers. + + * "IfNone", which specifies that the IngressController sets the + headers if they are not already set. + + * "Never", which specifies that the IngressController never sets the + headers, preserving any existing headers. + + By default, the policy is "Append". + enum: + - Append + - Replace + - IfNone + - Never + type: string + headerNameCaseAdjustments: + description: |- + headerNameCaseAdjustments specifies case adjustments that can be + applied to HTTP header names. Each adjustment is specified as an + HTTP header name with the desired capitalization. For example, + specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + HTTP header should be adjusted to have the specified capitalization. + + These adjustments are only applied to cleartext, edge-terminated, and + re-encrypt routes, and only when using HTTP/1. + + For request headers, these adjustments are applied only for routes + that have the haproxy.router.openshift.io/h1-adjust-case=true + annotation. For response headers, these adjustments are applied to + all HTTP responses. + + If this field is empty, no request headers are adjusted. + items: + description: |- + IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header + (for example, "X-Forwarded-For") in the desired capitalization. The value + must be a valid HTTP header name as defined in RFC 2616 section 4.2. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + uniqueId: + description: |- + uniqueId describes configuration for a custom HTTP header that the + ingress controller should inject into incoming HTTP requests. + Typically, this header is configured to have a value that is unique + to the HTTP request. The header can be used by applications or + included in access logs to facilitate tracing individual HTTP + requests. + + If this field is empty, no such header is injected into requests. + properties: + format: + description: |- + format specifies the format for the injected HTTP header's value. + This field has no effect unless name is specified. For the + HAProxy-based ingress controller implementation, this format uses the + same syntax as the HTTP log format. If the field is empty, the + default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + corresponding HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + maxLength: 1024 + minLength: 0 + pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ + type: string + name: + description: |- + name specifies the name of the HTTP header (for example, "unique-id") + that the ingress controller should inject into HTTP requests. The + field's value must be a valid HTTP header name as defined in RFC 2616 + section 4.2. If the field is empty, no header is injected. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + type: object + type: object + logging: + description: |- + logging defines parameters for what should be logged where. If this + field is empty, operational logs are enabled but access logs are + disabled. + properties: + access: + description: |- + access describes how the client requests should be logged. + + If this field is empty, access logging is disabled. + properties: + destination: + description: destination is where access logs go. + properties: + container: + description: |- + container holds parameters for the Container logging destination. + Present only if type is Container. + properties: + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 8192, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 8192 + minimum: 480 + type: integer + type: object + syslog: + description: |- + syslog holds parameters for a syslog endpoint. Present only if + type is Syslog. + properties: + address: + description: |- + address is the IP address of the syslog endpoint that receives log + messages. + type: string + facility: + description: |- + facility specifies the syslog facility of log messages. + + If this field is empty, the facility is "local1". + enum: + - kern + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - auth2 + - ftp + - ntp + - audit + - alert + - cron2 + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + type: string + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 4096, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 4096 + minimum: 480 + type: integer + port: + description: |- + port is the UDP port number of the syslog endpoint that receives log + messages. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + type: + description: |- + type is the type of destination for logs. It must be one of the + following: + + * Container + + The ingress operator configures the sidecar container named "logs" on + the ingress controller pod and configures the ingress controller to + write logs to the sidecar. The logs are then available as container + logs. The expectation is that the administrator configures a custom + logging solution that reads logs from this sidecar. Note that using + container logs means that logs may be dropped if the rate of logs + exceeds the container runtime's or the custom logging solution's + capacity. + + * Syslog + + Logs are sent to a syslog endpoint. The administrator must specify + an endpoint that can receive syslog messages. The expectation is + that the administrator has configured a custom syslog instance. + enum: + - Container + - Syslog + type: string + required: + - type + type: object + httpCaptureCookies: + description: |- + httpCaptureCookies specifies HTTP cookies that should be captured in + access logs. If this field is empty, no cookies are captured. + items: + description: |- + IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be + captured. + properties: + matchType: + description: |- + matchType specifies the type of match to be performed on the cookie + name. Allowed values are "Exact" for an exact string match and + "Prefix" for a string prefix match. If "Exact" is specified, a name + must be specified in the name field. If "Prefix" is provided, a + prefix must be specified in the namePrefix field. For example, + specifying matchType "Prefix" and namePrefix "foo" will capture a + cookie named "foo" or "foobar" but not one named "bar". The first + matching cookie is captured. + enum: + - Exact + - Prefix + type: string + maxLength: + description: |- + maxLength specifies a maximum length of the string that will be + logged, which includes the cookie name, cookie value, and + one-character delimiter. If the log entry exceeds this length, the + value will be truncated in the log message. Note that the ingress + controller may impose a separate bound on the total length of HTTP + headers in a request. + maximum: 1024 + minimum: 1 + type: integer + name: + description: |- + name specifies a cookie name. Its value must be a valid HTTP cookie + name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + namePrefix: + description: |- + namePrefix specifies a cookie name prefix. Its value must be a valid + HTTP cookie name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + required: + - matchType + - maxLength + type: object + maxItems: 1 + nullable: true + type: array + x-kubernetes-list-type: atomic + httpCaptureHeaders: + description: |- + httpCaptureHeaders defines HTTP headers that should be captured in + access logs. If this field is empty, no headers are captured. + + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be captured for TLS passthrough + connections. + properties: + request: + description: |- + request specifies which HTTP request headers to capture. + + If this field is empty, no request headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + response: + description: |- + response specifies which HTTP response headers to capture. + + If this field is empty, no response headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + type: object + httpLogFormat: + description: |- + httpLogFormat specifies the format of the log message for an HTTP + request. + + If this field is empty, log messages use the implementation's default + HTTP log format. For HAProxy's default HTTP log format, see the + HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + + Note that this format only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). It does not affect the log format for TLS passthrough + connections. + type: string + logEmptyRequests: + default: Log + description: |- + logEmptyRequests specifies how connections on which no request is + received should be logged. Typically, these empty requests come from + load balancers' health probes or Web browsers' speculative + connections ("preconnect"), in which case logging these requests may + be undesirable. However, these requests may also be caused by + network errors, in which case logging empty requests may be useful + for diagnosing the errors. In addition, these requests may be caused + by port scans, in which case logging empty requests may aid in + detecting intrusion attempts. Allowed values for this field are + "Log" and "Ignore". The default value is "Log". + enum: + - Log + - Ignore + type: string + required: + - destination + type: object + type: object + namespaceSelector: + description: |- + namespaceSelector is used to filter the set of namespaces serviced by the + ingress controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodePlacement: + description: |- + nodePlacement enables explicit control over the scheduling of the ingress + controller. + + If unset, defaults are used. See NodePlacement for more details. + properties: + nodeSelector: + description: |- + nodeSelector is the node selector applied to ingress controller + deployments. + + If set, the specified selector is used and replaces the default. + + If unset, the default depends on the value of the defaultPlacement + field in the cluster config.openshift.io/v1/ingresses status. + + When defaultPlacement is Workers, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/worker: '' + + When defaultPlacement is ControlPlane, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/master: '' + + These defaults are subject to change. + + Note that using nodeSelector.matchExpressions is not supported. Only + nodeSelector.matchLabels may be used. This is a limitation of the + Kubernetes API: the pod spec does not allow complex expressions for + node selectors. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tolerations: + description: |- + tolerations is a list of tolerations applied to ingress controller + deployments. + + The default is an empty list. + + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + replicas: + description: |- + replicas is the desired number of ingress controller replicas. If unset, + the default depends on the value of the defaultPlacement field in the + cluster config.openshift.io/v1/ingresses status. + + The value of replicas is set based on the value of a chosen field in the + Infrastructure CR. If defaultPlacement is set to ControlPlane, the + chosen field will be controlPlaneTopology. If it is set to Workers the + chosen field will be infrastructureTopology. Replicas will then be set to 1 + or 2 based whether the chosen field's value is SingleReplica or + HighlyAvailable, respectively. + + These defaults are subject to change. + format: int32 + type: integer + routeAdmission: + description: |- + routeAdmission defines a policy for handling new route claims (for example, + to allow or deny claims across namespaces). + + If empty, defaults will be applied. See specific routeAdmission fields + for details about their defaults. + properties: + namespaceOwnership: + description: |- + namespaceOwnership describes how host name claims across namespaces should + be handled. + + Value must be one of: + + - Strict: Do not allow routes in different namespaces to claim the same host. + + - InterNamespaceAllowed: Allow routes to claim different paths of the same + host name across namespaces. + + If empty, the default is Strict. + enum: + - InterNamespaceAllowed + - Strict + type: string + wildcardPolicy: + description: |- + wildcardPolicy describes how routes with wildcard policies should + be handled for the ingress controller. WildcardPolicy controls use + of routes [1] exposed by the ingress controller based on the route's + wildcard policy. + + [1] https://github.com/openshift/api/blob/master/route/v1/types.go + + Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain to stop + working. These routes must be updated to a wildcard policy of None to be + readmitted by the ingress controller. + + WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + + If empty, defaults to "WildcardsDisallowed". + enum: + - WildcardsAllowed + - WildcardsDisallowed + type: string + type: object + routeSelector: + description: |- + routeSelector is used to filter the set of Routes serviced by the ingress + controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. + + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + + Note that when using the Old, Intermediate, and Modern profile types, the effective + profile configuration is subject to change between releases. For example, given + a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade + to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress + controller, resulting in a rollout. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. An example custom profile + looks like this: + + ciphers: + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + minTLSVersion: VersionTLS11 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + minTLSVersion: VersionTLS12 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + minTLSVersion: VersionTLS13 + nullable: true + type: object + old: + description: |- + old is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + - DHE-RSA-CHACHA20-POLY1305 + + - ECDHE-ECDSA-AES128-SHA256 + + - ECDHE-RSA-AES128-SHA256 + + - ECDHE-ECDSA-AES128-SHA + + - ECDHE-RSA-AES128-SHA + + - ECDHE-ECDSA-AES256-SHA384 + + - ECDHE-RSA-AES256-SHA384 + + - ECDHE-ECDSA-AES256-SHA + + - ECDHE-RSA-AES256-SHA + + - DHE-RSA-AES128-SHA256 + + - DHE-RSA-AES256-SHA256 + + - AES128-GCM-SHA256 + + - AES256-GCM-SHA384 + + - AES128-SHA256 + + - AES256-SHA256 + + - AES128-SHA + + - AES256-SHA + + - DES-CBC3-SHA + + minTLSVersion: VersionTLS10 + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides + the ability to specify individual TLS security profile parameters. + Old, Intermediate and Modern are TLS security profiles based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + + The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + reduced. + + Note that the Modern profile is currently not supported because it is not + yet well adopted by common software libraries. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + tuningOptions: + description: |- + tuningOptions defines parameters for adjusting the performance of + ingress controller pods. All fields are optional and will use their + respective defaults if not set. See specific tuningOptions fields for + more details. + + Setting fields within tuningOptions is generally not recommended. The + default values are suitable for most configurations. + properties: + clientFinTimeout: + description: |- + clientFinTimeout defines how long a connection will be held open while + waiting for the client response to the server/backend closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + clientTimeout: + description: |- + clientTimeout defines how long a connection will be held open while + waiting for a client response. + + If unset, the default timeout is 30s + format: duration + type: string + connectTimeout: + description: |- + ConnectTimeout defines the maximum time to wait for + a connection attempt to a server/backend to succeed. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 5s. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + headerBufferBytes: + description: |- + headerBufferBytes describes how much memory should be reserved + (in bytes) for IngressController connection sessions. + Note that this value must be at least 16384 if HTTP/2 is + enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + If this field is empty, the IngressController will use a default value + of 32768 bytes. + + Setting this field is generally not recommended as headerBufferBytes + values that are too small may break the IngressController and + headerBufferBytes values that are too large could cause the + IngressController to use significantly more memory than necessary. + format: int32 + minimum: 16384 + type: integer + headerBufferMaxRewriteBytes: + description: |- + headerBufferMaxRewriteBytes describes how much memory should be reserved + (in bytes) from headerBufferBytes for HTTP header rewriting + and appending for IngressController connection sessions. + Note that incoming HTTP requests will be limited to + (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning + headerBufferBytes must be greater than headerBufferMaxRewriteBytes. + If this field is empty, the IngressController will use a default value + of 8192 bytes. + + Setting this field is generally not recommended as + headerBufferMaxRewriteBytes values that are too small may break the + IngressController and headerBufferMaxRewriteBytes values that are too + large could cause the IngressController to use significantly more memory + than necessary. + format: int32 + minimum: 4096 + type: integer + healthCheckInterval: + description: |- + healthCheckInterval defines how long the router waits between two consecutive + health checks on its configured backends. This value is applied globally as + a default for all routes, but may be overridden per-route by the route annotation + "router.openshift.io/haproxy.health.check.interval". + + Expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Setting this to less than 5s can cause excess traffic due to too frequent + TCP health checks and accompanying SYN packet storms. Alternatively, setting + this too high can result in increased latency, due to backend servers that are no + longer available, but haven't yet been detected as such. + + An empty or zero healthCheckInterval means no opinion and IngressController chooses + a default, which is subject to change over time. + Currently the default healthCheckInterval value is 5s. + + Currently the minimum allowed value is 1s and the maximum allowed value is + 2147483647ms (24.85 days). Both are subject to change over time. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + maxConnections: + description: |- + maxConnections defines the maximum number of simultaneous + connections that can be established per HAProxy process. + Increasing this value allows each ingress controller pod to + handle more connections but at the cost of additional + system resources being consumed. + + Permitted values are: empty, 0, -1, and the range + 2000-2000000. + + If this field is empty or 0, the IngressController will use + the default value of 50000, but the default is subject to + change in future releases. + + If the value is -1 then HAProxy will dynamically compute a + maximum value based on the available ulimits in the running + container. Selecting -1 (i.e., auto) will result in a large + value being computed (~520000 on OpenShift >=4.10 clusters) + and therefore each HAProxy process will incur significant + memory usage compared to the current default of 50000. + + Setting a value that is greater than the current operating + system limit will prevent the HAProxy process from + starting. + + If you choose a discrete value (e.g., 750000) and the + router pod is migrated to a new node, there's no guarantee + that that new node has identical ulimits configured. In + such a scenario the pod would fail to start. If you have + nodes with different ulimits configured (e.g., different + tuned profiles) and you choose a discrete value then the + guidance is to use -1 and let the value be computed + dynamically at runtime. + + You can monitor memory usage for router containers with the + following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. + + You can monitor memory usage of individual HAProxy + processes in router containers with the following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. + format: int32 + type: integer + reloadInterval: + description: |- + reloadInterval defines the minimum interval at which the router is allowed to reload + to accept new changes. Increasing this value can prevent the accumulation of + HAProxy processes, depending on the scenario. Increasing this interval can + also lessen load imbalance on a backend's servers when using the roundrobin + balancing algorithm. Alternatively, decreasing this value may decrease latency + since updates to HAProxy's configuration can take effect more quickly. + + The value must be a time duration value; see . + Currently, the minimum value allowed is 1s, and the maximum allowed value is + 120s. Minimum and maximum allowed values may change in future versions of OpenShift. + Note that if a duration outside of these bounds is provided, the value of reloadInterval + will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to + 120s; the IngressController will not reject and replace this disallowed value with + the default). + + A zero value for reloadInterval tells the IngressController to choose the default, + which is currently 5s and subject to change without notice. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Note: Setting a value significantly larger than the default of 5s can cause latency + in observing updates to routes and their endpoints. HAProxy's configuration will + be reloaded less frequently, and newly created routes will not be served until the + subsequent reload. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + serverFinTimeout: + description: |- + serverFinTimeout defines how long a connection will be held open while + waiting for the server/backend response to the client closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + serverTimeout: + description: |- + serverTimeout defines how long a connection will be held open while + waiting for a server/backend response. + + If unset, the default timeout is 30s + format: duration + type: string + threadCount: + description: |- + threadCount defines the number of threads created per HAProxy process. + Creating more threads allows each ingress controller pod to handle more + connections, at the cost of more system resources being used. HAProxy + currently supports up to 64 threads. If this field is empty, the + IngressController will use the default value. The current default is 4 + threads, but this may change in future releases. + + Setting this field is generally not recommended. Increasing the number + of HAProxy threads allows ingress controller pods to utilize more CPU + time under load, potentially starving other pods if set too high. + Reducing the number of threads may cause the ingress controller to + perform poorly. + format: int32 + maximum: 64 + minimum: 1 + type: integer + tlsInspectDelay: + description: |- + tlsInspectDelay defines how long the router can hold data to find a + matching route. + + Setting this too short can cause the router to fall back to the default + certificate for edge-terminated or reencrypt routes even when a better + matching certificate could be used. + + If unset, the default inspect delay is 5s + format: duration + type: string + tunnelTimeout: + description: |- + tunnelTimeout defines how long a tunnel connection (including + websockets) will be held open while the tunnel is idle. + + If unset, the default timeout is 1h + format: duration + type: string + type: object + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides allows specifying unsupported + configuration options. Its use is unsupported. