diff --git a/deploy/crds/containerized-data-importer00.crd.yaml b/deploy/crds/containerized-data-importer00.crd.yaml index f3106afab..6a11f8943 100644 --- a/deploy/crds/containerized-data-importer00.crd.yaml +++ b/deploy/crds/containerized-data-importer00.crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.9.2 name: cdis.cdi.kubevirt.io spec: group: cdi.kubevirt.io @@ -140,10 +140,10 @@ spec: is consumed by the import controller that is resposible for coping it to a config map named trusted-ca-proxy-bundle-cm in the cdi namespace. Here is an example of the ConfigMap - (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: - trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: - | -----BEGIN CERTIFICATE----- \t ... ... \t -----END CERTIFICATE-----" + (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: + trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: + | -----BEGIN CERTIFICATE----- ... + ... -----END CERTIFICATE-----" type: string type: object insecureRegistries: @@ -316,6 +316,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -421,10 +422,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -505,6 +508,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -564,6 +568,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -668,6 +673,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -726,6 +732,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -829,6 +836,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -888,6 +896,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -992,6 +1001,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1050,6 +1060,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -1248,6 +1259,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -1353,10 +1365,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -1437,6 +1451,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1496,6 +1511,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -1600,6 +1616,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1658,6 +1675,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -1761,6 +1779,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1820,6 +1839,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -1924,6 +1944,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1982,6 +2003,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -2239,10 +2261,10 @@ spec: is consumed by the import controller that is resposible for coping it to a config map named trusted-ca-proxy-bundle-cm in the cdi namespace. Here is an example of the ConfigMap - (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: - trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: - | -----BEGIN CERTIFICATE----- \t ... ... \t -----END CERTIFICATE-----" + (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: + trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: + | -----BEGIN CERTIFICATE----- ... + ... -----END CERTIFICATE-----" type: string type: object insecureRegistries: @@ -2290,6 +2312,97 @@ spec: if no storage class specified, use no storage class for scratch space' type: string + tlsSecurityProfile: + description: TLSSecurityProfile is used by operators to apply + cluster-wide TLS security settings to operands. + properties: + custom: + description: "custom is a user-defined TLS security profile. + Be extremely careful using a custom profile as invalid configurations + can be catastrophic. An example custom profile looks like + this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + minTLSVersion: TLSv1.1" + nullable: true + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators + may remove entries their operands do not support. For + example, to use DES-CBC3-SHA (yaml): \n ciphers: - + DES-CBC3-SHA" + items: + type: string + type: array + minTLSVersion: + description: "minTLSVersion is used to specify the minimal + version of the TLS protocol that is negotiated during + the TLS handshake. For example, to use TLS versions + 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n + NOTE: currently the highest minTLSVersion allowed is + VersionTLS12" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: "intermediate is a TLS security profile based + on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + minTLSVersion: TLSv1.2" + nullable: true + type: object + modern: + description: "modern is a TLS security profile based on: \n + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + nullable: true + type: object + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - + ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 + - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA + - DES-CBC3-SHA minTLSVersion: TLSv1.0" + nullable: true + type: object + type: + description: "type is one of Old, Intermediate, Modern or + Custom. Custom provides the ability to specify individual + TLS security profile parameters. Old, Intermediate and Modern + are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + \n The profiles are intent based, so they may change over + time as new ciphers are developed and existing ciphers are + found to be insecure. Depending on precisely which ciphers + are available to a process, the list may be reduced. \n + Note that the Modern profile is currently not supported + because it is not yet well adopted by common software libraries." + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object uploadProxyURLOverride: description: Override the URL used when uploading to a DataVolume type: string @@ -2415,6 +2528,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -2520,10 +2634,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -2604,6 +2720,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2663,6 +2780,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -2767,6 +2885,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2825,6 +2944,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -2928,6 +3048,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2987,6 +3108,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -3091,6 +3213,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3149,6 +3272,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -3350,6 +3474,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -3455,10 +3580,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -3539,6 +3666,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3598,6 +3726,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -3702,6 +3831,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3760,6 +3890,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -3863,6 +3994,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3922,6 +4054,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -4026,6 +4159,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -4084,6 +4218,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The diff --git a/deploy/images.csv b/deploy/images.csv index cef98595e..9716b2fe7 100644 --- a/deploy/images.csv +++ b/deploy/images.csv @@ -8,13 +8,13 @@ KUBEVIRT_VIRTIO_IMAGE,quay.io/kubevirt/virtio-container-disk,KUBEVIRT_VERSION,3e KUBEVIRT_LIBGUESTFS_TOOLS_IMAGE,quay.io/kubevirt/libguestfs-tools,KUBEVIRT_VERSION,f41fcf9bcd6effe39ab8d35dd83067189a0684b96c3baf524d0b1da2e8aee519 CNA_OPERATOR_IMAGE,quay.io/kubevirt/cluster-network-addons-operator,NETWORK_ADDONS_VERSION,d844dad0bb14ee0ec1254be7bee5f744c930de1783fc7ed1c23ecc1fb8b9f71e SSP_OPERATOR_IMAGE,quay.io/kubevirt/ssp-operator,SSP_VERSION,878cfc0fc98632aeb30fe693e6368f4b888a262241db095f0bbc681b2ea684b0 -CDI_OPERATOR_IMAGE,quay.io/kubevirt/cdi-operator,CDI_VERSION,ccf370b3bb6d8a5fe129fc1b0554251e8c412b69d1cfcede97f732d5e4e463c5 -CDI_CONTROLLER_IMAGE,quay.io/kubevirt/cdi-controller,CDI_VERSION,c658c6bb14279b00aef58724156aa4d7d84bf8b8b048727316d70b8332908573 -CDI_APISERVER_IMAGE,quay.io/kubevirt/cdi-apiserver,CDI_VERSION,e3b11225fed704dd7e0bb4fd39c86f0a328921f420c526df15afd6e3671b1ee8 -CDI_CLONER_IMAGE,quay.io/kubevirt/cdi-cloner,CDI_VERSION,2e6e5ce583904036d2f9c0b59aa910a8b10bc28c6f8192d20dbec42ed84af0fb -CDI_IMPORTER_IMAGE,quay.io/kubevirt/cdi-importer,CDI_VERSION,fe10c5b1ea73b4cc179224fb73e61517714493d34f550d0beab7b855a9018e3b -CDI_UPLOADPROXY_IMAGE,quay.io/kubevirt/cdi-uploadproxy,CDI_VERSION,8487960426af33065a3217789faeb07af35d48700c700f854d3a3d8afff66132 -CDI_UPLOADSERVER_IMAGE,quay.io/kubevirt/cdi-uploadserver,CDI_VERSION,27e06a14c36fa7c9e7ddf300d4e53a1fe9a6e0389e24c48e1f53ff76f4f13fbe +CDI_OPERATOR_IMAGE,quay.io/kubevirt/cdi-operator,CDI_VERSION,d22dc4ce058c662d9515ddab4e964b159b6ea46c4ab6daf70c882a7948990669 +CDI_CONTROLLER_IMAGE,quay.io/kubevirt/cdi-controller,CDI_VERSION,983ba20359ab61055d2dfbaeefa7f377b22dcfa7059ca4443ec02d6af3c064f8 +CDI_APISERVER_IMAGE,quay.io/kubevirt/cdi-apiserver,CDI_VERSION,0143bb215d366a5b4ea11afc6236c6566022740c6f18e23d2784e904666a1651 +CDI_CLONER_IMAGE,quay.io/kubevirt/cdi-cloner,CDI_VERSION,b9a2c4f129ecf1552ab9e1023feaaddfa0334a232c7fbb78143cd7d046d30ea0 +CDI_IMPORTER_IMAGE,quay.io/kubevirt/cdi-importer,CDI_VERSION,2919aa47422f1d1b849208f051b44a558c99de9a35db8eb69294fc5c18fb4b0e +CDI_UPLOADPROXY_IMAGE,quay.io/kubevirt/cdi-uploadproxy,CDI_VERSION,47a02e259d12d8ce77330e3df148d73f4a55aaab8255a0530ada858a46343e3f +CDI_UPLOADSERVER_IMAGE,quay.io/kubevirt/cdi-uploadserver,CDI_VERSION,65386bc3bc63e3c5690ae2bbe2ef7edcfa4357de6148720029d7dfa4a175556f TTO_OPERATOR_IMAGE,quay.io/kubevirt/tekton-tasks-operator,TTO_VERSION,aa8ed6cd59dc235c02f8170e4b272e67801e87fe35767d2c6b31891e534a2295 HPPO_IMAGE,quay.io/kubevirt/hostpath-provisioner-operator,HPPO_VERSION,ffde3b1c4b682de6c3ca1932bbb9526a794b214560a262608d3a4c43b9aa7481 HPP_IMAGE,quay.io/kubevirt/hostpath-provisioner,HPP_VERSION,f1cd0f057ff7b125b3dd5b3ce6a40796467a1d9df4a1224fb0ed6af24b13b8a6 diff --git a/deploy/images.env b/deploy/images.env index cd0034e49..6310e3314 100755 --- a/deploy/images.env +++ b/deploy/images.env @@ -7,13 +7,13 @@ KUBEVIRT_VIRTIO_IMAGE=quay.io/kubevirt/virtio-container-disk@sha256:3e88b9bde879 KUBEVIRT_LIBGUESTFS_TOOLS_IMAGE=quay.io/kubevirt/libguestfs-tools@sha256:f41fcf9bcd6effe39ab8d35dd83067189a0684b96c3baf524d0b1da2e8aee519 CNA_OPERATOR_IMAGE=quay.io/kubevirt/cluster-network-addons-operator@sha256:d844dad0bb14ee0ec1254be7bee5f744c930de1783fc7ed1c23ecc1fb8b9f71e SSP_OPERATOR_IMAGE=quay.io/kubevirt/ssp-operator@sha256:878cfc0fc98632aeb30fe693e6368f4b888a262241db095f0bbc681b2ea684b0 -CDI_OPERATOR_IMAGE=quay.io/kubevirt/cdi-operator@sha256:ccf370b3bb6d8a5fe129fc1b0554251e8c412b69d1cfcede97f732d5e4e463c5 -CDI_CONTROLLER_IMAGE=quay.io/kubevirt/cdi-controller@sha256:c658c6bb14279b00aef58724156aa4d7d84bf8b8b048727316d70b8332908573 -CDI_APISERVER_IMAGE=quay.io/kubevirt/cdi-apiserver@sha256:e3b11225fed704dd7e0bb4fd39c86f0a328921f420c526df15afd6e3671b1ee8 -CDI_CLONER_IMAGE=quay.io/kubevirt/cdi-cloner@sha256:2e6e5ce583904036d2f9c0b59aa910a8b10bc28c6f8192d20dbec42ed84af0fb -CDI_IMPORTER_IMAGE=quay.io/kubevirt/cdi-importer@sha256:fe10c5b1ea73b4cc179224fb73e61517714493d34f550d0beab7b855a9018e3b -CDI_UPLOADPROXY_IMAGE=quay.io/kubevirt/cdi-uploadproxy@sha256:8487960426af33065a3217789faeb07af35d48700c700f854d3a3d8afff66132 -CDI_UPLOADSERVER_IMAGE=quay.io/kubevirt/cdi-uploadserver@sha256:27e06a14c36fa7c9e7ddf300d4e53a1fe9a6e0389e24c48e1f53ff76f4f13fbe +CDI_OPERATOR_IMAGE=quay.io/kubevirt/cdi-operator@sha256:d22dc4ce058c662d9515ddab4e964b159b6ea46c4ab6daf70c882a7948990669 +CDI_CONTROLLER_IMAGE=quay.io/kubevirt/cdi-controller@sha256:983ba20359ab61055d2dfbaeefa7f377b22dcfa7059ca4443ec02d6af3c064f8 +CDI_APISERVER_IMAGE=quay.io/kubevirt/cdi-apiserver@sha256:0143bb215d366a5b4ea11afc6236c6566022740c6f18e23d2784e904666a1651 +CDI_CLONER_IMAGE=quay.io/kubevirt/cdi-cloner@sha256:b9a2c4f129ecf1552ab9e1023feaaddfa0334a232c7fbb78143cd7d046d30ea0 +CDI_IMPORTER_IMAGE=quay.io/kubevirt/cdi-importer@sha256:2919aa47422f1d1b849208f051b44a558c99de9a35db8eb69294fc5c18fb4b0e +CDI_UPLOADPROXY_IMAGE=quay.io/kubevirt/cdi-uploadproxy@sha256:47a02e259d12d8ce77330e3df148d73f4a55aaab8255a0530ada858a46343e3f +CDI_UPLOADSERVER_IMAGE=quay.io/kubevirt/cdi-uploadserver@sha256:65386bc3bc63e3c5690ae2bbe2ef7edcfa4357de6148720029d7dfa4a175556f TTO_OPERATOR_IMAGE=quay.io/kubevirt/tekton-tasks-operator@sha256:aa8ed6cd59dc235c02f8170e4b272e67801e87fe35767d2c6b31891e534a2295 HPPO_IMAGE=quay.io/kubevirt/hostpath-provisioner-operator@sha256:ffde3b1c4b682de6c3ca1932bbb9526a794b214560a262608d3a4c43b9aa7481 HPP_IMAGE=quay.io/kubevirt/hostpath-provisioner@sha256:f1cd0f057ff7b125b3dd5b3ce6a40796467a1d9df4a1224fb0ed6af24b13b8a6 @@ -33,13 +33,13 @@ DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/virtio-container-disk@sha256:3e88b9 DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/libguestfs-tools@sha256:f41fcf9bcd6effe39ab8d35dd83067189a0684b96c3baf524d0b1da2e8aee519" DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cluster-network-addons-operator@sha256:d844dad0bb14ee0ec1254be7bee5f744c930de1783fc7ed1c23ecc1fb8b9f71e" DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/ssp-operator@sha256:878cfc0fc98632aeb30fe693e6368f4b888a262241db095f0bbc681b2ea684b0" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-operator@sha256:ccf370b3bb6d8a5fe129fc1b0554251e8c412b69d1cfcede97f732d5e4e463c5" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-controller@sha256:c658c6bb14279b00aef58724156aa4d7d84bf8b8b048727316d70b8332908573" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-apiserver@sha256:e3b11225fed704dd7e0bb4fd39c86f0a328921f420c526df15afd6e3671b1ee8" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-cloner@sha256:2e6e5ce583904036d2f9c0b59aa910a8b10bc28c6f8192d20dbec42ed84af0fb" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-importer@sha256:fe10c5b1ea73b4cc179224fb73e61517714493d34f550d0beab7b855a9018e3b" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-uploadproxy@sha256:8487960426af33065a3217789faeb07af35d48700c700f854d3a3d8afff66132" -DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-uploadserver@sha256:27e06a14c36fa7c9e7ddf300d4e53a1fe9a6e0389e24c48e1f53ff76f4f13fbe" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-operator@sha256:d22dc4ce058c662d9515ddab4e964b159b6ea46c4ab6daf70c882a7948990669" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-controller@sha256:983ba20359ab61055d2dfbaeefa7f377b22dcfa7059ca4443ec02d6af3c064f8" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-apiserver@sha256:0143bb215d366a5b4ea11afc6236c6566022740c6f18e23d2784e904666a1651" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-cloner@sha256:b9a2c4f129ecf1552ab9e1023feaaddfa0334a232c7fbb78143cd7d046d30ea0" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-importer@sha256:2919aa47422f1d1b849208f051b44a558c99de9a35db8eb69294fc5c18fb4b0e" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-uploadproxy@sha256:47a02e259d12d8ce77330e3df148d73f4a55aaab8255a0530ada858a46343e3f" +DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/cdi-uploadserver@sha256:65386bc3bc63e3c5690ae2bbe2ef7edcfa4357de6148720029d7dfa4a175556f" DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/tekton-tasks-operator@sha256:aa8ed6cd59dc235c02f8170e4b272e67801e87fe35767d2c6b31891e534a2295" DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/hostpath-provisioner-operator@sha256:ffde3b1c4b682de6c3ca1932bbb9526a794b214560a262608d3a4c43b9aa7481" DIGEST_LIST="${DIGEST_LIST},quay.io/kubevirt/hostpath-provisioner@sha256:f1cd0f057ff7b125b3dd5b3ce6a40796467a1d9df4a1224fb0ed6af24b13b8a6" diff --git a/deploy/index-image/community-kubevirt-hyperconverged/1.8.0/manifests/containerized-data-importer00.crd.yaml b/deploy/index-image/community-kubevirt-hyperconverged/1.8.0/manifests/containerized-data-importer00.crd.yaml index f3106afab..6a11f8943 100644 --- a/deploy/index-image/community-kubevirt-hyperconverged/1.8.0/manifests/containerized-data-importer00.crd.yaml +++ b/deploy/index-image/community-kubevirt-hyperconverged/1.8.0/manifests/containerized-data-importer00.crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.9.2 name: cdis.cdi.kubevirt.io spec: group: cdi.kubevirt.io @@ -140,10 +140,10 @@ spec: is consumed by the import controller that is resposible for coping it to a config map named trusted-ca-proxy-bundle-cm in the cdi namespace. Here is an example of the ConfigMap - (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: - trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: - | -----BEGIN CERTIFICATE----- \t ... ... \t -----END CERTIFICATE-----" + (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: + trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: + | -----BEGIN CERTIFICATE----- ... + ... -----END CERTIFICATE-----" type: string type: object insecureRegistries: @@ -316,6 +316,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -421,10 +422,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -505,6 +508,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -564,6 +568,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -668,6 +673,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -726,6 +732,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -829,6 +836,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -888,6 +896,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -992,6 +1001,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1050,6 +1060,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -1248,6 +1259,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -1353,10 +1365,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -1437,6 +1451,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1496,6 +1511,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -1600,6 +1616,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1658,6 +1675,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -1761,6 +1779,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1820,6 +1839,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -1924,6 +1944,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1982,6 +2003,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -2239,10 +2261,10 @@ spec: is consumed by the import controller that is resposible for coping it to a config map named trusted-ca-proxy-bundle-cm in the cdi namespace. Here is an example of the ConfigMap - (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: - trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: - | -----BEGIN CERTIFICATE----- \t ... ... \t -----END CERTIFICATE-----" + (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: + trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: + | -----BEGIN CERTIFICATE----- ... + ... -----END CERTIFICATE-----" type: string type: object insecureRegistries: @@ -2290,6 +2312,97 @@ spec: if no storage class specified, use no storage class for scratch space' type: string + tlsSecurityProfile: + description: TLSSecurityProfile is used by operators to apply + cluster-wide TLS security settings to operands. + properties: + custom: + description: "custom is a user-defined TLS security profile. + Be extremely careful using a custom profile as invalid configurations + can be catastrophic. An example custom profile looks like + this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + minTLSVersion: TLSv1.1" + nullable: true + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators + may remove entries their operands do not support. For + example, to use DES-CBC3-SHA (yaml): \n ciphers: - + DES-CBC3-SHA" + items: + type: string + type: array + minTLSVersion: + description: "minTLSVersion is used to specify the minimal + version of the TLS protocol that is negotiated during + the TLS handshake. For example, to use TLS versions + 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n + NOTE: currently the highest minTLSVersion allowed is + VersionTLS12" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: "intermediate is a TLS security profile based + on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + minTLSVersion: TLSv1.2" + nullable: true + type: object + modern: + description: "modern is a TLS security profile based on: \n + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + nullable: true + type: object + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - + ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 + - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA + - DES-CBC3-SHA minTLSVersion: TLSv1.0" + nullable: true + type: object + type: + description: "type is one of Old, Intermediate, Modern or + Custom. Custom provides the ability to specify individual + TLS security profile parameters. Old, Intermediate and Modern + are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + \n The profiles are intent based, so they may change over + time as new ciphers are developed and existing ciphers are + found to be insecure. Depending on precisely which ciphers + are available to a process, the list may be reduced. \n + Note that the Modern profile is currently not supported + because it is not yet well adopted by common software libraries." + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object uploadProxyURLOverride: description: Override the URL used when uploading to a DataVolume type: string @@ -2415,6 +2528,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -2520,10 +2634,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -2604,6 +2720,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2663,6 +2780,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -2767,6 +2885,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2825,6 +2944,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -2928,6 +3048,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2987,6 +3108,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -3091,6 +3213,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3149,6 +3272,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -3350,6 +3474,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -3455,10 +3580,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -3539,6 +3666,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3598,6 +3726,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -3702,6 +3831,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3760,6 +3890,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -3863,6 +3994,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3922,6 +4054,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -4026,6 +4159,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -4084,6 +4218,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The diff --git a/deploy/index-image/community-kubevirt-hyperconverged/1.8.0/manifests/kubevirt-hyperconverged-operator.v1.8.0.clusterserviceversion.yaml b/deploy/index-image/community-kubevirt-hyperconverged/1.8.0/manifests/kubevirt-hyperconverged-operator.v1.8.0.clusterserviceversion.yaml index 0292993ac..5c27ac105 100644 --- a/deploy/index-image/community-kubevirt-hyperconverged/1.8.0/manifests/kubevirt-hyperconverged-operator.v1.8.0.clusterserviceversion.yaml +++ b/deploy/index-image/community-kubevirt-hyperconverged/1.8.0/manifests/kubevirt-hyperconverged-operator.v1.8.0.clusterserviceversion.yaml @@ -2492,7 +2492,7 @@ spec: - name: KUBEVIRT_VERSION value: v0.55.0 - name: CDI_VERSION - value: v1.51.0 + value: v1.52.0 - name: NETWORK_ADDONS_VERSION value: v0.77.0 - name: SSP_VERSION @@ -3002,25 +3002,25 @@ spec: - name: DEPLOY_CLUSTER_RESOURCES value: "true" - name: OPERATOR_VERSION - value: v1.51.0 + value: v1.52.0 - name: CONTROLLER_IMAGE - value: quay.io/kubevirt/cdi-controller@sha256:c658c6bb14279b00aef58724156aa4d7d84bf8b8b048727316d70b8332908573 + value: quay.io/kubevirt/cdi-controller@sha256:983ba20359ab61055d2dfbaeefa7f377b22dcfa7059ca4443ec02d6af3c064f8 - name: IMPORTER_IMAGE - value: quay.io/kubevirt/cdi-importer@sha256:fe10c5b1ea73b4cc179224fb73e61517714493d34f550d0beab7b855a9018e3b + value: quay.io/kubevirt/cdi-importer@sha256:2919aa47422f1d1b849208f051b44a558c99de9a35db8eb69294fc5c18fb4b0e - name: CLONER_IMAGE - value: quay.io/kubevirt/cdi-cloner@sha256:2e6e5ce583904036d2f9c0b59aa910a8b10bc28c6f8192d20dbec42ed84af0fb + value: quay.io/kubevirt/cdi-cloner@sha256:b9a2c4f129ecf1552ab9e1023feaaddfa0334a232c7fbb78143cd7d046d30ea0 - name: APISERVER_IMAGE - value: quay.io/kubevirt/cdi-apiserver@sha256:e3b11225fed704dd7e0bb4fd39c86f0a328921f420c526df15afd6e3671b1ee8 + value: quay.io/kubevirt/cdi-apiserver@sha256:0143bb215d366a5b4ea11afc6236c6566022740c6f18e23d2784e904666a1651 - name: UPLOAD_SERVER_IMAGE - value: quay.io/kubevirt/cdi-uploadserver@sha256:27e06a14c36fa7c9e7ddf300d4e53a1fe9a6e0389e24c48e1f53ff76f4f13fbe + value: quay.io/kubevirt/cdi-uploadserver@sha256:65386bc3bc63e3c5690ae2bbe2ef7edcfa4357de6148720029d7dfa4a175556f - name: UPLOAD_PROXY_IMAGE - value: quay.io/kubevirt/cdi-uploadproxy@sha256:8487960426af33065a3217789faeb07af35d48700c700f854d3a3d8afff66132 + value: quay.io/kubevirt/cdi-uploadproxy@sha256:47a02e259d12d8ce77330e3df148d73f4a55aaab8255a0530ada858a46343e3f - name: VERBOSITY value: "1" - name: PULL_POLICY value: IfNotPresent - name: MONITORING_NAMESPACE - image: quay.io/kubevirt/cdi-operator@sha256:ccf370b3bb6d8a5fe129fc1b0554251e8c412b69d1cfcede97f732d5e4e463c5 + image: quay.io/kubevirt/cdi-operator@sha256:d22dc4ce058c662d9515ddab4e964b159b6ea46c4ab6daf70c882a7948990669 imagePullPolicy: IfNotPresent name: cdi-operator ports: @@ -3542,19 +3542,19 @@ spec: relatedImages: - image: quay.io/kubevirt/bridge-marker@sha256:6536d684834f1301941108fd4123a55df39c74234e442fad60a584b69cfe6069 name: bridge-marker - - image: quay.io/kubevirt/cdi-apiserver@sha256:e3b11225fed704dd7e0bb4fd39c86f0a328921f420c526df15afd6e3671b1ee8 + - image: quay.io/kubevirt/cdi-apiserver@sha256:0143bb215d366a5b4ea11afc6236c6566022740c6f18e23d2784e904666a1651 name: cdi-apiserver - - image: quay.io/kubevirt/cdi-cloner@sha256:2e6e5ce583904036d2f9c0b59aa910a8b10bc28c6f8192d20dbec42ed84af0fb + - image: quay.io/kubevirt/cdi-cloner@sha256:b9a2c4f129ecf1552ab9e1023feaaddfa0334a232c7fbb78143cd7d046d30ea0 name: cdi-cloner - - image: quay.io/kubevirt/cdi-controller@sha256:c658c6bb14279b00aef58724156aa4d7d84bf8b8b048727316d70b8332908573 + - image: quay.io/kubevirt/cdi-controller@sha256:983ba20359ab61055d2dfbaeefa7f377b22dcfa7059ca4443ec02d6af3c064f8 name: cdi-controller - - image: quay.io/kubevirt/cdi-importer@sha256:fe10c5b1ea73b4cc179224fb73e61517714493d34f550d0beab7b855a9018e3b + - image: quay.io/kubevirt/cdi-importer@sha256:2919aa47422f1d1b849208f051b44a558c99de9a35db8eb69294fc5c18fb4b0e name: cdi-importer - - image: quay.io/kubevirt/cdi-operator@sha256:ccf370b3bb6d8a5fe129fc1b0554251e8c412b69d1cfcede97f732d5e4e463c5 + - image: quay.io/kubevirt/cdi-operator@sha256:d22dc4ce058c662d9515ddab4e964b159b6ea46c4ab6daf70c882a7948990669 name: cdi-operator - - image: quay.io/kubevirt/cdi-uploadproxy@sha256:8487960426af33065a3217789faeb07af35d48700c700f854d3a3d8afff66132 + - image: quay.io/kubevirt/cdi-uploadproxy@sha256:47a02e259d12d8ce77330e3df148d73f4a55aaab8255a0530ada858a46343e3f name: cdi-uploadproxy - - image: quay.io/kubevirt/cdi-uploadserver@sha256:27e06a14c36fa7c9e7ddf300d4e53a1fe9a6e0389e24c48e1f53ff76f4f13fbe + - image: quay.io/kubevirt/cdi-uploadserver@sha256:65386bc3bc63e3c5690ae2bbe2ef7edcfa4357de6148720029d7dfa4a175556f name: cdi-uploadserver - image: quay.io/kubevirt/cluster-network-addons-operator@sha256:d844dad0bb14ee0ec1254be7bee5f744c930de1783fc7ed1c23ecc1fb8b9f71e name: cluster-network-addons-operator diff --git a/deploy/olm-catalog/community-kubevirt-hyperconverged/1.8.0/manifests/containerized-data-importer00.crd.yaml b/deploy/olm-catalog/community-kubevirt-hyperconverged/1.8.0/manifests/containerized-data-importer00.crd.yaml index f3106afab..6a11f8943 100644 --- a/deploy/olm-catalog/community-kubevirt-hyperconverged/1.8.0/manifests/containerized-data-importer00.crd.yaml +++ b/deploy/olm-catalog/community-kubevirt-hyperconverged/1.8.0/manifests/containerized-data-importer00.crd.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.9.2 name: cdis.cdi.kubevirt.io spec: group: cdi.kubevirt.io @@ -140,10 +140,10 @@ spec: is consumed by the import controller that is resposible for coping it to a config map named trusted-ca-proxy-bundle-cm in the cdi namespace. Here is an example of the ConfigMap - (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: - trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: - | -----BEGIN CERTIFICATE----- \t ... ... \t -----END CERTIFICATE-----" + (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: + trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: + | -----BEGIN CERTIFICATE----- ... + ... -----END CERTIFICATE-----" type: string type: object insecureRegistries: @@ -316,6 +316,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -421,10 +422,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -505,6 +508,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -564,6 +568,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -668,6 +673,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -726,6 +732,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -829,6 +836,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -888,6 +896,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -992,6 +1001,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1050,6 +1060,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -1248,6 +1259,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -1353,10 +1365,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -1437,6 +1451,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1496,6 +1511,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -1600,6 +1616,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1658,6 +1675,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -1761,6 +1779,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1820,6 +1839,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -1924,6 +1944,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -1982,6 +2003,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -2239,10 +2261,10 @@ spec: is consumed by the import controller that is resposible for coping it to a config map named trusted-ca-proxy-bundle-cm in the cdi namespace. Here is an example of the ConfigMap - (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: - trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: - | -----BEGIN CERTIFICATE----- \t ... ... \t -----END CERTIFICATE-----" + (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: + trusted-ca-proxy-bundle-cm namespace: cdi data: ca.pem: + | -----BEGIN CERTIFICATE----- ... + ... -----END CERTIFICATE-----" type: string type: object insecureRegistries: @@ -2290,6 +2312,97 @@ spec: if no storage class specified, use no storage class for scratch space' type: string + tlsSecurityProfile: + description: TLSSecurityProfile is used by operators to apply + cluster-wide TLS security settings to operands. + properties: + custom: + description: "custom is a user-defined TLS security profile. + Be extremely careful using a custom profile as invalid configurations + can be catastrophic. An example custom profile looks like + this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + minTLSVersion: TLSv1.1" + nullable: true + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators + may remove entries their operands do not support. For + example, to use DES-CBC3-SHA (yaml): \n ciphers: - + DES-CBC3-SHA" + items: + type: string + type: array + minTLSVersion: + description: "minTLSVersion is used to specify the minimal + version of the TLS protocol that is negotiated during + the TLS handshake. For example, to use TLS versions + 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n + NOTE: currently the highest minTLSVersion allowed is + VersionTLS12" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: "intermediate is a TLS security profile based + on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + minTLSVersion: TLSv1.2" + nullable: true + type: object + modern: + description: "modern is a TLS security profile based on: \n + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + nullable: true + type: object + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - + ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 + - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA + - DES-CBC3-SHA minTLSVersion: TLSv1.0" + nullable: true + type: object + type: + description: "type is one of Old, Intermediate, Modern or + Custom. Custom provides the ability to specify individual + TLS security profile parameters. Old, Intermediate and Modern + are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + \n The profiles are intent based, so they may change over + time as new ciphers are developed and existing ciphers are + found to be insecure. Depending on precisely which ciphers + are available to a process, the list may be reduced. \n + Note that the Modern profile is currently not supported + because it is not yet well adopted by common software libraries." + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object uploadProxyURLOverride: description: Override the URL used when uploading to a DataVolume type: string @@ -2415,6 +2528,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -2520,10 +2634,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -2604,6 +2720,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2663,6 +2780,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -2767,6 +2885,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2825,6 +2944,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -2928,6 +3048,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -2987,6 +3108,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -3091,6 +3213,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3149,6 +3272,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -3350,6 +3474,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -3455,10 +3580,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. @@ -3539,6 +3666,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3598,6 +3726,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -3702,6 +3831,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3760,6 +3890,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -3863,6 +3994,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -3922,6 +4054,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. @@ -4026,6 +4159,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -4084,6 +4218,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The diff --git a/deploy/olm-catalog/community-kubevirt-hyperconverged/1.8.0/manifests/kubevirt-hyperconverged-operator.v1.8.0.clusterserviceversion.yaml b/deploy/olm-catalog/community-kubevirt-hyperconverged/1.8.0/manifests/kubevirt-hyperconverged-operator.v1.8.0.clusterserviceversion.yaml index 9ce196969..ddd2a1122 100644 --- a/deploy/olm-catalog/community-kubevirt-hyperconverged/1.8.0/manifests/kubevirt-hyperconverged-operator.v1.8.0.clusterserviceversion.yaml +++ b/deploy/olm-catalog/community-kubevirt-hyperconverged/1.8.0/manifests/kubevirt-hyperconverged-operator.v1.8.0.clusterserviceversion.yaml @@ -9,7 +9,7 @@ metadata: certified: "false" console.openshift.io/disable-operand-delete: "true" containerImage: quay.io/kubevirt/hyperconverged-cluster-operator:1.8.0-unstable - createdAt: "2022-07-15 05:40:51" + createdAt: "2022-07-16 05:15:21" description: A unified operator deploying and controlling KubeVirt and its supporting operators with opinionated defaults operatorframework.io/initialization-resource: '{"apiVersion":"hco.kubevirt.io/v1beta1","kind":"HyperConverged","metadata":{"annotations":{"deployOVS":"false"},"name":"kubevirt-hyperconverged","namespace":"kubevirt-hyperconverged"},"spec":{}}' @@ -2492,7 +2492,7 @@ spec: - name: KUBEVIRT_VERSION value: v0.55.0 - name: CDI_VERSION - value: v1.51.0 + value: v1.52.0 - name: NETWORK_ADDONS_VERSION value: v0.77.0 - name: SSP_VERSION @@ -3002,25 +3002,25 @@ spec: - name: DEPLOY_CLUSTER_RESOURCES value: "true" - name: OPERATOR_VERSION - value: v1.51.0 + value: v1.52.0 - name: CONTROLLER_IMAGE - value: quay.io/kubevirt/cdi-controller@sha256:c658c6bb14279b00aef58724156aa4d7d84bf8b8b048727316d70b8332908573 + value: quay.io/kubevirt/cdi-controller@sha256:983ba20359ab61055d2dfbaeefa7f377b22dcfa7059ca4443ec02d6af3c064f8 - name: IMPORTER_IMAGE - value: quay.io/kubevirt/cdi-importer@sha256:fe10c5b1ea73b4cc179224fb73e61517714493d34f550d0beab7b855a9018e3b + value: quay.io/kubevirt/cdi-importer@sha256:2919aa47422f1d1b849208f051b44a558c99de9a35db8eb69294fc5c18fb4b0e - name: CLONER_IMAGE - value: quay.io/kubevirt/cdi-cloner@sha256:2e6e5ce583904036d2f9c0b59aa910a8b10bc28c6f8192d20dbec42ed84af0fb + value: quay.io/kubevirt/cdi-cloner@sha256:b9a2c4f129ecf1552ab9e1023feaaddfa0334a232c7fbb78143cd7d046d30ea0 - name: APISERVER_IMAGE - value: quay.io/kubevirt/cdi-apiserver@sha256:e3b11225fed704dd7e0bb4fd39c86f0a328921f420c526df15afd6e3671b1ee8 + value: quay.io/kubevirt/cdi-apiserver@sha256:0143bb215d366a5b4ea11afc6236c6566022740c6f18e23d2784e904666a1651 - name: UPLOAD_SERVER_IMAGE - value: quay.io/kubevirt/cdi-uploadserver@sha256:27e06a14c36fa7c9e7ddf300d4e53a1fe9a6e0389e24c48e1f53ff76f4f13fbe + value: quay.io/kubevirt/cdi-uploadserver@sha256:65386bc3bc63e3c5690ae2bbe2ef7edcfa4357de6148720029d7dfa4a175556f - name: UPLOAD_PROXY_IMAGE - value: quay.io/kubevirt/cdi-uploadproxy@sha256:8487960426af33065a3217789faeb07af35d48700c700f854d3a3d8afff66132 + value: quay.io/kubevirt/cdi-uploadproxy@sha256:47a02e259d12d8ce77330e3df148d73f4a55aaab8255a0530ada858a46343e3f - name: VERBOSITY value: "1" - name: PULL_POLICY value: IfNotPresent - name: MONITORING_NAMESPACE - image: quay.io/kubevirt/cdi-operator@sha256:ccf370b3bb6d8a5fe129fc1b0554251e8c412b69d1cfcede97f732d5e4e463c5 + image: quay.io/kubevirt/cdi-operator@sha256:d22dc4ce058c662d9515ddab4e964b159b6ea46c4ab6daf70c882a7948990669 imagePullPolicy: IfNotPresent name: cdi-operator ports: @@ -3542,19 +3542,19 @@ spec: relatedImages: - image: quay.io/kubevirt/bridge-marker@sha256:6536d684834f1301941108fd4123a55df39c74234e442fad60a584b69cfe6069 name: bridge-marker - - image: quay.io/kubevirt/cdi-apiserver@sha256:e3b11225fed704dd7e0bb4fd39c86f0a328921f420c526df15afd6e3671b1ee8 + - image: quay.io/kubevirt/cdi-apiserver@sha256:0143bb215d366a5b4ea11afc6236c6566022740c6f18e23d2784e904666a1651 name: cdi-apiserver - - image: quay.io/kubevirt/cdi-cloner@sha256:2e6e5ce583904036d2f9c0b59aa910a8b10bc28c6f8192d20dbec42ed84af0fb + - image: quay.io/kubevirt/cdi-cloner@sha256:b9a2c4f129ecf1552ab9e1023feaaddfa0334a232c7fbb78143cd7d046d30ea0 name: cdi-cloner - - image: quay.io/kubevirt/cdi-controller@sha256:c658c6bb14279b00aef58724156aa4d7d84bf8b8b048727316d70b8332908573 + - image: quay.io/kubevirt/cdi-controller@sha256:983ba20359ab61055d2dfbaeefa7f377b22dcfa7059ca4443ec02d6af3c064f8 name: cdi-controller - - image: quay.io/kubevirt/cdi-importer@sha256:fe10c5b1ea73b4cc179224fb73e61517714493d34f550d0beab7b855a9018e3b + - image: quay.io/kubevirt/cdi-importer@sha256:2919aa47422f1d1b849208f051b44a558c99de9a35db8eb69294fc5c18fb4b0e name: cdi-importer - - image: quay.io/kubevirt/cdi-operator@sha256:ccf370b3bb6d8a5fe129fc1b0554251e8c412b69d1cfcede97f732d5e4e463c5 + - image: quay.io/kubevirt/cdi-operator@sha256:d22dc4ce058c662d9515ddab4e964b159b6ea46c4ab6daf70c882a7948990669 name: cdi-operator - - image: quay.io/kubevirt/cdi-uploadproxy@sha256:8487960426af33065a3217789faeb07af35d48700c700f854d3a3d8afff66132 + - image: quay.io/kubevirt/cdi-uploadproxy@sha256:47a02e259d12d8ce77330e3df148d73f4a55aaab8255a0530ada858a46343e3f name: cdi-uploadproxy - - image: quay.io/kubevirt/cdi-uploadserver@sha256:27e06a14c36fa7c9e7ddf300d4e53a1fe9a6e0389e24c48e1f53ff76f4f13fbe + - image: quay.io/kubevirt/cdi-uploadserver@sha256:65386bc3bc63e3c5690ae2bbe2ef7edcfa4357de6148720029d7dfa4a175556f name: cdi-uploadserver - image: quay.io/kubevirt/cluster-network-addons-operator@sha256:d844dad0bb14ee0ec1254be7bee5f744c930de1783fc7ed1c23ecc1fb8b9f71e name: cluster-network-addons-operator diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 28a726e6c..f7abd38fc 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -56,7 +56,7 @@ spec: - name: KUBEVIRT_VERSION value: v0.55.0 - name: CDI_VERSION - value: v1.51.0 + value: v1.52.0 - name: NETWORK_ADDONS_VERSION value: v0.77.0 - name: SSP_VERSION @@ -609,25 +609,25 @@ spec: - name: DEPLOY_CLUSTER_RESOURCES value: "true" - name: OPERATOR_VERSION - value: v1.51.0 + value: v1.52.0 - name: CONTROLLER_IMAGE - value: quay.io/kubevirt/cdi-controller@sha256:c658c6bb14279b00aef58724156aa4d7d84bf8b8b048727316d70b8332908573 + value: quay.io/kubevirt/cdi-controller@sha256:983ba20359ab61055d2dfbaeefa7f377b22dcfa7059ca4443ec02d6af3c064f8 - name: IMPORTER_IMAGE - value: quay.io/kubevirt/cdi-importer@sha256:fe10c5b1ea73b4cc179224fb73e61517714493d34f550d0beab7b855a9018e3b + value: quay.io/kubevirt/cdi-importer@sha256:2919aa47422f1d1b849208f051b44a558c99de9a35db8eb69294fc5c18fb4b0e - name: CLONER_IMAGE - value: quay.io/kubevirt/cdi-cloner@sha256:2e6e5ce583904036d2f9c0b59aa910a8b10bc28c6f8192d20dbec42ed84af0fb + value: quay.io/kubevirt/cdi-cloner@sha256:b9a2c4f129ecf1552ab9e1023feaaddfa0334a232c7fbb78143cd7d046d30ea0 - name: APISERVER_IMAGE - value: quay.io/kubevirt/cdi-apiserver@sha256:e3b11225fed704dd7e0bb4fd39c86f0a328921f420c526df15afd6e3671b1ee8 + value: quay.io/kubevirt/cdi-apiserver@sha256:0143bb215d366a5b4ea11afc6236c6566022740c6f18e23d2784e904666a1651 - name: UPLOAD_SERVER_IMAGE - value: quay.io/kubevirt/cdi-uploadserver@sha256:27e06a14c36fa7c9e7ddf300d4e53a1fe9a6e0389e24c48e1f53ff76f4f13fbe + value: quay.io/kubevirt/cdi-uploadserver@sha256:65386bc3bc63e3c5690ae2bbe2ef7edcfa4357de6148720029d7dfa4a175556f - name: UPLOAD_PROXY_IMAGE - value: quay.io/kubevirt/cdi-uploadproxy@sha256:8487960426af33065a3217789faeb07af35d48700c700f854d3a3d8afff66132 + value: quay.io/kubevirt/cdi-uploadproxy@sha256:47a02e259d12d8ce77330e3df148d73f4a55aaab8255a0530ada858a46343e3f - name: VERBOSITY value: "1" - name: PULL_POLICY value: IfNotPresent - name: MONITORING_NAMESPACE - image: quay.io/kubevirt/cdi-operator@sha256:ccf370b3bb6d8a5fe129fc1b0554251e8c412b69d1cfcede97f732d5e4e463c5 + image: quay.io/kubevirt/cdi-operator@sha256:d22dc4ce058c662d9515ddab4e964b159b6ea46c4ab6daf70c882a7948990669 imagePullPolicy: IfNotPresent name: cdi-operator ports: diff --git a/go.mod b/go.mod index 30ef6fc31..b82771ee2 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 kubevirt.io/api v0.55.0 - kubevirt.io/containerized-data-importer-api v1.51.0 + kubevirt.io/containerized-data-importer-api v1.52.0 // Remove this once SSP will also consume v0.2.4 kubevirt.io/controller-lifecycle-operator-sdk v0.2.3 // indirect kubevirt.io/controller-lifecycle-operator-sdk/api v0.2.4 diff --git a/go.sum b/go.sum index 1fc644762..fb9910289 100644 --- a/go.sum +++ b/go.sum @@ -1213,8 +1213,8 @@ k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19V k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= kubevirt.io/api v0.55.0 h1:DEAKKaIc6zpQHy/AIsyKzIsbzpgv+q+WxCtlAPCHf8Q= kubevirt.io/api v0.55.0/go.mod h1:Qp0JL1vT194eyJ4gy6EokSxnuQveo332dCGX3i5nh/A= -kubevirt.io/containerized-data-importer-api v1.51.0 h1:bxjnxwDDih2ze1xm13yD5CaVJvZTVatb9/XUNS+cTFs= -kubevirt.io/containerized-data-importer-api v1.51.0/go.mod h1:yjD8pGZVMCeqcN46JPUQdZ2JwRVoRCOXrTVyNuFvrLo= +kubevirt.io/containerized-data-importer-api v1.52.0 h1:r8irmErx1JFSTRM3k/WzPsZTyyGsnScLnDtHnKIWQBg= +kubevirt.io/containerized-data-importer-api v1.52.0/go.mod h1:92HiQEyzPoeMiCbgfG5Qe10JQVbtWMZOXucy56dKdGg= kubevirt.io/controller-lifecycle-operator-sdk v0.2.3 h1:auv8LrA7gnLfQREnlGVPwgJpTxOEgnw4+mzXlUqKTxY= kubevirt.io/controller-lifecycle-operator-sdk v0.2.3/go.mod h1:ZJhLceiY2Gl5CXFGSp5eMGt/sksOiJP0289nAZFCQf0= kubevirt.io/controller-lifecycle-operator-sdk/api v0.2.4 h1:fZYvD3/Vnitfkx6IJxjLAk8ugnZQ7CXVYcRfkSKmuZY= diff --git a/hack/config b/hack/config index beaf7a6d3..0ce6372ad 100644 --- a/hack/config +++ b/hack/config @@ -1,7 +1,7 @@ #!/bin/bash KUBEVIRT_VERSION="v0.55.0" -CDI_VERSION="v1.51.0" +CDI_VERSION="v1.52.0" NETWORK_ADDONS_VERSION="v0.77.0" SSP_VERSION="v0.15.0" TTO_VERSION="v0.3.0" diff --git a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types.go b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types.go index 6d0889a48..2b474aa47 100644 --- a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types.go +++ b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types.go @@ -17,6 +17,7 @@ limitations under the License. package v1beta1 import ( + ocpconfigv1 "github.com/openshift/api/config/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" sdkapi "kubevirt.io/controller-lifecycle-operator-sdk/api" @@ -745,6 +746,8 @@ type CDIConfigSpec struct { // dataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected. // +optional DataVolumeTTLSeconds *int32 `json:"dataVolumeTTLSeconds,omitempty"` + // TLSSecurityProfile is used by operators to apply cluster-wide TLS security settings to operands. + TLSSecurityProfile *ocpconfigv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` } //CDIConfigStatus provides the most recently observed status of the CDI Config resource diff --git a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types_swagger_generated.go b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types_swagger_generated.go index bc542b2bb..e28c95ccc 100644 --- a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types_swagger_generated.go +++ b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/types_swagger_generated.go @@ -363,6 +363,7 @@ func (CDIConfigSpec) SwaggerDoc() map[string]string { "preallocation": "Preallocation controls whether storage for DataVolumes should be allocated in advance.", "insecureRegistries": "InsecureRegistries is a list of TLS disabled registries", "dataVolumeTTLSeconds": "dataVolumeTTLSeconds is the time in seconds after DataVolume completion it can be garbage collected.\n+optional", + "tlsSecurityProfile": "TLSSecurityProfile is used by operators to apply cluster-wide TLS security settings to operands.", } } diff --git a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/zz_generated.deepcopy.go b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/zz_generated.deepcopy.go index 5e269f9ab..c9e3e6f3e 100644 --- a/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/zz_generated.deepcopy.go +++ b/vendor/kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1/zz_generated.deepcopy.go @@ -22,6 +22,7 @@ limitations under the License. package v1beta1 import ( + configv1 "github.com/openshift/api/config/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -190,6 +191,11 @@ func (in *CDIConfigSpec) DeepCopyInto(out *CDIConfigSpec) { *out = new(int32) **out = **in } + if in.TLSSecurityProfile != nil { + in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile + *out = new(configv1.TLSSecurityProfile) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/modules.txt b/vendor/modules.txt index ae79df9e7..7910971df 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -611,8 +611,8 @@ k8s.io/utils/trace ## explicit; go 1.17 kubevirt.io/api/core kubevirt.io/api/core/v1 -# kubevirt.io/containerized-data-importer-api v1.51.0 -## explicit; go 1.17 +# kubevirt.io/containerized-data-importer-api v1.52.0 +## explicit; go 1.18 kubevirt.io/containerized-data-importer-api/pkg/apis/core kubevirt.io/containerized-data-importer-api/pkg/apis/core/v1beta1 # kubevirt.io/controller-lifecycle-operator-sdk v0.2.3