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the IngressController. + properties: + availableReplicas: + description: |- + availableReplicas is number of observed available replicas according to the + ingress controller deployment. + format: int32 + type: integer + conditions: + description: |- + conditions is a list of conditions and their status. + + Available means the ingress controller deployment is available and + servicing route and ingress resources (i.e, .status.availableReplicas + equals .spec.replicas) + + There are additional conditions which indicate the status of other + ingress controller features and capabilities. + + * LoadBalancerManaged + - True if the following conditions are met: + * The endpoint publishing strategy requires a service load balancer. + - False if any of those conditions are unsatisfied. + + * LoadBalancerReady + - True if the following conditions are met: + * A load balancer is managed. + * The load balancer is ready. + - False if any of those conditions are unsatisfied. + + * DNSManaged + - True if the following conditions are met: + * The endpoint publishing strategy and platform support DNS. + * The ingress controller domain is set. + * dns.config.openshift.io/cluster configures DNS zones. + - False if any of those conditions are unsatisfied. + + * DNSReady + - True if the following conditions are met: + * DNS is managed. + * DNS records have been successfully created. + - False if any of those conditions are unsatisfied. + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + domain: + description: domain is the actual domain in use. + type: string + endpointPublishingStrategy: + description: endpointPublishingStrategy is the actual strategy in + use. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + properties: + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + namespaceSelector: + description: namespaceSelector is the actual namespaceSelector in + use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: observedGeneration is the most recent generation observed. + format: int64 + type: integer + routeSelector: + description: routeSelector is the actual routeSelector in use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector, in string format, for ingress controller pods + corresponding to the IngressController. The number of matching pods should + equal the value of availableReplicas. + type: string + tlsProfile: + description: tlsProfile is the TLS connection configuration that is + in effect. + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml new file mode 100644 index 000000000..c9093ecf8 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/SetEIPForNLBIngressController.yaml @@ -0,0 +1,2857 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/616 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: ingress + api.openshift.io/filename-ordering: "00" + capability.openshift.io/name: Ingress + feature-gate.release.openshift.io/SetEIPForNLBIngressController: "true" + name: ingresscontrollers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: IngressController + listKind: IngressControllerList + plural: ingresscontrollers + singular: ingresscontroller + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + IngressController describes a managed ingress controller for the cluster. The + controller can service OpenShift Route and Kubernetes Ingress resources. + + When an IngressController is created, a new ingress controller deployment is + created to allow external traffic to reach the services that expose Ingress + or Route resources. Updating this resource may lead to disruption for public + facing network connections as a new ingress controller revision may be rolled + out. + + https://kubernetes.io/docs/concepts/services-networking/ingress-controllers + + Whenever possible, sensible defaults for the platform are used. See each + field for more details. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + IngressController. + properties: + clientTLS: + description: |- + clientTLS specifies settings for requesting and verifying client + certificates, which can be used to enable mutual TLS for + edge-terminated and reencrypt routes. + properties: + allowedSubjectPatterns: + description: |- + allowedSubjectPatterns specifies a list of regular expressions that + should be matched against the distinguished name on a valid client + certificate to filter requests. The regular expressions must use + PCRE syntax. If this list is empty, no filtering is performed. If + the list is nonempty, then at least one pattern must match a client + certificate's distinguished name or else the ingress controller + rejects the certificate and denies the connection. + items: + type: string + type: array + x-kubernetes-list-type: atomic + clientCA: + description: |- + clientCA specifies a configmap containing the PEM-encoded CA + certificate bundle that should be used to verify a client's + certificate. The administrator must create this configmap in the + openshift-config namespace. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + clientCertificatePolicy: + description: |- + clientCertificatePolicy specifies whether the ingress controller + requires clients to provide certificates. This field accepts the + values "Required" or "Optional". + + Note that the ingress controller only checks client certificates for + edge-terminated and reencrypt TLS routes; it cannot check + certificates for cleartext HTTP or passthrough TLS routes. + enum: + - "" + - Required + - Optional + type: string + required: + - clientCA + - clientCertificatePolicy + type: object + defaultCertificate: + description: |- + defaultCertificate is a reference to a secret containing the default + certificate served by the ingress controller. When Routes don't specify + their own certificate, defaultCertificate is used. + + The secret must contain the following keys and data: + + tls.crt: certificate file contents + tls.key: key file contents + + If unset, a wildcard certificate is automatically generated and used. The + certificate is valid for the ingress controller domain (and subdomains) and + the generated certificate's CA will be automatically integrated with the + cluster's trust store. + + If a wildcard certificate is used and shared by multiple + HTTP/2 enabled routes (which implies ALPN) then clients + (i.e., notably browsers) are at liberty to reuse open + connections. This means a client can reuse a connection to + another route and that is likely to fail. This behaviour is + generally known as connection coalescing. + + The in-use certificate (whether generated or user-specified) will be + automatically integrated with OpenShift's built-in OAuth server. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + domain: + description: |- + domain is a DNS name serviced by the ingress controller and is used to + configure multiple features: + + * For the LoadBalancerService endpoint publishing strategy, domain is + used to configure DNS records. See endpointPublishingStrategy. + + * When using a generated default certificate, the certificate will be valid + for domain and its subdomains. See defaultCertificate. + + * The value is published to individual Route statuses so that end-users + know where to target external DNS records. + + domain must be unique among all IngressControllers, and cannot be + updated. + + If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. + type: string + endpointPublishingStrategy: + description: |- + endpointPublishingStrategy is used to publish the ingress controller + endpoints to other networks, enable load balancer integrations, etc. + + If unset, the default is based on + infrastructure.config.openshift.io/cluster .status.platform: + + AWS: LoadBalancerService (with External scope) + Azure: LoadBalancerService (with External scope) + GCP: LoadBalancerService (with External scope) + IBMCloud: LoadBalancerService (with External scope) + AlibabaCloud: LoadBalancerService (with External scope) + Libvirt: HostNetwork + + Any other platform types (including None) default to HostNetwork. + + endpointPublishingStrategy cannot be updated. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + properties: + eipAllocations: + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. + A maximum of 10 EIP allocations are permitted. + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. + items: + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. + maxLength: 26 + minLength: 26 + type: string + x-kubernetes-validations: + - message: eipAllocations should start with + 'eipalloc-' + rule: self.startsWith('eipalloc-') + - message: eipAllocations must be 'eipalloc-' + followed by exactly 17 hexadecimal characters + (0-9, a-f, A-F) + rule: self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$') + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: eipAllocations cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == y)) + type: object + x-kubernetes-validations: + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids + self.subnets.names) + == size(self.eipAllocations) : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && !has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids) == size(self.eipAllocations) + : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.names) + && !has(self.subnets.ids) && has(self.eipAllocations) + ? size(self.subnets.names) == size(self.eipAllocations) + : true' + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: eipAllocations are forbidden when the scope is Internal. + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) + || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + httpCompression: + description: |- + httpCompression defines a policy for HTTP traffic compression. + By default, there is no HTTP compression. + properties: + mimeTypes: + description: |- + mimeTypes is a list of MIME types that should have compression applied. + This list can be empty, in which case the ingress controller does not apply compression. + + Note: Not all MIME types benefit from compression, but HAProxy will still use resources + to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) + formats benefit from compression, but formats that are already compressed (image, + audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing + again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 + items: + description: |- + CompressionMIMEType defines the format of a single MIME type. + E.g. "text/css; charset=utf-8", "text/html", "text/*", "image/svg+xml", + "application/octet-stream", "X-custom/customsub", etc. + + The format should follow the Content-Type definition in RFC 1341: + Content-Type := type "/" subtype *[";" parameter] + - The type in Content-Type can be one of: + application, audio, image, message, multipart, text, video, or a custom + type preceded by "X-" and followed by a token as defined below. + - The token is a string of at least one character, and not containing white + space, control characters, or any of the characters in the tspecials set. + - The tspecials set contains the characters ()<>@,;:\"/[]?.= + - The subtype in Content-Type is also a token. + - The optional parameter/s following the subtype are defined as: + token "=" (token / quoted-string) + - The quoted-string, as defined in RFC 822, is surrounded by double quotes + and can contain white space plus any character EXCEPT \, ", and CR. + It can also contain any single ASCII character as long as it is escaped by \. + pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ + type: string + type: array + x-kubernetes-list-type: set + type: object + httpEmptyRequestsPolicy: + default: Respond + description: |- + httpEmptyRequestsPolicy describes how HTTP connections should be + handled if the connection times out before a request is received. + Allowed values for this field are "Respond" and "Ignore". If the + field is set to "Respond", the ingress controller sends an HTTP 400 + or 408 response, logs the connection (if access logging is enabled), + and counts the connection in the appropriate metrics. If the field + is set to "Ignore", the ingress controller closes the connection + without sending a response, logging the connection, or incrementing + metrics. The default value is "Respond". + + Typically, these connections come from load balancers' health probes + or Web browsers' speculative connections ("preconnect") and can be + safely ignored. However, these requests may also be caused by + network errors, and so setting this field to "Ignore" may impede + detection and diagnosis of problems. In addition, these requests may + be caused by port scans, in which case logging empty requests may aid + in detecting intrusion attempts. + enum: + - Respond + - Ignore + type: string + httpErrorCodePages: + description: |- + httpErrorCodePages specifies a configmap with custom error pages. + The administrator must create this configmap in the openshift-config namespace. + This configmap should have keys in the format "error-page-.http", + where is an HTTP error code. + For example, "error-page-503.http" defines an error page for HTTP 503 responses. + Currently only error pages for 503 and 404 responses can be customized. + Each value in the configmap should be the full response, including HTTP headers. + Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http + If this field is empty, the ingress controller uses the default error pages. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + httpHeaders: + description: |- + httpHeaders defines policy for HTTP headers. + + If this field is empty, the default values are used. + properties: + actions: + description: |- + actions specifies options for modifying headers and their values. + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be modified for TLS passthrough + connections. + Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + Any actions defined here are applied after any actions related to the following other fields: + cache-control, spec.clientTLS, + spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + and spec.httpHeaders.headerNameCaseAdjustments. + In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + the actions specified in the IngressController's spec.httpHeaders.actions field. + In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + executed after the actions specified in the Route's spec.httpHeaders.actions field. + Headers set using this API cannot be captured for use in access logs. + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. Please refer to the documentation + for that API field for more details. + properties: + request: + description: |- + request is a list of HTTP request headers to modify. + Actions defined here will modify the request headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for request headers will be executed before Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 request header actions may be configured. + Sample fetchers allowed are "req.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are req.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: |- + response is a list of HTTP response headers to modify. + Actions defined here will modify the response headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for response headers will be executed after Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 response header actions may be configured. + Sample fetchers allowed are "res.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are res.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object + forwardedHeaderPolicy: + description: |- + forwardedHeaderPolicy specifies when and how the IngressController + sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version + HTTP headers. The value may be one of the following: + + * "Append", which specifies that the IngressController appends the + headers, preserving existing headers. + + * "Replace", which specifies that the IngressController sets the + headers, replacing any existing Forwarded or X-Forwarded-* headers. + + * "IfNone", which specifies that the IngressController sets the + headers if they are not already set. + + * "Never", which specifies that the IngressController never sets the + headers, preserving any existing headers. + + By default, the policy is "Append". + enum: + - Append + - Replace + - IfNone + - Never + type: string + headerNameCaseAdjustments: + description: |- + headerNameCaseAdjustments specifies case adjustments that can be + applied to HTTP header names. Each adjustment is specified as an + HTTP header name with the desired capitalization. For example, + specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + HTTP header should be adjusted to have the specified capitalization. + + These adjustments are only applied to cleartext, edge-terminated, and + re-encrypt routes, and only when using HTTP/1. + + For request headers, these adjustments are applied only for routes + that have the haproxy.router.openshift.io/h1-adjust-case=true + annotation. For response headers, these adjustments are applied to + all HTTP responses. + + If this field is empty, no request headers are adjusted. + items: + description: |- + IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header + (for example, "X-Forwarded-For") in the desired capitalization. The value + must be a valid HTTP header name as defined in RFC 2616 section 4.2. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + uniqueId: + description: |- + uniqueId describes configuration for a custom HTTP header that the + ingress controller should inject into incoming HTTP requests. + Typically, this header is configured to have a value that is unique + to the HTTP request. The header can be used by applications or + included in access logs to facilitate tracing individual HTTP + requests. + + If this field is empty, no such header is injected into requests. + properties: + format: + description: |- + format specifies the format for the injected HTTP header's value. + This field has no effect unless name is specified. For the + HAProxy-based ingress controller implementation, this format uses the + same syntax as the HTTP log format. If the field is empty, the + default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + corresponding HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + maxLength: 1024 + minLength: 0 + pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ + type: string + name: + description: |- + name specifies the name of the HTTP header (for example, "unique-id") + that the ingress controller should inject into HTTP requests. The + field's value must be a valid HTTP header name as defined in RFC 2616 + section 4.2. If the field is empty, no header is injected. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + type: object + type: object + logging: + description: |- + logging defines parameters for what should be logged where. If this + field is empty, operational logs are enabled but access logs are + disabled. + properties: + access: + description: |- + access describes how the client requests should be logged. + + If this field is empty, access logging is disabled. + properties: + destination: + description: destination is where access logs go. + properties: + container: + description: |- + container holds parameters for the Container logging destination. + Present only if type is Container. + properties: + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 8192, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 8192 + minimum: 480 + type: integer + type: object + syslog: + description: |- + syslog holds parameters for a syslog endpoint. Present only if + type is Syslog. + properties: + address: + description: |- + address is the IP address of the syslog endpoint that receives log + messages. + type: string + facility: + description: |- + facility specifies the syslog facility of log messages. + + If this field is empty, the facility is "local1". + enum: + - kern + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - auth2 + - ftp + - ntp + - audit + - alert + - cron2 + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + type: string + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 4096, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 4096 + minimum: 480 + type: integer + port: + description: |- + port is the UDP port number of the syslog endpoint that receives log + messages. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + type: + description: |- + type is the type of destination for logs. It must be one of the + following: + + * Container + + The ingress operator configures the sidecar container named "logs" on + the ingress controller pod and configures the ingress controller to + write logs to the sidecar. The logs are then available as container + logs. The expectation is that the administrator configures a custom + logging solution that reads logs from this sidecar. Note that using + container logs means that logs may be dropped if the rate of logs + exceeds the container runtime's or the custom logging solution's + capacity. + + * Syslog + + Logs are sent to a syslog endpoint. The administrator must specify + an endpoint that can receive syslog messages. The expectation is + that the administrator has configured a custom syslog instance. + enum: + - Container + - Syslog + type: string + required: + - type + type: object + httpCaptureCookies: + description: |- + httpCaptureCookies specifies HTTP cookies that should be captured in + access logs. If this field is empty, no cookies are captured. + items: + description: |- + IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be + captured. + properties: + matchType: + description: |- + matchType specifies the type of match to be performed on the cookie + name. Allowed values are "Exact" for an exact string match and + "Prefix" for a string prefix match. If "Exact" is specified, a name + must be specified in the name field. If "Prefix" is provided, a + prefix must be specified in the namePrefix field. For example, + specifying matchType "Prefix" and namePrefix "foo" will capture a + cookie named "foo" or "foobar" but not one named "bar". The first + matching cookie is captured. + enum: + - Exact + - Prefix + type: string + maxLength: + description: |- + maxLength specifies a maximum length of the string that will be + logged, which includes the cookie name, cookie value, and + one-character delimiter. If the log entry exceeds this length, the + value will be truncated in the log message. Note that the ingress + controller may impose a separate bound on the total length of HTTP + headers in a request. + maximum: 1024 + minimum: 1 + type: integer + name: + description: |- + name specifies a cookie name. Its value must be a valid HTTP cookie + name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + namePrefix: + description: |- + namePrefix specifies a cookie name prefix. Its value must be a valid + HTTP cookie name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + required: + - matchType + - maxLength + type: object + maxItems: 1 + nullable: true + type: array + x-kubernetes-list-type: atomic + httpCaptureHeaders: + description: |- + httpCaptureHeaders defines HTTP headers that should be captured in + access logs. If this field is empty, no headers are captured. + + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be captured for TLS passthrough + connections. + properties: + request: + description: |- + request specifies which HTTP request headers to capture. + + If this field is empty, no request headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + response: + description: |- + response specifies which HTTP response headers to capture. + + If this field is empty, no response headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + type: object + httpLogFormat: + description: |- + httpLogFormat specifies the format of the log message for an HTTP + request. + + If this field is empty, log messages use the implementation's default + HTTP log format. For HAProxy's default HTTP log format, see the + HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + + Note that this format only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). It does not affect the log format for TLS passthrough + connections. + type: string + logEmptyRequests: + default: Log + description: |- + logEmptyRequests specifies how connections on which no request is + received should be logged. Typically, these empty requests come from + load balancers' health probes or Web browsers' speculative + connections ("preconnect"), in which case logging these requests may + be undesirable. However, these requests may also be caused by + network errors, in which case logging empty requests may be useful + for diagnosing the errors. In addition, these requests may be caused + by port scans, in which case logging empty requests may aid in + detecting intrusion attempts. Allowed values for this field are + "Log" and "Ignore". The default value is "Log". + enum: + - Log + - Ignore + type: string + required: + - destination + type: object + type: object + namespaceSelector: + description: |- + namespaceSelector is used to filter the set of namespaces serviced by the + ingress controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodePlacement: + description: |- + nodePlacement enables explicit control over the scheduling of the ingress + controller. + + If unset, defaults are used. See NodePlacement for more details. + properties: + nodeSelector: + description: |- + nodeSelector is the node selector applied to ingress controller + deployments. + + If set, the specified selector is used and replaces the default. + + If unset, the default depends on the value of the defaultPlacement + field in the cluster config.openshift.io/v1/ingresses status. + + When defaultPlacement is Workers, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/worker: '' + + When defaultPlacement is ControlPlane, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/master: '' + + These defaults are subject to change. + + Note that using nodeSelector.matchExpressions is not supported. Only + nodeSelector.matchLabels may be used. This is a limitation of the + Kubernetes API: the pod spec does not allow complex expressions for + node selectors. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tolerations: + description: |- + tolerations is a list of tolerations applied to ingress controller + deployments. + + The default is an empty list. + + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + replicas: + description: |- + replicas is the desired number of ingress controller replicas. If unset, + the default depends on the value of the defaultPlacement field in the + cluster config.openshift.io/v1/ingresses status. + + The value of replicas is set based on the value of a chosen field in the + Infrastructure CR. If defaultPlacement is set to ControlPlane, the + chosen field will be controlPlaneTopology. If it is set to Workers the + chosen field will be infrastructureTopology. Replicas will then be set to 1 + or 2 based whether the chosen field's value is SingleReplica or + HighlyAvailable, respectively. + + These defaults are subject to change. + format: int32 + type: integer + routeAdmission: + description: |- + routeAdmission defines a policy for handling new route claims (for example, + to allow or deny claims across namespaces). + + If empty, defaults will be applied. See specific routeAdmission fields + for details about their defaults. + properties: + namespaceOwnership: + description: |- + namespaceOwnership describes how host name claims across namespaces should + be handled. + + Value must be one of: + + - Strict: Do not allow routes in different namespaces to claim the same host. + + - InterNamespaceAllowed: Allow routes to claim different paths of the same + host name across namespaces. + + If empty, the default is Strict. + enum: + - InterNamespaceAllowed + - Strict + type: string + wildcardPolicy: + description: |- + wildcardPolicy describes how routes with wildcard policies should + be handled for the ingress controller. WildcardPolicy controls use + of routes [1] exposed by the ingress controller based on the route's + wildcard policy. + + [1] https://github.com/openshift/api/blob/master/route/v1/types.go + + Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain to stop + working. These routes must be updated to a wildcard policy of None to be + readmitted by the ingress controller. + + WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + + If empty, defaults to "WildcardsDisallowed". + enum: + - WildcardsAllowed + - WildcardsDisallowed + type: string + type: object + routeSelector: + description: |- + routeSelector is used to filter the set of Routes serviced by the ingress + controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. + + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + + Note that when using the Old, Intermediate, and Modern profile types, the effective + profile configuration is subject to change between releases. For example, given + a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade + to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress + controller, resulting in a rollout. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. An example custom profile + looks like this: + + ciphers: + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + minTLSVersion: VersionTLS11 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + minTLSVersion: VersionTLS12 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + minTLSVersion: VersionTLS13 + nullable: true + type: object + old: + description: |- + old is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + - DHE-RSA-CHACHA20-POLY1305 + + - ECDHE-ECDSA-AES128-SHA256 + + - ECDHE-RSA-AES128-SHA256 + + - ECDHE-ECDSA-AES128-SHA + + - ECDHE-RSA-AES128-SHA + + - ECDHE-ECDSA-AES256-SHA384 + + - ECDHE-RSA-AES256-SHA384 + + - ECDHE-ECDSA-AES256-SHA + + - ECDHE-RSA-AES256-SHA + + - DHE-RSA-AES128-SHA256 + + - DHE-RSA-AES256-SHA256 + + - AES128-GCM-SHA256 + + - AES256-GCM-SHA384 + + - AES128-SHA256 + + - AES256-SHA256 + + - AES128-SHA + + - AES256-SHA + + - DES-CBC3-SHA + + minTLSVersion: VersionTLS10 + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides + the ability to specify individual TLS security profile parameters. + Old, Intermediate and Modern are TLS security profiles based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + + The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + reduced. + + Note that the Modern profile is currently not supported because it is not + yet well adopted by common software libraries. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + tuningOptions: + description: |- + tuningOptions defines parameters for adjusting the performance of + ingress controller pods. All fields are optional and will use their + respective defaults if not set. See specific tuningOptions fields for + more details. + + Setting fields within tuningOptions is generally not recommended. The + default values are suitable for most configurations. + properties: + clientFinTimeout: + description: |- + clientFinTimeout defines how long a connection will be held open while + waiting for the client response to the server/backend closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + clientTimeout: + description: |- + clientTimeout defines how long a connection will be held open while + waiting for a client response. + + If unset, the default timeout is 30s + format: duration + type: string + connectTimeout: + description: |- + ConnectTimeout defines the maximum time to wait for + a connection attempt to a server/backend to succeed. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 5s. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + headerBufferBytes: + description: |- + headerBufferBytes describes how much memory should be reserved + (in bytes) for IngressController connection sessions. + Note that this value must be at least 16384 if HTTP/2 is + enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + If this field is empty, the IngressController will use a default value + of 32768 bytes. + + Setting this field is generally not recommended as headerBufferBytes + values that are too small may break the IngressController and + headerBufferBytes values that are too large could cause the + IngressController to use significantly more memory than necessary. + format: int32 + minimum: 16384 + type: integer + headerBufferMaxRewriteBytes: + description: |- + headerBufferMaxRewriteBytes describes how much memory should be reserved + (in bytes) from headerBufferBytes for HTTP header rewriting + and appending for IngressController connection sessions. + Note that incoming HTTP requests will be limited to + (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning + headerBufferBytes must be greater than headerBufferMaxRewriteBytes. + If this field is empty, the IngressController will use a default value + of 8192 bytes. + + Setting this field is generally not recommended as + headerBufferMaxRewriteBytes values that are too small may break the + IngressController and headerBufferMaxRewriteBytes values that are too + large could cause the IngressController to use significantly more memory + than necessary. + format: int32 + minimum: 4096 + type: integer + healthCheckInterval: + description: |- + healthCheckInterval defines how long the router waits between two consecutive + health checks on its configured backends. This value is applied globally as + a default for all routes, but may be overridden per-route by the route annotation + "router.openshift.io/haproxy.health.check.interval". + + Expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Setting this to less than 5s can cause excess traffic due to too frequent + TCP health checks and accompanying SYN packet storms. Alternatively, setting + this too high can result in increased latency, due to backend servers that are no + longer available, but haven't yet been detected as such. + + An empty or zero healthCheckInterval means no opinion and IngressController chooses + a default, which is subject to change over time. + Currently the default healthCheckInterval value is 5s. + + Currently the minimum allowed value is 1s and the maximum allowed value is + 2147483647ms (24.85 days). Both are subject to change over time. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + maxConnections: + description: |- + maxConnections defines the maximum number of simultaneous + connections that can be established per HAProxy process. + Increasing this value allows each ingress controller pod to + handle more connections but at the cost of additional + system resources being consumed. + + Permitted values are: empty, 0, -1, and the range + 2000-2000000. + + If this field is empty or 0, the IngressController will use + the default value of 50000, but the default is subject to + change in future releases. + + If the value is -1 then HAProxy will dynamically compute a + maximum value based on the available ulimits in the running + container. Selecting -1 (i.e., auto) will result in a large + value being computed (~520000 on OpenShift >=4.10 clusters) + and therefore each HAProxy process will incur significant + memory usage compared to the current default of 50000. + + Setting a value that is greater than the current operating + system limit will prevent the HAProxy process from + starting. + + If you choose a discrete value (e.g., 750000) and the + router pod is migrated to a new node, there's no guarantee + that that new node has identical ulimits configured. In + such a scenario the pod would fail to start. If you have + nodes with different ulimits configured (e.g., different + tuned profiles) and you choose a discrete value then the + guidance is to use -1 and let the value be computed + dynamically at runtime. + + You can monitor memory usage for router containers with the + following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. + + You can monitor memory usage of individual HAProxy + processes in router containers with the following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. + format: int32 + type: integer + reloadInterval: + description: |- + reloadInterval defines the minimum interval at which the router is allowed to reload + to accept new changes. Increasing this value can prevent the accumulation of + HAProxy processes, depending on the scenario. Increasing this interval can + also lessen load imbalance on a backend's servers when using the roundrobin + balancing algorithm. Alternatively, decreasing this value may decrease latency + since updates to HAProxy's configuration can take effect more quickly. + + The value must be a time duration value; see . + Currently, the minimum value allowed is 1s, and the maximum allowed value is + 120s. Minimum and maximum allowed values may change in future versions of OpenShift. + Note that if a duration outside of these bounds is provided, the value of reloadInterval + will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to + 120s; the IngressController will not reject and replace this disallowed value with + the default). + + A zero value for reloadInterval tells the IngressController to choose the default, + which is currently 5s and subject to change without notice. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Note: Setting a value significantly larger than the default of 5s can cause latency + in observing updates to routes and their endpoints. HAProxy's configuration will + be reloaded less frequently, and newly created routes will not be served until the + subsequent reload. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + serverFinTimeout: + description: |- + serverFinTimeout defines how long a connection will be held open while + waiting for the server/backend response to the client closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + serverTimeout: + description: |- + serverTimeout defines how long a connection will be held open while + waiting for a server/backend response. + + If unset, the default timeout is 30s + format: duration + type: string + threadCount: + description: |- + threadCount defines the number of threads created per HAProxy process. + Creating more threads allows each ingress controller pod to handle more + connections, at the cost of more system resources being used. HAProxy + currently supports up to 64 threads. If this field is empty, the + IngressController will use the default value. The current default is 4 + threads, but this may change in future releases. + + Setting this field is generally not recommended. Increasing the number + of HAProxy threads allows ingress controller pods to utilize more CPU + time under load, potentially starving other pods if set too high. + Reducing the number of threads may cause the ingress controller to + perform poorly. + format: int32 + maximum: 64 + minimum: 1 + type: integer + tlsInspectDelay: + description: |- + tlsInspectDelay defines how long the router can hold data to find a + matching route. + + Setting this too short can cause the router to fall back to the default + certificate for edge-terminated or reencrypt routes even when a better + matching certificate could be used. + + If unset, the default inspect delay is 5s + format: duration + type: string + tunnelTimeout: + description: |- + tunnelTimeout defines how long a tunnel connection (including + websockets) will be held open while the tunnel is idle. + + If unset, the default timeout is 1h + format: duration + type: string + type: object + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides allows specifying unsupported + configuration options. Its use is unsupported. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the IngressController. + properties: + availableReplicas: + description: |- + availableReplicas is number of observed available replicas according to the + ingress controller deployment. + format: int32 + type: integer + conditions: + description: |- + conditions is a list of conditions and their status. + + Available means the ingress controller deployment is available and + servicing route and ingress resources (i.e, .status.availableReplicas + equals .spec.replicas) + + There are additional conditions which indicate the status of other + ingress controller features and capabilities. + + * LoadBalancerManaged + - True if the following conditions are met: + * The endpoint publishing strategy requires a service load balancer. + - False if any of those conditions are unsatisfied. + + * LoadBalancerReady + - True if the following conditions are met: + * A load balancer is managed. + * The load balancer is ready. + - False if any of those conditions are unsatisfied. + + * DNSManaged + - True if the following conditions are met: + * The endpoint publishing strategy and platform support DNS. + * The ingress controller domain is set. + * dns.config.openshift.io/cluster configures DNS zones. + - False if any of those conditions are unsatisfied. + + * DNSReady + - True if the following conditions are met: + * DNS is managed. + * DNS records have been successfully created. + - False if any of those conditions are unsatisfied. + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + domain: + description: domain is the actual domain in use. + type: string + endpointPublishingStrategy: + description: endpointPublishingStrategy is the actual strategy in + use. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + properties: + eipAllocations: + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. + A maximum of 10 EIP allocations are permitted. + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. + items: + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. + maxLength: 26 + minLength: 26 + type: string + x-kubernetes-validations: + - message: eipAllocations should start with + 'eipalloc-' + rule: self.startsWith('eipalloc-') + - message: eipAllocations must be 'eipalloc-' + followed by exactly 17 hexadecimal characters + (0-9, a-f, A-F) + rule: self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$') + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: eipAllocations cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == y)) + type: object + x-kubernetes-validations: + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids + self.subnets.names) + == size(self.eipAllocations) : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && !has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids) == size(self.eipAllocations) + : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.names) + && !has(self.subnets.ids) && has(self.eipAllocations) + ? size(self.subnets.names) == size(self.eipAllocations) + : true' + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: eipAllocations are forbidden when the scope is Internal. + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) + || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + namespaceSelector: + description: namespaceSelector is the actual namespaceSelector in + use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: observedGeneration is the most recent generation observed. + format: int64 + type: integer + routeSelector: + description: routeSelector is the actual routeSelector in use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector, in string format, for ingress controller pods + corresponding to the IngressController. The number of matching pods should + equal the value of availableReplicas. + type: string + tlsProfile: + description: tlsProfile is the TLS connection configuration that is + in effect. + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/insightsoperators.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/insightsoperators.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..5d36d9e2b --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/insightsoperators.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,376 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1237 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: insights + api.openshift.io/filename-ordering: "00" + feature-gate.release.openshift.io/: "true" + name: insightsoperators.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: InsightsOperator + listKind: InsightsOperatorList + plural: insightsoperators + singular: insightsoperator + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + InsightsOperator holds cluster-wide information about the Insights Operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Insights. + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Insights + operator. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + gatherStatus: + description: |- + gatherStatus provides basic information about the last Insights data gathering. + When omitted, this means no data gathering has taken place yet. + properties: + gatherers: + description: gatherers is a list of active gatherers (and their + statuses) in the last gathering. + items: + description: |- + gathererStatus represents information about a particular + data gatherer. + properties: + conditions: + description: conditions provide details on the status of + each gatherer. + items: + description: Condition contains details for one aspect + of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, + False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in + foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + minItems: 1 + type: array + x-kubernetes-list-type: atomic + lastGatherDuration: + description: lastGatherDuration represents the time spent + gathering. + pattern: ^([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + name: + description: name is the name of the gatherer. + maxLength: 256 + minLength: 5 + type: string + required: + - conditions + - lastGatherDuration + - name + type: object + type: array + x-kubernetes-list-type: atomic + lastGatherDuration: + description: |- + lastGatherDuration is the total time taken to process + all gatherers during the last gather event. + pattern: ^0|([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + lastGatherTime: + description: |- + lastGatherTime is the last time when Insights data gathering finished. + An empty value means that no data has been gathered yet. + format: date-time + type: string + type: object + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + insightsReport: + description: |- + insightsReport provides general Insights analysis results. + When omitted, this means no data gathering has taken place yet. + properties: + downloadedAt: + description: |- + downloadedAt is the time when the last Insights report was downloaded. + An empty value means that there has not been any Insights report downloaded yet and + it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled). + format: date-time + type: string + healthChecks: + description: |- + healthChecks provides basic information about active Insights health checks + in a cluster. + items: + description: healthCheck represents an Insights health check + attributes. + properties: + advisorURI: + description: advisorURI provides the URL link to the Insights + Advisor. + pattern: ^https:\/\/\S+ + type: string + description: + description: description provides basic description of the + healtcheck. + maxLength: 2048 + minLength: 10 + type: string + state: + description: |- + state determines what the current state of the health check is. + Health check is enabled by default and can be disabled + by the user in the Insights advisor user interface. + enum: + - Enabled + - Disabled + type: string + totalRisk: + description: |- + totalRisk of the healthcheck. Indicator of the total risk posed + by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, + and the higher the number, the more important the issue. + format: int32 + maximum: 4 + minimum: 1 + type: integer + required: + - advisorURI + - description + - state + - totalRisk + type: object + type: array + x-kubernetes-list-type: atomic + type: object + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..6586f30a8 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubeapiservers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,313 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_20" + api.openshift.io/filename-operator: kube-apiserver + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: kubeapiservers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: KubeAPIServer + listKind: KubeAPIServerList + plural: kubeapiservers + singular: kubeapiserver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeAPIServer provides information to configure an operator to manage kube-apiserver. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes API Server + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Kubernetes + API Server + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + serviceAccountIssuers: + description: |- + serviceAccountIssuers tracks history of used service account issuers. + The item without expiration time represents the currently used service account issuer. + The other items represents service account issuers that were used previously and are still being trusted. + The default expiration for the items is set by the platform and it defaults to 24h. + see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection + items: + properties: + expirationTime: + description: |- + expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list + of service account issuers. + format: date-time + type: string + name: + description: name is the name of the service account issuer + type: string + type: object + type: array + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..086aa9a37 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubecontrollermanagers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,302 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_25" + api.openshift.io/filename-operator: kube-controller-manager + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: kubecontrollermanagers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: KubeControllerManager + listKind: KubeControllerManagerList + plural: kubecontrollermanagers + singular: kubecontrollermanager + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeControllerManager provides information to configure an operator to manage kube-controller-manager. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes Controller Manager + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMoreSecureServiceCA: + default: false + description: |- + useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only + enough certificates to validate service serving certificates. + Once set to true, it cannot be set to false. + Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will + only have the more secure content. + type: boolean + type: object + status: + description: status is the most recently observed status of the Kubernetes + Controller Manager + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..bca1546d7 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubeschedulers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,293 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_25" + api.openshift.io/filename-operator: kube-scheduler + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: kubeschedulers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: KubeScheduler + listKind: KubeSchedulerList + plural: kubeschedulers + singular: kubescheduler + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeScheduler provides information to configure an operator to manage scheduler. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes Scheduler + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Kubernetes + Scheduler + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + required: + - nodeName + type: object + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubestorageversionmigrators.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubestorageversionmigrators.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..ed3967b90 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/kubestorageversionmigrators.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,209 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/503 + api.openshift.io/filename-cvo-runlevel: "0000_40" + api.openshift.io/filename-operator: kube-storage-version-migrator + api.openshift.io/filename-ordering: "00" + feature-gate.release.openshift.io/: "true" + name: kubestorageversionmigrators.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: KubeStorageVersionMigrator + listKind: KubeStorageVersionMigratorList + plural: kubestorageversionmigrators + singular: kubestorageversionmigrator + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..1cf57e069 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,196 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/filename-cvo-runlevel: "0000_80" + api.openshift.io/filename-operator: machine-config + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: machineconfigurations.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: MachineConfiguration + listKind: MachineConfigurationList + plural: machineconfigurations + singular: machineconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + MachineConfiguration provides information to configure an operator to manage Machine Configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Machine Config Operator + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Machine + Config Operator + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/ManagedBootImages.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/ManagedBootImages.yaml new file mode 100644 index 000000000..676ba0f4c --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/ManagedBootImages.yaml @@ -0,0 +1,320 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/filename-cvo-runlevel: "0000_80" + api.openshift.io/filename-operator: machine-config + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/ManagedBootImages: "true" + name: machineconfigurations.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: MachineConfiguration + listKind: MachineConfigurationList + plural: machineconfigurations + singular: machineconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + MachineConfiguration provides information to configure an operator to manage Machine Configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Machine Config Operator + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managedBootImages: + description: |- + managedBootImages allows configuration for the management of boot images for machine + resources within the cluster. This configuration allows users to select resources that should + be updated to the latest boot images during cluster upgrades, ensuring that new machines + always boot with the current cluster version's boot image. When omitted, no boot images + will be updated. + properties: + machineManagers: + description: |- + machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator + will watch for changes to this list. Only one entry is permitted per type of machine management resource. + items: + description: |- + MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information + such as the resource type and the API Group of the resource. It also provides granular control via the selection field. + properties: + apiGroup: + description: |- + apiGroup is name of the APIGroup that the machine management resource belongs to. + The only current valid value is machine.openshift.io. + machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group. + enum: + - machine.openshift.io + type: string + resource: + description: |- + resource is the machine management resource's type. + The only current valid value is machinesets. + machinesets means that the machine manager will only register resources of the kind MachineSet. + enum: + - machinesets + type: string + selection: + description: selection allows granular control of the machine + management resources that will be registered for boot + image updates. + properties: + mode: + description: |- + mode determines how machine managers will be selected for updates. + Valid values are All and Partial. + All means that every resource matched by the machine manager will be updated. + Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. + enum: + - All + - Partial + type: string + partial: + description: |- + partial provides label selector(s) that can be used to match machine management resources. + Only permitted when mode is set to "Partial". + properties: + machineResourceSelector: + description: machineResourceSelector is a label + selector that can be used to select machine resources + like MachineSets. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - machineResourceSelector + type: object + required: + - mode + type: object + x-kubernetes-validations: + - message: Partial is required when type is partial, and + forbidden otherwise + rule: 'has(self.mode) && self.mode == ''Partial'' ? has(self.partial) + : !has(self.partial)' + required: + - apiGroup + - resource + - selection + type: object + type: array + x-kubernetes-list-map-keys: + - resource + - apiGroup + x-kubernetes-list-type: map + type: object + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Machine + Config Operator + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/NodeDisruptionPolicy.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/NodeDisruptionPolicy.yaml new file mode 100644 index 000000000..2979f029b --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/machineconfigurations.operator.openshift.io/NodeDisruptionPolicy.yaml @@ -0,0 +1,996 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/filename-cvo-runlevel: "0000_80" + api.openshift.io/filename-operator: machine-config + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/NodeDisruptionPolicy: "true" + name: machineconfigurations.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: MachineConfiguration + listKind: MachineConfigurationList + plural: machineconfigurations + singular: machineconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + MachineConfiguration provides information to configure an operator to manage Machine Configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Machine Config Operator + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + nodeDisruptionPolicy: + description: |- + nodeDisruptionPolicy allows an admin to set granular node disruption actions for + MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow + for less downtime when doing small configuration updates to the cluster. This configuration + has no effect on cluster upgrades which will still incur node disruption where required. + properties: + files: + description: |- + files is a list of MachineConfig file definitions and actions to take to changes on those paths + This list supports a maximum of 50 entries. + items: + description: NodeDisruptionPolicySpecFile is a file entry and + corresponding actions to take and is used in the NodeDisruptionPolicyConfig + object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? + has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + path: + description: |- + path is the location of a file being managed through a MachineConfig. + The Actions in the policy will apply to changes to the file at this path. + type: string + required: + - actions + - path + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - path + x-kubernetes-list-type: map + sshkey: + description: |- + sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this + will apply to all sshkey changes in the cluster + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, where + ${SERVICETYPE} must be one of ".service", ".socket", + ".device", ".mount", ".automount", ".swap", + ".target", ".path", ".timer",".snapshot", ".slice" + or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, where + ${SERVICETYPE} must be one of ".service", ".socket", + ".device", ".mount", ".automount", ".swap", + ".target", ".path", ".timer",".snapshot", ".slice" + or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? has(self.restart) + : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) == + 1 : true' + - message: None action can only be specified standalone, as + it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + required: + - actions + type: object + units: + description: |- + units is a list MachineConfig unit definitions and actions to take on changes to those services + This list supports a maximum of 50 entries. + items: + description: NodeDisruptionPolicySpecUnit is a systemd unit + name and corresponding actions to take and is used in the + NodeDisruptionPolicyConfig object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? + has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + name: + description: |- + name represents the service name of a systemd service managed through a MachineConfig + Actions specified will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. Expected + format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} + must be one of ".service", ".socket", ".device", ".mount", + ".automount", ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected format + is ${NAME}${SERVICETYPE}, where {NAME} must be atleast + 1 character long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - actions + - name + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Machine + Config Operator + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + nodeDisruptionPolicyStatus: + description: |- + nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, + and will be used by the Machine Config Daemon during future node updates. + properties: + clusterPolicies: + description: clusterPolicies is a merge of cluster default and + user provided node disruption policies. + properties: + files: + description: files is a list of MachineConfig file definitions + and actions to take to changes on those paths + items: + description: NodeDisruptionPolicyStatusFile is a file entry + and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus + object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to + restart, only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' + ? has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + path: + description: |- + path is the location of a file being managed through a MachineConfig. + The Actions in the policy will apply to changes to the file at this path. + type: string + required: + - actions + - path + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - path + x-kubernetes-list-type: map + sshkey: + description: sshkey is the overall sshkey MachineConfig definition + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? + has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + required: + - actions + type: object + units: + description: units is a list MachineConfig unit definitions + and actions to take on changes to those services + items: + description: NodeDisruptionPolicyStatusUnit is a systemd + unit name and corresponding actions to take and is used + in the NodeDisruptionPolicyClusterStatus object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to + restart, only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' + ? has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + name: + description: |- + name represents the service name of a systemd service managed through a MachineConfig + Actions specified will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. Expected + format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} + must be one of ".service", ".socket", ".device", + ".mount", ".automount", ".swap", ".target", ".path", + ".timer",".snapshot", ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - actions + - name + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..189063b76 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,964 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_70" + api.openshift.io/filename-operator: network + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml new file mode 100644 index 000000000..6e14ebb2e --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/AdditionalRoutingCapabilities.yaml @@ -0,0 +1,1004 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_70" + api.openshift.io/filename-operator: network + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/AdditionalRoutingCapabilities: "true" + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/NetworkLiveMigration.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/NetworkLiveMigration.yaml new file mode 100644 index 000000000..8ff1a6ea4 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/NetworkLiveMigration.yaml @@ -0,0 +1,969 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_70" + api.openshift.io/filename-operator: network + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/NetworkLiveMigration: "true" + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/RouteAdvertisements.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/RouteAdvertisements.yaml new file mode 100644 index 000000000..e4caccb1e --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/networks.operator.openshift.io/RouteAdvertisements.yaml @@ -0,0 +1,980 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_70" + api.openshift.io/filename-operator: network + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/RouteAdvertisements: "true" + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/olms.operator.openshift.io/NewOLM.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/olms.operator.openshift.io/NewOLM.yaml new file mode 100644 index 000000000..3dd5726d3 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/olms.operator.openshift.io/NewOLM.yaml @@ -0,0 +1,216 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1504 + api.openshift.io/filename-cvo-runlevel: "0000_10" + api.openshift.io/filename-operator: operator-lifecycle-manager + api.openshift.io/filename-ordering: "01" + capability.openshift.io/name: OperatorLifecycleManagerV1 + feature-gate.release.openshift.io/NewOLM: "true" + name: olms.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: OLM + listKind: OLMList + plural: olms + singular: olm + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + OLM provides information to configure an operator to manage the OLM controllers + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + x-kubernetes-validations: + - message: olm is a singleton, .metadata.name must be 'cluster' + rule: self.metadata.name == 'cluster' + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/openshiftapiservers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/openshiftapiservers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..10801279e --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/openshiftapiservers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,214 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_30" + api.openshift.io/filename-operator: openshift-apiserver + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: openshiftapiservers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: OpenShiftAPIServer + listKind: OpenShiftAPIServerList + plural: openshiftapiservers + singular: openshiftapiserver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + OpenShift API Server. + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status defines the observed status of the OpenShift API Server. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/openshiftcontrollermanagers.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/openshiftcontrollermanagers.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..ac18ab244 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/openshiftcontrollermanagers.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,211 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: openshift-controller-manager + api.openshift.io/filename-ordering: "02" + feature-gate.release.openshift.io/: "true" + name: openshiftcontrollermanagers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: OpenShiftControllerManager + listKind: OpenShiftControllerManagerList + plural: openshiftcontrollermanagers + singular: openshiftcontrollermanager + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/servicecas.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/servicecas.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..74540cb1f --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/servicecas.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,212 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: service-ca + api.openshift.io/filename-ordering: "02" + feature-gate.release.openshift.io/: "true" + name: servicecas.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: ServiceCA + listKind: ServiceCAList + plural: servicecas + singular: serviceca + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ServiceCA provides information to configure an operator to manage the service cert controllers + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/storages.operator.openshift.io/AAA_ungated.yaml b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/storages.operator.openshift.io/AAA_ungated.yaml new file mode 100644 index 000000000..eeda8583a --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.featuregated-crd-manifests/storages.operator.openshift.io/AAA_ungated.yaml @@ -0,0 +1,228 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/670 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: storage + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/: "true" + name: storages.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Storage + listKind: StorageList + plural: storages + singular: storage + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + vsphereStorageDriver: + description: |- + VSphereStorageDriver indicates the storage driver to use on VSphere clusters. + Once this field is set to CSIWithMigrationDriver, it can not be changed. + If this is empty, the platform will choose a good default, + which may change over time without notice. + The current default is CSIWithMigrationDriver and may not be changed. + DEPRECATED: This field will be removed in a future release. + enum: + - "" + - LegacyDeprecatedInTreeDriver + - CSIWithMigrationDriver + type: string + x-kubernetes-validations: + - message: VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver + rule: self != "LegacyDeprecatedInTreeDriver" + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/schemes/machineconfiguration/mctypes/zz_generated.swagger_doc_generated.go b/pkg/schemes/machineconfiguration/mctypes/zz_generated.swagger_doc_generated.go new file mode 100644 index 000000000..780ac7a70 --- /dev/null +++ b/pkg/schemes/machineconfiguration/mctypes/zz_generated.swagger_doc_generated.go @@ -0,0 +1,2077 @@ +package mctypes + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_GenerationStatus = map[string]string{ + "": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "group": "group is the group of the thing you're tracking", + "resource": "resource is the resource type of the thing you're tracking", + "namespace": "namespace is where the thing you're tracking is", + "name": "name is the name of the thing you're tracking", + "lastGeneration": "lastGeneration is the last generation of the workload controller involved", + "hash": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", +} + +func (GenerationStatus) SwaggerDoc() map[string]string { + return map_GenerationStatus +} + +var map_MyOperatorResource = map[string]string{ + "": "MyOperatorResource is an example operator configuration type\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (MyOperatorResource) SwaggerDoc() map[string]string { + return map_MyOperatorResource +} + +var map_NodeStatus = map[string]string{ + "": "NodeStatus provides information about the current state of a particular node managed by this operator.", + "nodeName": "nodeName is the name of the node", + "currentRevision": "currentRevision is the generation of the most recently successful deployment", + "targetRevision": "targetRevision is the generation of the deployment we're trying to apply", + "lastFailedRevision": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", + "lastFailedTime": "lastFailedTime is the time the last failed revision failed the last time.", + "lastFailedReason": "lastFailedReason is a machine readable failure reason string.", + "lastFailedCount": "lastFailedCount is how often the installer pod of the last failed revision failed.", + "lastFallbackCount": "lastFallbackCount is how often a fallback to a previous revision happened.", + "lastFailedRevisionErrors": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", +} + +func (NodeStatus) SwaggerDoc() map[string]string { + return map_NodeStatus +} + +var map_OperatorCondition = map[string]string{ + "": "OperatorCondition is just the standard condition fields.", + "type": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "status": "status of the condition, one of True, False, Unknown.", + "lastTransitionTime": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", +} + +func (OperatorCondition) SwaggerDoc() map[string]string { + return map_OperatorCondition +} + +var map_OperatorSpec = map[string]string{ + "": "OperatorSpec contains common fields operators need. It is intended to be anonymous included inside of the Spec struct for your particular operator.", + "managementState": "managementState indicates whether and how the operator should manage the component", + "logLevel": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "operatorLogLevel": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "unsupportedConfigOverrides": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "observedConfig": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", +} + +func (OperatorSpec) SwaggerDoc() map[string]string { + return map_OperatorSpec +} + +var map_OperatorStatus = map[string]string{ + "observedGeneration": "observedGeneration is the last generation change you've dealt with", + "conditions": "conditions is a list of conditions and their status", + "version": "version is the level this availability applies to", + "readyReplicas": "readyReplicas indicates how many replicas are ready and at the desired state", + "latestAvailableRevision": "latestAvailableRevision is the deploymentID of the most recent deployment", + "generations": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", +} + +func (OperatorStatus) SwaggerDoc() map[string]string { + return map_OperatorStatus +} + +var map_StaticPodOperatorSpec = map[string]string{ + "": "StaticPodOperatorSpec is spec for controllers that manage static pods.", + "forceRedeploymentReason": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "failedRevisionLimit": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "succeededRevisionLimit": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", +} + +func (StaticPodOperatorSpec) SwaggerDoc() map[string]string { + return map_StaticPodOperatorSpec +} + +var map_StaticPodOperatorStatus = map[string]string{ + "": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked.", + "latestAvailableRevisionReason": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "nodeStatuses": "nodeStatuses track the deployment values and errors across individual nodes", +} + +func (StaticPodOperatorStatus) SwaggerDoc() map[string]string { + return map_StaticPodOperatorStatus +} + +var map_Authentication = map[string]string{ + "": "Authentication provides information to configure an operator to manage authentication.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (Authentication) SwaggerDoc() map[string]string { + return map_Authentication +} + +var map_AuthenticationList = map[string]string{ + "": "AuthenticationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (AuthenticationList) SwaggerDoc() map[string]string { + return map_AuthenticationList +} + +var map_AuthenticationStatus = map[string]string{ + "oauthAPIServer": "OAuthAPIServer holds status specific only to oauth-apiserver", +} + +func (AuthenticationStatus) SwaggerDoc() map[string]string { + return map_AuthenticationStatus +} + +var map_OAuthAPIServerStatus = map[string]string{ + "latestAvailableRevision": "LatestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", +} + +func (OAuthAPIServerStatus) SwaggerDoc() map[string]string { + return map_OAuthAPIServerStatus +} + +var map_CloudCredential = map[string]string{ + "": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (CloudCredential) SwaggerDoc() map[string]string { + return map_CloudCredential +} + +var map_CloudCredentialList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (CloudCredentialList) SwaggerDoc() map[string]string { + return map_CloudCredentialList +} + +var map_CloudCredentialSpec = map[string]string{ + "": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", + "credentialsMode": "CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", +} + +func (CloudCredentialSpec) SwaggerDoc() map[string]string { + return map_CloudCredentialSpec +} + +var map_CloudCredentialStatus = map[string]string{ + "": "CloudCredentialStatus defines the observed status of the cloud-credential-operator.", +} + +func (CloudCredentialStatus) SwaggerDoc() map[string]string { + return map_CloudCredentialStatus +} + +var map_Config = map[string]string{ + "": "Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the Config Operator.", + "status": "status defines the observed status of the Config Operator.", +} + +func (Config) SwaggerDoc() map[string]string { + return map_Config +} + +var map_ConfigList = map[string]string{ + "": "ConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (ConfigList) SwaggerDoc() map[string]string { + return map_ConfigList +} + +var map_AddPage = map[string]string{ + "": "AddPage allows customizing actions on the Add page in developer perspective.", + "disabledActions": "disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.", +} + +func (AddPage) SwaggerDoc() map[string]string { + return map_AddPage +} + +var map_Capability = map[string]string{ + "": "Capabilities contains set of UI capabilities and their state in the console UI.", + "name": "name is the unique name of a capability. Available capabilities are LightspeedButton and GettingStartedBanner.", + "visibility": "visibility defines the visibility state of the capability.", +} + +func (Capability) SwaggerDoc() map[string]string { + return map_Capability +} + +var map_CapabilityVisibility = map[string]string{ + "": "CapabilityVisibility defines the criteria to enable/disable a capability.", + "state": "state defines if the capability is enabled or disabled in the console UI. Enabling the capability in the console UI is represented by the \"Enabled\" value. Disabling the capability in the console UI is represented by the \"Disabled\" value.", +} + +func (CapabilityVisibility) SwaggerDoc() map[string]string { + return map_CapabilityVisibility +} + +var map_Console = map[string]string{ + "": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (Console) SwaggerDoc() map[string]string { + return map_Console +} + +var map_ConsoleConfigRoute = map[string]string{ + "": "ConsoleConfigRoute holds information on external route access to console. DEPRECATED", + "hostname": "hostname is the desired custom domain under which console will be available.", + "secret": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", +} + +func (ConsoleConfigRoute) SwaggerDoc() map[string]string { + return map_ConsoleConfigRoute +} + +var map_ConsoleCustomization = map[string]string{ + "": "ConsoleCustomization defines a list of optional configuration for the console UI.", + "capabilities": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton and GettingStartedBanner. Each of the available capabilities may appear only once in the list.", + "brand": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", + "documentationBaseURL": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", + "customProductName": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", + "customLogoFile": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred", + "developerCatalog": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", + "projectAccess": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", + "quickStarts": "quickStarts allows customization of available ConsoleQuickStart resources in console.", + "addPage": "addPage allows customizing actions on the Add page in developer perspective.", + "perspectives": "perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.", +} + +func (ConsoleCustomization) SwaggerDoc() map[string]string { + return map_ConsoleCustomization +} + +var map_ConsoleList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ConsoleList) SwaggerDoc() map[string]string { + return map_ConsoleList +} + +var map_ConsoleProviders = map[string]string{ + "": "ConsoleProviders defines a list of optional additional providers of functionality to the console.", + "statuspage": "statuspage contains ID for statuspage.io page that provides status info about.", +} + +func (ConsoleProviders) SwaggerDoc() map[string]string { + return map_ConsoleProviders +} + +var map_ConsoleSpec = map[string]string{ + "": "ConsoleSpec is the specification of the desired behavior of the Console.", + "customization": "customization is used to optionally provide a small set of customization options to the web console.", + "providers": "providers contains configuration for using specific service providers.", + "route": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED", + "plugins": "plugins defines a list of enabled console plugin names.", + "ingress": "ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.", +} + +func (ConsoleSpec) SwaggerDoc() map[string]string { + return map_ConsoleSpec +} + +var map_ConsoleStatus = map[string]string{ + "": "ConsoleStatus defines the observed status of the Console.", +} + +func (ConsoleStatus) SwaggerDoc() map[string]string { + return map_ConsoleStatus +} + +var map_DeveloperConsoleCatalogCategory = map[string]string{ + "": "DeveloperConsoleCatalogCategory for the developer console catalog.", + "subcategories": "subcategories defines a list of child categories.", +} + +func (DeveloperConsoleCatalogCategory) SwaggerDoc() map[string]string { + return map_DeveloperConsoleCatalogCategory +} + +var map_DeveloperConsoleCatalogCategoryMeta = map[string]string{ + "": "DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.", + "id": "ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "label": "label defines a category display label. It is required and must have 1-64 characters.", + "tags": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", +} + +func (DeveloperConsoleCatalogCategoryMeta) SwaggerDoc() map[string]string { + return map_DeveloperConsoleCatalogCategoryMeta +} + +var map_DeveloperConsoleCatalogCustomization = map[string]string{ + "": "DeveloperConsoleCatalogCustomization allow cluster admin to configure developer catalog.", + "categories": "categories which are shown in the developer catalog.", + "types": "types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.", +} + +func (DeveloperConsoleCatalogCustomization) SwaggerDoc() map[string]string { + return map_DeveloperConsoleCatalogCustomization +} + +var map_DeveloperConsoleCatalogTypes = map[string]string{ + "": "DeveloperConsoleCatalogTypes defines the state of the sub-catalog types.", + "state": "state defines if a list of catalog types should be enabled or disabled.", + "enabled": "enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.", + "disabled": "disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.", +} + +func (DeveloperConsoleCatalogTypes) SwaggerDoc() map[string]string { + return map_DeveloperConsoleCatalogTypes +} + +var map_Ingress = map[string]string{ + "": "Ingress allows cluster admin to configure alternative ingress for the console.", + "consoleURL": "consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", + "clientDownloadsURL": "clientDownloadsURL is a URL to be used as the address to download client binaries. If not specified, the downloads route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", +} + +func (Ingress) SwaggerDoc() map[string]string { + return map_Ingress +} + +var map_Perspective = map[string]string{ + "": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", + "id": "id defines the id of the perspective. Example: \"dev\", \"admin\". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.", + "visibility": "visibility defines the state of perspective along with access review checks if needed for that perspective.", + "pinnedResources": "pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.", +} + +func (Perspective) SwaggerDoc() map[string]string { + return map_Perspective +} + +var map_PerspectiveVisibility = map[string]string{ + "": "PerspectiveVisibility defines the criteria to show/hide a perspective", + "state": "state defines the perspective is enabled or disabled or access review check is required.", + "accessReview": "accessReview defines required and missing access review checks.", +} + +func (PerspectiveVisibility) SwaggerDoc() map[string]string { + return map_PerspectiveVisibility +} + +var map_PinnedResourceReference = map[string]string{ + "": "PinnedResourceReference includes the group, version and type of resource", + "group": "group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + "version": "version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: \"v1\", \"v1beta1\", etc.", + "resource": "resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", +} + +func (PinnedResourceReference) SwaggerDoc() map[string]string { + return map_PinnedResourceReference +} + +var map_ProjectAccess = map[string]string{ + "": "ProjectAccess contains options for project access roles", + "availableClusterRoles": "availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.", +} + +func (ProjectAccess) SwaggerDoc() map[string]string { + return map_ProjectAccess +} + +var map_QuickStarts = map[string]string{ + "": "QuickStarts allow cluster admins to customize available ConsoleQuickStart resources.", + "disabled": "disabled is a list of ConsoleQuickStart resource names that are not shown to users.", +} + +func (QuickStarts) SwaggerDoc() map[string]string { + return map_QuickStarts +} + +var map_ResourceAttributesAccessReview = map[string]string{ + "": "ResourceAttributesAccessReview defines the visibility of the perspective depending on the access review checks. `required` and `missing` can work together esp. in the case where the cluster admin wants to show another perspective to users without specific permissions. Out of `required` and `missing` atleast one property should be non-empty.", + "required": "required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.", + "missing": "missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.", +} + +func (ResourceAttributesAccessReview) SwaggerDoc() map[string]string { + return map_ResourceAttributesAccessReview +} + +var map_StatuspageProvider = map[string]string{ + "": "StatuspageProvider provides identity for statuspage account.", + "pageID": "pageID is the unique ID assigned by Statuspage for your page. This must be a public page.", +} + +func (StatuspageProvider) SwaggerDoc() map[string]string { + return map_StatuspageProvider +} + +var map_AWSCSIDriverConfigSpec = map[string]string{ + "": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", + "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", + "efsVolumeMetrics": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", +} + +func (AWSCSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_AWSCSIDriverConfigSpec +} + +var map_AWSEFSVolumeMetrics = map[string]string{ + "": "AWSEFSVolumeMetrics defines the configuration for volume metrics in the EFS CSI Driver.", + "state": "state defines the state of metric collection in the AWS EFS CSI Driver. This field is required and must be set to one of the following values: Disabled or RecursiveWalk. Disabled means no metrics collection will be performed. This is the default value. RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. This process may result in high CPU and memory usage, depending on the volume size.", + "recursiveWalk": "recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.", +} + +func (AWSEFSVolumeMetrics) SwaggerDoc() map[string]string { + return map_AWSEFSVolumeMetrics +} + +var map_AWSEFSVolumeMetricsRecursiveWalkConfig = map[string]string{ + "": "AWSEFSVolumeMetricsRecursiveWalkConfig defines options for volume metrics in the EFS CSI Driver.", + "refreshPeriodMinutes": "refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 240. The valid range is from 1 to 43200 minutes (30 days).", + "fsRateLimit": "fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 5. The valid range is from 1 to 100 goroutines.", +} + +func (AWSEFSVolumeMetricsRecursiveWalkConfig) SwaggerDoc() map[string]string { + return map_AWSEFSVolumeMetricsRecursiveWalkConfig +} + +var map_AzureCSIDriverConfigSpec = map[string]string{ + "": "AzureCSIDriverConfigSpec defines properties that can be configured for the Azure CSI driver.", + "diskEncryptionSet": "diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.", +} + +func (AzureCSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_AzureCSIDriverConfigSpec +} + +var map_AzureDiskEncryptionSet = map[string]string{ + "": "AzureDiskEncryptionSet defines the configuration for a disk encryption set.", + "subscriptionID": "subscriptionID defines the Azure subscription that contains the disk encryption set. The value should meet the following conditions: 1. It should be a 128-bit number. 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. 3. It should be displayed in five groups separated by hyphens (-). 4. The first group should be 8 characters long. 5. The second, third, and fourth groups should be 4 characters long. 6. The fifth group should be 12 characters long. An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378", + "resourceGroup": "resourceGroup defines the Azure resource group that contains the disk encryption set. The value should consist of only alphanumberic characters, underscores (_), parentheses, hyphens and periods. The value should not end in a period and be at most 90 characters in length.", + "name": "name is the name of the disk encryption set that will be set on the default storage class. The value should consist of only alphanumberic characters, underscores (_), hyphens, and be at most 80 characters in length.", +} + +func (AzureDiskEncryptionSet) SwaggerDoc() map[string]string { + return map_AzureDiskEncryptionSet +} + +var map_CSIDriverConfigSpec = map[string]string{ + "": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", + "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", + "aws": "aws is used to configure the AWS CSI driver.", + "azure": "azure is used to configure the Azure CSI driver.", + "gcp": "gcp is used to configure the GCP CSI driver.", + "ibmcloud": "ibmcloud is used to configure the IBM Cloud CSI driver.", + "vSphere": "vsphere is used to configure the vsphere CSI driver.", +} + +func (CSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_CSIDriverConfigSpec +} + +var map_ClusterCSIDriver = map[string]string{ + "": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (ClusterCSIDriver) SwaggerDoc() map[string]string { + return map_ClusterCSIDriver +} + +var map_ClusterCSIDriverList = map[string]string{ + "": "ClusterCSIDriverList contains a list of ClusterCSIDriver\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ClusterCSIDriverList) SwaggerDoc() map[string]string { + return map_ClusterCSIDriverList +} + +var map_ClusterCSIDriverSpec = map[string]string{ + "": "ClusterCSIDriverSpec is the desired behavior of CSI driver operator", + "storageClassState": "StorageClassState determines if CSI operator should create and manage storage classes. If this field value is empty or Managed - CSI operator will continuously reconcile storage class and create if necessary. If this field value is Unmanaged - CSI operator will not reconcile any previously created storage class. If this field value is Removed - CSI operator will delete the storage class it created previously. When omitted, this means the user has no opinion and the platform chooses a reasonable default, which is subject to change over time. The current default behaviour is Managed.", + "driverConfig": "driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", +} + +func (ClusterCSIDriverSpec) SwaggerDoc() map[string]string { + return map_ClusterCSIDriverSpec +} + +var map_ClusterCSIDriverStatus = map[string]string{ + "": "ClusterCSIDriverStatus is the observed status of CSI driver operator", +} + +func (ClusterCSIDriverStatus) SwaggerDoc() map[string]string { + return map_ClusterCSIDriverStatus +} + +var map_GCPCSIDriverConfigSpec = map[string]string{ + "": "GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver.", + "kmsKey": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.", +} + +func (GCPCSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_GCPCSIDriverConfigSpec +} + +var map_GCPKMSKeyReference = map[string]string{ + "": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", + "name": "name is the name of the customer-managed encryption key to be used for disk encryption. The value should correspond to an existing KMS key and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", + "keyRing": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to. The value should correspond to an existing KMS key ring and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", + "projectID": "projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.", + "location": "location is the GCP location in which the Key Ring exists. The value must match an existing GCP location, or \"global\". Defaults to global, if not set.", +} + +func (GCPKMSKeyReference) SwaggerDoc() map[string]string { + return map_GCPKMSKeyReference +} + +var map_IBMCloudCSIDriverConfigSpec = map[string]string{ + "": "IBMCloudCSIDriverConfigSpec defines the properties that can be configured for the IBM Cloud CSI driver.", + "encryptionKeyCRN": "encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.", +} + +func (IBMCloudCSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_IBMCloudCSIDriverConfigSpec +} + +var map_VSphereCSIDriverConfigSpec = map[string]string{ + "": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", + "topologyCategories": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", + "globalMaxSnapshotsPerBlockVolume": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", + "granularMaxSnapshotsPerBlockVolumeInVSAN": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.", + "granularMaxSnapshotsPerBlockVolumeInVVOL": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.", +} + +func (VSphereCSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_VSphereCSIDriverConfigSpec +} + +var map_CSISnapshotController = map[string]string{ + "": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (CSISnapshotController) SwaggerDoc() map[string]string { + return map_CSISnapshotController +} + +var map_CSISnapshotControllerList = map[string]string{ + "": "CSISnapshotControllerList contains a list of CSISnapshotControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (CSISnapshotControllerList) SwaggerDoc() map[string]string { + return map_CSISnapshotControllerList +} + +var map_CSISnapshotControllerSpec = map[string]string{ + "": "CSISnapshotControllerSpec is the specification of the desired behavior of the CSISnapshotController operator.", +} + +func (CSISnapshotControllerSpec) SwaggerDoc() map[string]string { + return map_CSISnapshotControllerSpec +} + +var map_CSISnapshotControllerStatus = map[string]string{ + "": "CSISnapshotControllerStatus defines the observed status of the CSISnapshotController operator.", +} + +func (CSISnapshotControllerStatus) SwaggerDoc() map[string]string { + return map_CSISnapshotControllerStatus +} + +var map_DNS = map[string]string{ + "": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster.\n\nThis supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md\n\nMore details: https://kubernetes.io/docs/tasks/administer-cluster/coredns\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the DNS.", + "status": "status is the most recently observed status of the DNS.", +} + +func (DNS) SwaggerDoc() map[string]string { + return map_DNS +} + +var map_DNSCache = map[string]string{ + "": "DNSCache defines the fields for configuring DNS caching.", + "positiveTTL": "positiveTTL is optional and specifies the amount of time that a positive response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", + "negativeTTL": "negativeTTL is optional and specifies the amount of time that a negative response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", +} + +func (DNSCache) SwaggerDoc() map[string]string { + return map_DNSCache +} + +var map_DNSList = map[string]string{ + "": "DNSList contains a list of DNS\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (DNSList) SwaggerDoc() map[string]string { + return map_DNSList +} + +var map_DNSNodePlacement = map[string]string{ + "": "DNSNodePlacement describes the node scheduling configuration for DNS pods.", + "nodeSelector": "nodeSelector is the node selector applied to DNS pods.\n\nIf empty, the default is used, which is currently the following:\n\n kubernetes.io/os: linux\n\nThis default is subject to change.\n\nIf set, the specified selector is used and replaces the default.", + "tolerations": "tolerations is a list of tolerations applied to DNS pods.\n\nIf empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable.\n\nNote that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", +} + +func (DNSNodePlacement) SwaggerDoc() map[string]string { + return map_DNSNodePlacement +} + +var map_DNSOverTLSConfig = map[string]string{ + "": "DNSOverTLSConfig describes optional DNSTransportConfig fields that should be captured.", + "serverName": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", + "caBundle": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers.\n\n1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", +} + +func (DNSOverTLSConfig) SwaggerDoc() map[string]string { + return map_DNSOverTLSConfig +} + +var map_DNSSpec = map[string]string{ + "": "DNSSpec is the specification of the desired behavior of the DNS.", + "servers": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", + "upstreamResolvers": "upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (\".\") server\n\nIf this field is not specified, the upstream used will default to /etc/resolv.conf, with policy \"sequential\"", + "nodePlacement": "nodePlacement provides explicit control over the scheduling of DNS pods.\n\nGenerally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint.\n\nIf unset, defaults are used. See nodePlacement for more details.", + "managementState": "managementState indicates whether the DNS operator should manage cluster DNS", + "operatorLogLevel": "operatorLogLevel controls the logging level of the DNS Operator. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\". setting operatorLogLevel: Trace will produce extremely verbose logs.", + "logLevel": "logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses.\n Setting logLevel: Trace will produce extremely verbose logs.\nValid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\".", + "cache": "cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.", +} + +func (DNSSpec) SwaggerDoc() map[string]string { + return map_DNSSpec +} + +var map_DNSStatus = map[string]string{ + "": "DNSStatus defines the observed status of the DNS.", + "clusterIP": "clusterIP is the service IP through which this DNS is made available.\n\nIn the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy.\n\nIn general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "clusterDomain": "clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\"\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service", + "conditions": "conditions provide information about the state of the DNS on the cluster.\n\nThese are the supported DNS conditions:\n\n * Available\n - True if the following conditions are met:\n * DNS controller daemonset is available.\n - False if any of those conditions are unsatisfied.", +} + +func (DNSStatus) SwaggerDoc() map[string]string { + return map_DNSStatus +} + +var map_DNSTransportConfig = map[string]string{ + "": "DNSTransportConfig groups related configuration parameters used for configuring forwarding to upstream resolvers that support DNS-over-TLS.", + "transport": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s).\n\nPossible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", + "tls": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", +} + +func (DNSTransportConfig) SwaggerDoc() map[string]string { + return map_DNSTransportConfig +} + +var map_ForwardPlugin = map[string]string{ + "": "ForwardPlugin defines a schema for configuring the CoreDNS forward plugin.", + "upstreams": "upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin.", + "policy": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Random\"", + "transportConfig": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", + "protocolStrategy": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", +} + +func (ForwardPlugin) SwaggerDoc() map[string]string { + return map_ForwardPlugin +} + +var map_Server = map[string]string{ + "": "Server defines the schema for a server that runs per instance of CoreDNS.", + "name": "name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335.", + "zones": "zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., \"cluster.local\") is invalid.", + "forwardPlugin": "forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.", +} + +func (Server) SwaggerDoc() map[string]string { + return map_Server +} + +var map_Upstream = map[string]string{ + "": "Upstream can either be of type SystemResolvConf, or of type Network.\n\n - For an Upstream of type SystemResolvConf, no further fields are necessary:\n The upstream will be configured to use /etc/resolv.conf.\n - For an Upstream of type Network, a NetworkResolver field needs to be defined\n with an IP address or IP:port if the upstream listens on a port other than 53.", + "type": "Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network.\n\n* When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined:\n /etc/resolv.conf will be used\n* When Network is used, the Upstream structure must contain at least an Address", + "address": "Address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.", + "port": "Port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535", +} + +func (Upstream) SwaggerDoc() map[string]string { + return map_Upstream +} + +var map_UpstreamResolvers = map[string]string{ + "": "UpstreamResolvers defines a schema for configuring the CoreDNS forward plugin in the specific case of the default (\".\") server. It defers from ForwardPlugin in the default values it accepts: * At least one upstream should be specified. * the default policy is Sequential", + "upstreams": "Upstreams is a list of resolvers to forward name queries for the \".\" domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default", + "policy": "Policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Sequential\"", + "transportConfig": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", + "protocolStrategy": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", +} + +func (UpstreamResolvers) SwaggerDoc() map[string]string { + return map_UpstreamResolvers +} + +var map_Etcd = map[string]string{ + "": "Etcd provides information to configure an operator to manage etcd.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (Etcd) SwaggerDoc() map[string]string { + return map_Etcd +} + +var map_EtcdList = map[string]string{ + "": "KubeAPISOperatorConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (EtcdList) SwaggerDoc() map[string]string { + return map_EtcdList +} + +var map_EtcdSpec = map[string]string{ + "controlPlaneHardwareSpeed": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.", + "backendQuotaGiB": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 32. When not specified, the default value is 8.", +} + +func (EtcdSpec) SwaggerDoc() map[string]string { + return map_EtcdSpec +} + +var map_AWSClassicLoadBalancerParameters = map[string]string{ + "": "AWSClassicLoadBalancerParameters holds configuration parameters for an AWS Classic load balancer.", + "connectionIdleTimeout": "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", + "subnets": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", +} + +func (AWSClassicLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_AWSClassicLoadBalancerParameters +} + +var map_AWSLoadBalancerParameters = map[string]string{ + "": "AWSLoadBalancerParameters provides configuration settings that are specific to AWS load balancers.", + "type": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", + "classicLoadBalancer": "classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.", + "networkLoadBalancer": "networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.", +} + +func (AWSLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_AWSLoadBalancerParameters +} + +var map_AWSNetworkLoadBalancerParameters = map[string]string{ + "": "AWSNetworkLoadBalancerParameters holds configuration parameters for an AWS Network load balancer. For Example: Setting AWS EIPs https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html", + "subnets": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", + "eipAllocations": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply:\n\neipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.", +} + +func (AWSNetworkLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_AWSNetworkLoadBalancerParameters +} + +var map_AWSSubnets = map[string]string{ + "": "AWSSubnets contains a list of references to AWS subnets by ID or name.", + "ids": "ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with \"subnet-\", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", + "names": "names specifies a list of AWS subnets by subnet name. Subnet names must not start with \"subnet-\", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", +} + +func (AWSSubnets) SwaggerDoc() map[string]string { + return map_AWSSubnets +} + +var map_AccessLogging = map[string]string{ + "": "AccessLogging describes how client requests should be logged.", + "destination": "destination is where access logs go.", + "httpLogFormat": "httpLogFormat specifies the format of the log message for an HTTP request.\n\nIf this field is empty, log messages use the implementation's default HTTP log format. For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections.", + "httpCaptureHeaders": "httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.", + "httpCaptureCookies": "httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured.", + "logEmptyRequests": "logEmptyRequests specifies how connections on which no request is received should be logged. Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\"), in which case logging these requests may be undesirable. However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. Allowed values for this field are \"Log\" and \"Ignore\". The default value is \"Log\".", +} + +func (AccessLogging) SwaggerDoc() map[string]string { + return map_AccessLogging +} + +var map_ClientTLS = map[string]string{ + "": "ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.", + "clientCertificatePolicy": "clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values \"Required\" or \"Optional\".\n\nNote that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.", + "clientCA": "clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client's certificate. The administrator must create this configmap in the openshift-config namespace.", + "allowedSubjectPatterns": "allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.", +} + +func (ClientTLS) SwaggerDoc() map[string]string { + return map_ClientTLS +} + +var map_ContainerLoggingDestinationParameters = map[string]string{ + "": "ContainerLoggingDestinationParameters describes parameters for the Container logging destination type.", + "maxLength": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 8192, inclusive.\n\nWhen omitted, the default value is 1024.", +} + +func (ContainerLoggingDestinationParameters) SwaggerDoc() map[string]string { + return map_ContainerLoggingDestinationParameters +} + +var map_EndpointPublishingStrategy = map[string]string{ + "": "EndpointPublishingStrategy is a way to publish the endpoints of an IngressController, and represents the type and any additional configuration for a specific type.", + "type": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service's external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller is deployed.\n\nIn this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.", + "loadBalancer": "loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.", + "hostNetwork": "hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.", + "private": "private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.", + "nodePort": "nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.", +} + +func (EndpointPublishingStrategy) SwaggerDoc() map[string]string { + return map_EndpointPublishingStrategy +} + +var map_GCPLoadBalancerParameters = map[string]string{ + "": "GCPLoadBalancerParameters provides configuration settings that are specific to GCP load balancers.", + "clientAccess": "clientAccess describes how client access is restricted for internal load balancers.\n\nValid values are: * \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", +} + +func (GCPLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_GCPLoadBalancerParameters +} + +var map_HTTPCompressionPolicy = map[string]string{ + "": "httpCompressionPolicy turns on compression for the specified MIME types.\n\nThis field is optional, and its absence implies that compression should not be enabled globally in HAProxy.\n\nIf httpCompressionPolicy exists, compression should be enabled only for the specified MIME types.", + "mimeTypes": "mimeTypes is a list of MIME types that should have compression applied. This list can be empty, in which case the ingress controller does not apply compression.\n\nNote: Not all MIME types benefit from compression, but HAProxy will still use resources to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) formats benefit from compression, but formats that are already compressed (image, audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2", +} + +func (HTTPCompressionPolicy) SwaggerDoc() map[string]string { + return map_HTTPCompressionPolicy +} + +var map_HostNetworkStrategy = map[string]string{ + "": "HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing strategy.", + "protocol": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", + "httpPort": "httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.", + "httpsPort": "httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.", + "statsPort": "statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.", +} + +func (HostNetworkStrategy) SwaggerDoc() map[string]string { + return map_HostNetworkStrategy +} + +var map_IBMLoadBalancerParameters = map[string]string{ + "": "IBMLoadBalancerParameters provides configuration settings that are specific to IBM Cloud load balancers.", + "protocol": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.", +} + +func (IBMLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_IBMLoadBalancerParameters +} + +var map_IngressController = map[string]string{ + "": "IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each field for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the IngressController.", + "status": "status is the most recently observed status of the IngressController.", +} + +func (IngressController) SwaggerDoc() map[string]string { + return map_IngressController +} + +var map_IngressControllerCaptureHTTPCookie = map[string]string{ + "": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be captured.", + "maxLength": "maxLength specifies a maximum length of the string that will be logged, which includes the cookie name, cookie value, and one-character delimiter. If the log entry exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", +} + +func (IngressControllerCaptureHTTPCookie) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPCookie +} + +var map_IngressControllerCaptureHTTPCookieUnion = map[string]string{ + "": "IngressControllerCaptureHTTPCookieUnion describes optional fields of an HTTP cookie that should be captured.", + "matchType": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", + "name": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "namePrefix": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", +} + +func (IngressControllerCaptureHTTPCookieUnion) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPCookieUnion +} + +var map_IngressControllerCaptureHTTPHeader = map[string]string{ + "": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be captured.", + "name": "name specifies a header name. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2.", + "maxLength": "maxLength specifies a maximum length for the header value. If a header value exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", +} + +func (IngressControllerCaptureHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPHeader +} + +var map_IngressControllerCaptureHTTPHeaders = map[string]string{ + "": "IngressControllerCaptureHTTPHeaders specifies which HTTP headers the IngressController captures.", + "request": "request specifies which HTTP request headers to capture.\n\nIf this field is empty, no request headers are captured.", + "response": "response specifies which HTTP response headers to capture.\n\nIf this field is empty, no response headers are captured.", +} + +func (IngressControllerCaptureHTTPHeaders) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPHeaders +} + +var map_IngressControllerHTTPHeader = map[string]string{ + "": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "name": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "action": "action specifies actions to perform on headers, such as setting or deleting headers.", +} + +func (IngressControllerHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeader +} + +var map_IngressControllerHTTPHeaderActionUnion = map[string]string{ + "": "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "type": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "set": "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", +} + +func (IngressControllerHTTPHeaderActionUnion) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderActionUnion +} + +var map_IngressControllerHTTPHeaderActions = map[string]string{ + "": "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "response": "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", + "request": "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". ", +} + +func (IngressControllerHTTPHeaderActions) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderActions +} + +var map_IngressControllerHTTPHeaders = map[string]string{ + "": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", + "forwardedHeaderPolicy": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", + "uniqueId": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", + "headerNameCaseAdjustments": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", + "actions": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", +} + +func (IngressControllerHTTPHeaders) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaders +} + +var map_IngressControllerHTTPUniqueIdHeaderPolicy = map[string]string{ + "": "IngressControllerHTTPUniqueIdHeaderPolicy describes configuration for a unique id header.", + "name": "name specifies the name of the HTTP header (for example, \"unique-id\") that the ingress controller should inject into HTTP requests. The field's value must be a valid HTTP header name as defined in RFC 2616 section 4.2. If the field is empty, no header is injected.", + "format": "format specifies the format for the injected HTTP header's value. This field has no effect unless name is specified. For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format. If the field is empty, the default value is \"%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid\"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", +} + +func (IngressControllerHTTPUniqueIdHeaderPolicy) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPUniqueIdHeaderPolicy +} + +var map_IngressControllerList = map[string]string{ + "": "IngressControllerList contains a list of IngressControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (IngressControllerList) SwaggerDoc() map[string]string { + return map_IngressControllerList +} + +var map_IngressControllerLogging = map[string]string{ + "": "IngressControllerLogging describes what should be logged where.", + "access": "access describes how the client requests should be logged.\n\nIf this field is empty, access logging is disabled.", +} + +func (IngressControllerLogging) SwaggerDoc() map[string]string { + return map_IngressControllerLogging +} + +var map_IngressControllerSetHTTPHeader = map[string]string{ + "": "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", + "value": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. ", +} + +func (IngressControllerSetHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerSetHTTPHeader +} + +var map_IngressControllerSpec = map[string]string{ + "": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", + "domain": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", + "httpErrorCodePages": "httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format \"error-page-.http\", where is an HTTP error code. For example, \"error-page-503.http\" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.", + "replicas": "replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field's value is SingleReplica or HighlyAvailable, respectively.\n\nThese defaults are subject to change.", + "endpointPublishingStrategy": "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", + "defaultCertificate": "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", + "namespaceSelector": "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", + "routeSelector": "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", + "nodePlacement": "nodePlacement enables explicit control over the scheduling of the ingress controller.\n\nIf unset, defaults are used. See NodePlacement for more details.", + "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.", + "clientTLS": "clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.", + "routeAdmission": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", + "logging": "logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.", + "httpHeaders": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", + "httpEmptyRequestsPolicy": "httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are \"Respond\" and \"Ignore\". If the field is set to \"Respond\", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics. If the field is set to \"Ignore\", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics. The default value is \"Respond\".\n\nTypically, these connections come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\") and can be safely ignored. However, these requests may also be caused by network errors, and so setting this field to \"Ignore\" may impede detection and diagnosis of problems. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.", + "tuningOptions": "tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details.\n\nSetting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.", + "unsupportedConfigOverrides": "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", + "httpCompression": "httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.", +} + +func (IngressControllerSpec) SwaggerDoc() map[string]string { + return map_IngressControllerSpec +} + +var map_IngressControllerStatus = map[string]string{ + "": "IngressControllerStatus defines the observed status of the IngressController.", + "availableReplicas": "availableReplicas is number of observed available replicas according to the ingress controller deployment.", + "selector": "selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number of matching pods should equal the value of availableReplicas.", + "domain": "domain is the actual domain in use.", + "endpointPublishingStrategy": "endpointPublishingStrategy is the actual strategy in use.", + "conditions": "conditions is a list of conditions and their status.\n\nAvailable means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas)\n\nThere are additional conditions which indicate the status of other ingress controller features and capabilities.\n\n * LoadBalancerManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy requires a service load balancer.\n - False if any of those conditions are unsatisfied.\n\n * LoadBalancerReady\n - True if the following conditions are met:\n * A load balancer is managed.\n * The load balancer is ready.\n - False if any of those conditions are unsatisfied.\n\n * DNSManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy and platform support DNS.\n * The ingress controller domain is set.\n * dns.config.openshift.io/cluster configures DNS zones.\n - False if any of those conditions are unsatisfied.\n\n * DNSReady\n - True if the following conditions are met:\n * DNS is managed.\n * DNS records have been successfully created.\n - False if any of those conditions are unsatisfied.", + "tlsProfile": "tlsProfile is the TLS connection configuration that is in effect.", + "observedGeneration": "observedGeneration is the most recent generation observed.", + "namespaceSelector": "namespaceSelector is the actual namespaceSelector in use.", + "routeSelector": "routeSelector is the actual routeSelector in use.", +} + +func (IngressControllerStatus) SwaggerDoc() map[string]string { + return map_IngressControllerStatus +} + +var map_IngressControllerTuningOptions = map[string]string{ + "": "IngressControllerTuningOptions specifies options for tuning the performance of ingress controller pods", + "headerBufferBytes": "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", + "headerBufferMaxRewriteBytes": "headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes.\n\nSetting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", + "threadCount": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", + "clientTimeout": "clientTimeout defines how long a connection will be held open while waiting for a client response.\n\nIf unset, the default timeout is 30s", + "clientFinTimeout": "clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection.\n\nIf unset, the default timeout is 1s", + "serverTimeout": "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", + "serverFinTimeout": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", + "tunnelTimeout": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", + "connectTimeout": "ConnectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", + "tlsInspectDelay": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", + "healthCheckInterval": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", + "maxConnections": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", + "reloadInterval": "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", +} + +func (IngressControllerTuningOptions) SwaggerDoc() map[string]string { + return map_IngressControllerTuningOptions +} + +var map_LoadBalancerStrategy = map[string]string{ + "": "LoadBalancerStrategy holds parameters for a load balancer.", + "scope": "scope indicates the scope at which the load balancer is exposed. Possible values are \"External\" and \"Internal\".", + "allowedSourceRanges": "allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default, which allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the \"router-\" service in the \"openshift-ingress\" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.", + "providerParameters": "providerParameters holds desired load balancer information specific to the underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters fields for details about their defaults.", + "dnsManagementPolicy": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.", +} + +func (LoadBalancerStrategy) SwaggerDoc() map[string]string { + return map_LoadBalancerStrategy +} + +var map_LoggingDestination = map[string]string{ + "": "LoggingDestination describes a destination for log messages.", + "type": "type is the type of destination for logs. It must be one of the following:\n\n* Container\n\nThe ingress operator configures the sidecar container named \"logs\" on the ingress controller pod and configures the ingress controller to write logs to the sidecar. The logs are then available as container logs. The expectation is that the administrator configures a custom logging solution that reads logs from this sidecar. Note that using container logs means that logs may be dropped if the rate of logs exceeds the container runtime's or the custom logging solution's capacity.\n\n* Syslog\n\nLogs are sent to a syslog endpoint. The administrator must specify an endpoint that can receive syslog messages. The expectation is that the administrator has configured a custom syslog instance.", + "syslog": "syslog holds parameters for a syslog endpoint. Present only if type is Syslog.", + "container": "container holds parameters for the Container logging destination. Present only if type is Container.", +} + +func (LoggingDestination) SwaggerDoc() map[string]string { + return map_LoggingDestination +} + +var map_NodePlacement = map[string]string{ + "": "NodePlacement describes node scheduling configuration for an ingress controller.", + "nodeSelector": "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.", + "tolerations": "tolerations is a list of tolerations applied to ingress controller deployments.\n\nThe default is an empty list.\n\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/", +} + +func (NodePlacement) SwaggerDoc() map[string]string { + return map_NodePlacement +} + +var map_NodePortStrategy = map[string]string{ + "": "NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy.", + "protocol": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", +} + +func (NodePortStrategy) SwaggerDoc() map[string]string { + return map_NodePortStrategy +} + +var map_OpenStackLoadBalancerParameters = map[string]string{ + "": "OpenStackLoadBalancerParameters provides configuration settings that are specific to OpenStack load balancers.", + "floatingIP": "floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. When specified, the floating IP has to be pre-created. If the specified value is not a floating IP or is already claimed, the OpenStack cloud provider won't be able to provision the load balancer. This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address. ", +} + +func (OpenStackLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_OpenStackLoadBalancerParameters +} + +var map_PrivateStrategy = map[string]string{ + "": "PrivateStrategy holds parameters for the Private endpoint publishing strategy.", + "protocol": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", +} + +func (PrivateStrategy) SwaggerDoc() map[string]string { + return map_PrivateStrategy +} + +var map_ProviderLoadBalancerParameters = map[string]string{ + "": "ProviderLoadBalancerParameters holds desired load balancer information specific to the underlying infrastructure provider.", + "type": "type is the underlying infrastructure provider for the load balancer. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\", \"OpenStack\", and \"VSphere\".", + "aws": "aws provides configuration settings that are specific to AWS load balancers.\n\nIf empty, defaults will be applied. See specific aws fields for details about their defaults.", + "gcp": "gcp provides configuration settings that are specific to GCP load balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for details about their defaults.", + "ibm": "ibm provides configuration settings that are specific to IBM Cloud load balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for details about their defaults.", + "openstack": "openstack provides configuration settings that are specific to OpenStack load balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for details about their defaults.", +} + +func (ProviderLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_ProviderLoadBalancerParameters +} + +var map_RouteAdmissionPolicy = map[string]string{ + "": "RouteAdmissionPolicy is an admission policy for allowing new route claims.", + "namespaceOwnership": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", + "wildcardPolicy": "wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route's wildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", +} + +func (RouteAdmissionPolicy) SwaggerDoc() map[string]string { + return map_RouteAdmissionPolicy +} + +var map_SyslogLoggingDestinationParameters = map[string]string{ + "": "SyslogLoggingDestinationParameters describes parameters for the Syslog logging destination type.", + "address": "address is the IP address of the syslog endpoint that receives log messages.", + "port": "port is the UDP port number of the syslog endpoint that receives log messages.", + "facility": "facility specifies the syslog facility of log messages.\n\nIf this field is empty, the facility is \"local1\".", + "maxLength": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 4096, inclusive.\n\nWhen omitted, the default value is 1024.", +} + +func (SyslogLoggingDestinationParameters) SwaggerDoc() map[string]string { + return map_SyslogLoggingDestinationParameters +} + +var map_GatherStatus = map[string]string{ + "": "gatherStatus provides information about the last known gather event.", + "lastGatherTime": "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", + "lastGatherDuration": "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", + "gatherers": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", +} + +func (GatherStatus) SwaggerDoc() map[string]string { + return map_GatherStatus +} + +var map_GathererStatus = map[string]string{ + "": "gathererStatus represents information about a particular data gatherer.", + "conditions": "conditions provide details on the status of each gatherer.", + "name": "name is the name of the gatherer.", + "lastGatherDuration": "lastGatherDuration represents the time spent gathering.", +} + +func (GathererStatus) SwaggerDoc() map[string]string { + return map_GathererStatus +} + +var map_HealthCheck = map[string]string{ + "": "healthCheck represents an Insights health check attributes.", + "description": "description provides basic description of the healtcheck.", + "totalRisk": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", + "advisorURI": "advisorURI provides the URL link to the Insights Advisor.", + "state": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", +} + +func (HealthCheck) SwaggerDoc() map[string]string { + return map_HealthCheck +} + +var map_InsightsOperator = map[string]string{ + "": "\n\nInsightsOperator holds cluster-wide information about the Insights Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the Insights.", + "status": "status is the most recently observed status of the Insights operator.", +} + +func (InsightsOperator) SwaggerDoc() map[string]string { + return map_InsightsOperator +} + +var map_InsightsOperatorList = map[string]string{ + "": "InsightsOperatorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (InsightsOperatorList) SwaggerDoc() map[string]string { + return map_InsightsOperatorList +} + +var map_InsightsOperatorStatus = map[string]string{ + "gatherStatus": "gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.", + "insightsReport": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.", +} + +func (InsightsOperatorStatus) SwaggerDoc() map[string]string { + return map_InsightsOperatorStatus +} + +var map_InsightsReport = map[string]string{ + "": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "downloadedAt": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + "healthChecks": "healthChecks provides basic information about active Insights health checks in a cluster.", +} + +func (InsightsReport) SwaggerDoc() map[string]string { + return map_InsightsReport +} + +var map_KubeAPIServer = map[string]string{ + "": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the Kubernetes API Server", + "status": "status is the most recently observed status of the Kubernetes API Server", +} + +func (KubeAPIServer) SwaggerDoc() map[string]string { + return map_KubeAPIServer +} + +var map_KubeAPIServerList = map[string]string{ + "": "KubeAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (KubeAPIServerList) SwaggerDoc() map[string]string { + return map_KubeAPIServerList +} + +var map_KubeAPIServerStatus = map[string]string{ + "serviceAccountIssuers": "serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection", +} + +func (KubeAPIServerStatus) SwaggerDoc() map[string]string { + return map_KubeAPIServerStatus +} + +var map_ServiceAccountIssuerStatus = map[string]string{ + "name": "name is the name of the service account issuer", + "expirationTime": "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.", +} + +func (ServiceAccountIssuerStatus) SwaggerDoc() map[string]string { + return map_ServiceAccountIssuerStatus +} + +var map_KubeControllerManager = map[string]string{ + "": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the Kubernetes Controller Manager", + "status": "status is the most recently observed status of the Kubernetes Controller Manager", +} + +func (KubeControllerManager) SwaggerDoc() map[string]string { + return map_KubeControllerManager +} + +var map_KubeControllerManagerList = map[string]string{ + "": "KubeControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (KubeControllerManagerList) SwaggerDoc() map[string]string { + return map_KubeControllerManagerList +} + +var map_KubeControllerManagerSpec = map[string]string{ + "useMoreSecureServiceCA": "useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content.", +} + +func (KubeControllerManagerSpec) SwaggerDoc() map[string]string { + return map_KubeControllerManagerSpec +} + +var map_KubeStorageVersionMigrator = map[string]string{ + "": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (KubeStorageVersionMigrator) SwaggerDoc() map[string]string { + return map_KubeStorageVersionMigrator +} + +var map_KubeStorageVersionMigratorList = map[string]string{ + "": "KubeStorageVersionMigratorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (KubeStorageVersionMigratorList) SwaggerDoc() map[string]string { + return map_KubeStorageVersionMigratorList +} + +var map_MachineConfiguration = map[string]string{ + "": "MachineConfiguration provides information to configure an operator to manage Machine Configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the Machine Config Operator", + "status": "status is the most recently observed status of the Machine Config Operator", +} + +func (MachineConfiguration) SwaggerDoc() map[string]string { + return map_MachineConfiguration +} + +var map_MachineConfigurationList = map[string]string{ + "": "MachineConfigurationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (MachineConfigurationList) SwaggerDoc() map[string]string { + return map_MachineConfigurationList +} + +var map_MachineConfigurationSpec = map[string]string{ + "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, no boot images will be updated.", + "nodeDisruptionPolicy": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", +} + +func (MachineConfigurationSpec) SwaggerDoc() map[string]string { + return map_MachineConfigurationSpec +} + +var map_MachineConfigurationStatus = map[string]string{ + "observedGeneration": "observedGeneration is the last generation change you've dealt with", + "conditions": "conditions is a list of conditions and their status", + "nodeDisruptionPolicyStatus": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", +} + +func (MachineConfigurationStatus) SwaggerDoc() map[string]string { + return map_MachineConfigurationStatus +} + +var map_MachineManager = map[string]string{ + "": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.", + "resource": "resource is the machine management resource's type. The only current valid value is machinesets. machinesets means that the machine manager will only register resources of the kind MachineSet.", + "apiGroup": "apiGroup is name of the APIGroup that the machine management resource belongs to. The only current valid value is machine.openshift.io. machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", + "selection": "selection allows granular control of the machine management resources that will be registered for boot image updates.", +} + +func (MachineManager) SwaggerDoc() map[string]string { + return map_MachineManager +} + +var map_MachineManagerSelector = map[string]string{ + "mode": "mode determines how machine managers will be selected for updates. Valid values are All and Partial. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.", + "partial": "partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to \"Partial\".", +} + +func (MachineManagerSelector) SwaggerDoc() map[string]string { + return map_MachineManagerSelector +} + +var map_ManagedBootImages = map[string]string{ + "machineManagers": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.", +} + +func (ManagedBootImages) SwaggerDoc() map[string]string { + return map_ManagedBootImages +} + +var map_NodeDisruptionPolicyClusterStatus = map[string]string{ + "": "NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a merge of cluster defaults and user provided policies", + "files": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", + "units": "units is a list MachineConfig unit definitions and actions to take on changes to those services", + "sshkey": "sshkey is the overall sshkey MachineConfig definition", +} + +func (NodeDisruptionPolicyClusterStatus) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyClusterStatus +} + +var map_NodeDisruptionPolicyConfig = map[string]string{ + "": "NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys", + "files": "files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.", + "units": "units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.", + "sshkey": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster", +} + +func (NodeDisruptionPolicyConfig) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyConfig +} + +var map_NodeDisruptionPolicySpecAction = map[string]string{ + "type": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", + "reload": "reload specifies the service to reload, only valid if type is reload", + "restart": "restart specifies the service to restart, only valid if type is restart", +} + +func (NodeDisruptionPolicySpecAction) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecAction +} + +var map_NodeDisruptionPolicySpecFile = map[string]string{ + "": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "path": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecFile) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecFile +} + +var map_NodeDisruptionPolicySpecSSHKey = map[string]string{ + "": "NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecSSHKey) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecSSHKey +} + +var map_NodeDisruptionPolicySpecUnit = map[string]string{ + "": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "name": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecUnit) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecUnit +} + +var map_NodeDisruptionPolicyStatus = map[string]string{ + "clusterPolicies": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", +} + +func (NodeDisruptionPolicyStatus) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatus +} + +var map_NodeDisruptionPolicyStatusAction = map[string]string{ + "type": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", + "reload": "reload specifies the service to reload, only valid if type is reload", + "restart": "restart specifies the service to restart, only valid if type is restart", +} + +func (NodeDisruptionPolicyStatusAction) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusAction +} + +var map_NodeDisruptionPolicyStatusFile = map[string]string{ + "": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "path": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusFile) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusFile +} + +var map_NodeDisruptionPolicyStatusSSHKey = map[string]string{ + "": "NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusSSHKey) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusSSHKey +} + +var map_NodeDisruptionPolicyStatusUnit = map[string]string{ + "": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "name": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusUnit) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusUnit +} + +var map_PartialSelector = map[string]string{ + "": "PartialSelector provides label selector(s) that can be used to match machine management resources.", + "machineResourceSelector": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", +} + +func (PartialSelector) SwaggerDoc() map[string]string { + return map_PartialSelector +} + +var map_ReloadService = map[string]string{ + "": "ReloadService allows the user to specify the services to be reloaded", + "serviceName": "serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", +} + +func (ReloadService) SwaggerDoc() map[string]string { + return map_ReloadService +} + +var map_RestartService = map[string]string{ + "": "RestartService allows the user to specify the services to be restarted", + "serviceName": "serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", +} + +func (RestartService) SwaggerDoc() map[string]string { + return map_RestartService +} + +var map_AdditionalNetworkDefinition = map[string]string{ + "": "AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one \"Config\" that matches the type.", + "type": "type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", + "name": "name is the name of the network. This will be populated in the resulting CRD This must be unique.", + "namespace": "namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace.", + "rawCNIConfig": "rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD", + "simpleMacvlanConfig": "SimpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan", +} + +func (AdditionalNetworkDefinition) SwaggerDoc() map[string]string { + return map_AdditionalNetworkDefinition +} + +var map_AdditionalRoutingCapabilities = map[string]string{ + "": "AdditionalRoutingCapabilities describes components and relevant configuration providing advanced routing capabilities.", + "providers": "providers is a set of enabled components that provide additional routing capabilities. Entries on this list must be unique. The only valid value is currrently \"FRR\" which provides FRR routing capabilities through the deployment of FRR.", +} + +func (AdditionalRoutingCapabilities) SwaggerDoc() map[string]string { + return map_AdditionalRoutingCapabilities +} + +var map_ClusterNetworkEntry = map[string]string{ + "": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", +} + +func (ClusterNetworkEntry) SwaggerDoc() map[string]string { + return map_ClusterNetworkEntry +} + +var map_DefaultNetworkDefinition = map[string]string{ + "": "DefaultNetworkDefinition represents a single network plugin's configuration. type must be specified, along with exactly one \"Config\" that matches the type.", + "type": "type is the type of network All NetworkTypes are supported except for NetworkTypeRaw", + "openshiftSDNConfig": "openShiftSDNConfig was previously used to configure the openshift-sdn plugin. DEPRECATED: OpenShift SDN is no longer supported.", + "ovnKubernetesConfig": "ovnKubernetesConfig configures the ovn-kubernetes plugin.", +} + +func (DefaultNetworkDefinition) SwaggerDoc() map[string]string { + return map_DefaultNetworkDefinition +} + +var map_EgressIPConfig = map[string]string{ + "": "EgressIPConfig defines the configuration knobs for egressip", + "reachabilityTotalTimeoutSeconds": "reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node's reachability check.", +} + +func (EgressIPConfig) SwaggerDoc() map[string]string { + return map_EgressIPConfig +} + +var map_ExportNetworkFlows = map[string]string{ + "netFlow": "netFlow defines the NetFlow configuration.", + "sFlow": "sFlow defines the SFlow configuration.", + "ipfix": "ipfix defines IPFIX configuration.", +} + +func (ExportNetworkFlows) SwaggerDoc() map[string]string { + return map_ExportNetworkFlows +} + +var map_FeaturesMigration = map[string]string{ + "egressIP": "egressIP specified whether or not the Egress IP configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "egressFirewall": "egressFirewall specified whether or not the Egress Firewall configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "multicast": "multicast specified whether or not the multicast configuration was migrated. DEPRECATED: network type migration is no longer supported.", +} + +func (FeaturesMigration) SwaggerDoc() map[string]string { + return map_FeaturesMigration +} + +var map_GatewayConfig = map[string]string{ + "": "GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides", + "routingViaHost": "RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.", + "ipForwarding": "IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to \"Global\". The supported values are \"Restricted\" and \"Global\".", + "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.", + "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.", +} + +func (GatewayConfig) SwaggerDoc() map[string]string { + return map_GatewayConfig +} + +var map_HybridOverlayConfig = map[string]string{ + "hybridClusterNetwork": "HybridClusterNetwork defines a network space given to nodes on an additional overlay network.", + "hybridOverlayVXLANPort": "HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789", +} + +func (HybridOverlayConfig) SwaggerDoc() map[string]string { + return map_HybridOverlayConfig +} + +var map_IPAMConfig = map[string]string{ + "": "IPAMConfig contains configurations for IPAM (IP Address Management)", + "type": "Type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic", + "staticIPAMConfig": "StaticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic", +} + +func (IPAMConfig) SwaggerDoc() map[string]string { + return map_IPAMConfig +} + +var map_IPFIXConfig = map[string]string{ + "collectors": "ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items", +} + +func (IPFIXConfig) SwaggerDoc() map[string]string { + return map_IPFIXConfig +} + +var map_IPsecConfig = map[string]string{ + "mode": "mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.", +} + +func (IPsecConfig) SwaggerDoc() map[string]string { + return map_IPsecConfig +} + +var map_IPv4GatewayConfig = map[string]string{ + "": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes", + "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format", +} + +func (IPv4GatewayConfig) SwaggerDoc() map[string]string { + return map_IPv4GatewayConfig +} + +var map_IPv4OVNKubernetesConfig = map[string]string{ + "internalTransitSwitchSubnet": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "internalJoinSubnet": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The current default value is 100.64.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format", +} + +func (IPv4OVNKubernetesConfig) SwaggerDoc() map[string]string { + return map_IPv4OVNKubernetesConfig +} + +var map_IPv6GatewayConfig = map[string]string{ + "": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", + "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted", +} + +func (IPv6GatewayConfig) SwaggerDoc() map[string]string { + return map_IPv6GatewayConfig +} + +var map_IPv6OVNKubernetesConfig = map[string]string{ + "internalTransitSwitchSubnet": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "internalJoinSubnet": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/48 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", +} + +func (IPv6OVNKubernetesConfig) SwaggerDoc() map[string]string { + return map_IPv6OVNKubernetesConfig +} + +var map_MTUMigration = map[string]string{ + "": "MTUMigration contains infomation about MTU migration.", + "network": "network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.", + "machine": "machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.", +} + +func (MTUMigration) SwaggerDoc() map[string]string { + return map_MTUMigration +} + +var map_MTUMigrationValues = map[string]string{ + "": "MTUMigrationValues contains the values for a MTU migration.", + "to": "to is the MTU to migrate to.", + "from": "from is the MTU to migrate from.", +} + +func (MTUMigrationValues) SwaggerDoc() map[string]string { + return map_MTUMigrationValues +} + +var map_NetFlowConfig = map[string]string{ + "collectors": "netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items", +} + +func (NetFlowConfig) SwaggerDoc() map[string]string { + return map_NetFlowConfig +} + +var map_Network = map[string]string{ + "": "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (Network) SwaggerDoc() map[string]string { + return map_Network +} + +var map_NetworkList = map[string]string{ + "": "NetworkList contains a list of Network configurations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (NetworkList) SwaggerDoc() map[string]string { + return map_NetworkList +} + +var map_NetworkMigration = map[string]string{ + "": "NetworkMigration represents the cluster network migration configuration.", + "mtu": "mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.", + "networkType": "networkType was previously used when changing the default network type. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", + "features": "features was previously used to configure which network plugin features would be migrated in a network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", + "mode": "mode indicates the mode of network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", +} + +func (NetworkMigration) SwaggerDoc() map[string]string { + return map_NetworkMigration +} + +var map_NetworkSpec = map[string]string{ + "": "NetworkSpec is the top-level network configuration object.", + "clusterNetwork": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", + "serviceNetwork": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", + "defaultNetwork": "defaultNetwork is the \"default\" network that all pods will receive", + "additionalNetworks": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", + "disableMultiNetwork": "disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.", + "useMultiNetworkPolicy": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", + "deployKubeProxy": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.", + "disableNetworkDiagnostics": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", + "kubeProxyConfig": "kubeProxyConfig lets us configure desired proxy configuration, if deployKubeProxy is true. If not specified, sensible defaults will be chosen by OpenShift directly.", + "exportNetworkFlows": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.", + "migration": "migration enables and configures cluster network migration, for network changes that cannot be made instantly.", + "additionalRoutingCapabilities": "additionalRoutingCapabilities describes components and relevant configuration providing additional routing capabilities. When set, it enables such components and the usage of the routing capabilities they provide for the machine network. Upstream operators, like MetalLB operator, requiring these capabilities may rely on, or automatically set this attribute. Network plugins may leverage advanced routing capabilities acquired through the enablement of these components but may require specific configuration on their side to do so; refer to their respective documentation and configuration options.", +} + +func (NetworkSpec) SwaggerDoc() map[string]string { + return map_NetworkSpec +} + +var map_NetworkStatus = map[string]string{ + "": "NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.", +} + +func (NetworkStatus) SwaggerDoc() map[string]string { + return map_NetworkStatus +} + +var map_OVNKubernetesConfig = map[string]string{ + "": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", + "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", + "genevePort": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081", + "hybridOverlayConfig": "HybridOverlayConfig configures an additional overlay network for peers that are not using OVN.", + "ipsecConfig": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.", + "policyAuditConfig": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", + "gatewayConfig": "gatewayConfig holds the configuration for node gateway options.", + "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16", + "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48", + "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.", + "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", +} + +func (OVNKubernetesConfig) SwaggerDoc() map[string]string { + return map_OVNKubernetesConfig +} + +var map_OpenShiftSDNConfig = map[string]string{ + "": "OpenShiftSDNConfig was used to configure the OpenShift SDN plugin. It is no longer used.", + "mode": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", + "vxlanPort": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", + "mtu": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.", + "useExternalOpenvswitch": "useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored.", + "enableUnidling": "enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.", +} + +func (OpenShiftSDNConfig) SwaggerDoc() map[string]string { + return map_OpenShiftSDNConfig +} + +var map_PolicyAuditConfig = map[string]string{ + "rateLimit": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.", + "maxFileSize": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB", + "maxLogFiles": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present.", + "destination": "destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - \"libc\" -> to use the libc syslog() function of the host node's journdald process - \"udp:host:port\" -> for sending syslog over UDP - \"unix:file\" -> for using the UNIX domain socket directly - \"null\" -> to discard all messages logged to syslog The default is \"null\"", + "syslogFacility": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", +} + +func (PolicyAuditConfig) SwaggerDoc() map[string]string { + return map_PolicyAuditConfig +} + +var map_ProxyConfig = map[string]string{ + "": "ProxyConfig defines the configuration knobs for kubeproxy All of these are optional and have sensible defaults", + "iptablesSyncPeriod": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s", + "bindAddress": "The address to \"bind\" on Defaults to 0.0.0.0", + "proxyArguments": "Any additional arguments to pass to the kubeproxy process", +} + +func (ProxyConfig) SwaggerDoc() map[string]string { + return map_ProxyConfig +} + +var map_SFlowConfig = map[string]string{ + "collectors": "sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items", +} + +func (SFlowConfig) SwaggerDoc() map[string]string { + return map_SFlowConfig +} + +var map_SimpleMacvlanConfig = map[string]string{ + "": "SimpleMacvlanConfig contains configurations for macvlan interface.", + "master": "master is the host interface to create the macvlan interface from. If not specified, it will be default route interface", + "ipamConfig": "IPAMConfig configures IPAM module will be used for IP Address Management (IPAM).", + "mode": "mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge", + "mtu": "mtu is the mtu to use for the macvlan interface. if unset, host's kernel will select the value.", +} + +func (SimpleMacvlanConfig) SwaggerDoc() map[string]string { + return map_SimpleMacvlanConfig +} + +var map_StaticIPAMAddresses = map[string]string{ + "": "StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses", + "address": "Address is the IP address in CIDR format", + "gateway": "Gateway is IP inside of subnet to designate as the gateway", +} + +func (StaticIPAMAddresses) SwaggerDoc() map[string]string { + return map_StaticIPAMAddresses +} + +var map_StaticIPAMConfig = map[string]string{ + "": "StaticIPAMConfig contains configurations for static IPAM (IP Address Management)", + "addresses": "Addresses configures IP address for the interface", + "routes": "Routes configures IP routes for the interface", + "dns": "DNS configures DNS for the interface", +} + +func (StaticIPAMConfig) SwaggerDoc() map[string]string { + return map_StaticIPAMConfig +} + +var map_StaticIPAMDNS = map[string]string{ + "": "StaticIPAMDNS provides DNS related information for static IPAM", + "nameservers": "Nameservers points DNS servers for IP lookup", + "domain": "Domain configures the domainname the local domain used for short hostname lookups", + "search": "Search configures priority ordered search domains for short hostname lookups", +} + +func (StaticIPAMDNS) SwaggerDoc() map[string]string { + return map_StaticIPAMDNS +} + +var map_StaticIPAMRoutes = map[string]string{ + "": "StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes", + "destination": "Destination points the IP route destination", + "gateway": "Gateway is the route's next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin).", +} + +func (StaticIPAMRoutes) SwaggerDoc() map[string]string { + return map_StaticIPAMRoutes +} + +var map_OLM = map[string]string{ + "": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (OLM) SwaggerDoc() map[string]string { + return map_OLM +} + +var map_OLMList = map[string]string{ + "": "OLMList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (OLMList) SwaggerDoc() map[string]string { + return map_OLMList +} + +var map_OpenShiftAPIServer = map[string]string{ + "": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the OpenShift API Server.", + "status": "status defines the observed status of the OpenShift API Server.", +} + +func (OpenShiftAPIServer) SwaggerDoc() map[string]string { + return map_OpenShiftAPIServer +} + +var map_OpenShiftAPIServerList = map[string]string{ + "": "OpenShiftAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (OpenShiftAPIServerList) SwaggerDoc() map[string]string { + return map_OpenShiftAPIServerList +} + +var map_OpenShiftControllerManager = map[string]string{ + "": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (OpenShiftControllerManager) SwaggerDoc() map[string]string { + return map_OpenShiftControllerManager +} + +var map_OpenShiftControllerManagerList = map[string]string{ + "": "OpenShiftControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (OpenShiftControllerManagerList) SwaggerDoc() map[string]string { + return map_OpenShiftControllerManagerList +} + +var map_KubeScheduler = map[string]string{ + "": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the Kubernetes Scheduler", + "status": "status is the most recently observed status of the Kubernetes Scheduler", +} + +func (KubeScheduler) SwaggerDoc() map[string]string { + return map_KubeScheduler +} + +var map_KubeSchedulerList = map[string]string{ + "": "KubeSchedulerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (KubeSchedulerList) SwaggerDoc() map[string]string { + return map_KubeSchedulerList +} + +var map_ServiceCA = map[string]string{ + "": "ServiceCA provides information to configure an operator to manage the service cert controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (ServiceCA) SwaggerDoc() map[string]string { + return map_ServiceCA +} + +var map_ServiceCAList = map[string]string{ + "": "ServiceCAList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (ServiceCAList) SwaggerDoc() map[string]string { + return map_ServiceCAList +} + +var map_ServiceCatalogAPIServer = map[string]string{ + "": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ServiceCatalogAPIServer) SwaggerDoc() map[string]string { + return map_ServiceCatalogAPIServer +} + +var map_ServiceCatalogAPIServerList = map[string]string{ + "": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (ServiceCatalogAPIServerList) SwaggerDoc() map[string]string { + return map_ServiceCatalogAPIServerList +} + +var map_ServiceCatalogControllerManager = map[string]string{ + "": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ServiceCatalogControllerManager) SwaggerDoc() map[string]string { + return map_ServiceCatalogControllerManager +} + +var map_ServiceCatalogControllerManagerList = map[string]string{ + "": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (ServiceCatalogControllerManagerList) SwaggerDoc() map[string]string { + return map_ServiceCatalogControllerManagerList +} + +var map_Storage = map[string]string{ + "": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Storage) SwaggerDoc() map[string]string { + return map_Storage +} + +var map_StorageList = map[string]string{ + "": "StorageList contains a list of Storages.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (StorageList) SwaggerDoc() map[string]string { + return map_StorageList +} + +var map_StorageSpec = map[string]string{ + "": "StorageSpec is the specification of the desired behavior of the cluster storage operator.", + "vsphereStorageDriver": "VSphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release.", +} + +func (StorageSpec) SwaggerDoc() map[string]string { + return map_StorageSpec +} + +var map_StorageStatus = map[string]string{ + "": "StorageStatus defines the observed status of the cluster storage operator.", +} + +func (StorageStatus) SwaggerDoc() map[string]string { + return map_StorageStatus +} + +// AUTO-GENERATED FUNCTIONS END HERE