Merge branch 'openshift:master' into rfe-3765

.ci-operator.yaml

@@ -1,4 +1,4 @@
 build_root_image:
   name: release
   namespace: openshift
-  tag: rhel-8-release-golang-1.19-openshift-4.13
+  tag: rhel-8-release-golang-1.20-openshift-4.14

Makefile

@@ -4,7 +4,7 @@ all: build
 update: update-codegen-crds
 
 RUNTIME ?= podman
-RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.19-openshift-4.13
+RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.20-openshift-4.14
 
 EXCLUDE_DIRS := _output/ dependencymagnet/ hack/ third_party/ tls/ tools/ vendor/ tests/
 GO_PACKAGES :=$(addsuffix ...,$(addprefix ./,$(filter-out $(EXCLUDE_DIRS), $(wildcard */))))

config/v1/0000_10_config-operator_01_build.crd.yaml

@@ -205,7 +205,7 @@ spec:
                       type: object
                       properties:
                         claims:
-                          description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable."
+                          description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers."
                           type: array
                           items:
                             description: ResourceClaim references one entry in PodSpec.ResourceClaims.
@@ -229,7 +229,7 @@ spec:
                               - type: string
                             x-kubernetes-int-or-string: true
                         requests:
-                          description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                          description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                           type: object
                           additionalProperties:
                             pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$

config/v1/0000_10_config-operator_01_featuregate.crd.yaml

@@ -44,19 +44,109 @@ spec:
                       description: disabled is a list of all feature gates that you want to force off
                       type: array
                       items:
+                        description: FeatureGateName is a string to enforce patterns on the name of a FeatureGate
                         type: string
+                        pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
                     enabled:
                       description: enabled is a list of all feature gates that you want to force on
                       type: array
                       items:
+                        description: FeatureGateName is a string to enforce patterns on the name of a FeatureGate
                         type: string
+                        pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
                   nullable: true
                 featureSet:
                   description: featureSet changes the list of features in the cluster.  The default is empty.  Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
                   type: string
             status:
               description: status holds observed values from the cluster. They may not be overridden.
               type: object
+              properties:
+                conditions:
+                  description: 'conditions represent the observations of the current state. Known .status.conditions.type are: "DeterminationDegraded"'
+                  type: array
+                  items:
+                    description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                    type: object
+                    required:
+                      - lastTransitionTime
+                      - message
+                      - reason
+                      - status
+                      - type
+                    properties:
+                      lastTransitionTime:
+                        description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                        type: string
+                        format: date-time
+                      message:
+                        description: message is a human readable message indicating details about the transition. This may be an empty string.
+                        type: string
+                        maxLength: 32768
+                      observedGeneration:
+                        description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+                        type: integer
+                        format: int64
+                        minimum: 0
+                      reason:
+                        description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+                        type: string
+                        maxLength: 1024
+                        minLength: 1
+                        pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      status:
+                        description: status of the condition, one of True, False, Unknown.
+                        type: string
+                        enum:
+                          - "True"
+                          - "False"
+                          - Unknown
+                      type:
+                        description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                        type: string
+                        maxLength: 316
+                        pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                  x-kubernetes-list-map-keys:
+                    - type
+                  x-kubernetes-list-type: map
+                featureGates:
+                  description: featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.
+                  type: array
+                  items:
+                    type: object
+                    required:
+                      - version
+                    properties:
+                      disabled:
+                        description: disabled is a list of all feature gates that are disabled in the cluster for the named version.
+                        type: array
+                        items:
+                          type: object
+                          required:
+                            - name
+                          properties:
+                            name:
+                              description: name is the name of the FeatureGate.
+                              type: string
+                              pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
+                      enabled:
+                        description: enabled is a list of all feature gates that are enabled in the cluster for the named version.
+                        type: array
+                        items:
+                          type: object
+                          required:
+                            - name
+                          properties:
+                            name:
+                              description: name is the name of the FeatureGate.
+                              type: string
+                              pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$
+                      version:
+                        description: version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.
+                        type: string
+                  x-kubernetes-list-map-keys:
+                    - version
+                  x-kubernetes-list-type: map
       served: true
       storage: true
       subresources:

config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml

@@ -682,6 +682,22 @@ spec:
                             type: string
                           maxItems: 2
                           type: array
+                        loadBalancer:
+                          default:
+                            type: OpenShiftManagedDefault
+                          description: loadBalancer defines how the load balancer used by the cluster is configured.
+                          properties:
+                            type:
+                              default: OpenShiftManagedDefault
+                              description: type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.
+                              enum:
+                                - OpenShiftManagedDefault
+                                - UserManaged
+                              type: string
+                              x-kubernetes-validations:
+                                - message: type is immutable once set
+                                  rule: oldSelf == '' || self == oldSelf
+                          type: object
                         nodeDNSIP:
                           description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.
                           type: string

config/v1/feature_gates.go

@@ -0,0 +1,185 @@
+package v1
+
+// FeatureGateDescription is a golang-only interface used to contains details for a feature gate.
+type FeatureGateDescription struct {
+	// FeatureGateAttributes is the information that appears in the API
+	FeatureGateAttributes FeatureGateAttributes
+
+	// OwningJiraComponent is the jira component that owns most of the impl and first assignment for the bug.
+	// This is the team that owns the feature long term.
+	OwningJiraComponent string
+	// ResponsiblePerson is the person who is on the hook for first contact.  This is often, but not always, a team lead.
+	// It is someone who can make the promise on the behalf of the team.
+	ResponsiblePerson string
+	// OwningProduct is the product that owns the lifecycle of the gate.
+	OwningProduct OwningProduct
+}
+
+type OwningProduct string
+
+var (
+	ocpSpecific = OwningProduct("OCP")
+	kubernetes  = OwningProduct("Kubernetes")
+)
+
+var (
+	FeatureGateGatewayAPI = FeatureGateName("GatewayAPI")
+	gateGatewayAPI        = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateGatewayAPI,
+		},
+		OwningJiraComponent: "Routing",
+		ResponsiblePerson:   "miciah",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateOpenShiftPodSecurityAdmission = FeatureGateName("OpenShiftPodSecurityAdmission")
+	openShiftPodSecurityAdmission            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateOpenShiftPodSecurityAdmission,
+		},
+		OwningJiraComponent: "auth",
+		ResponsiblePerson:   "stlaz",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateRetroactiveDefaultStorageClass = FeatureGateName("RetroactiveDefaultStorageClass")
+	retroactiveDefaultStorageClass            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateRetroactiveDefaultStorageClass,
+		},
+		OwningJiraComponent: "storage",
+		ResponsiblePerson:   "RomanBednar",
+		OwningProduct:       kubernetes,
+	}
+
+	FeatureGateExternalCloudProvider = FeatureGateName("ExternalCloudProvider")
+	externalCloudProvider            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateExternalCloudProvider,
+		},
+		OwningJiraComponent: "cloud-provider",
+		ResponsiblePerson:   "jspeed",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateExternalCloudProviderAzure = FeatureGateName("ExternalCloudProviderAzure")
+	externalCloudProviderAzure            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateExternalCloudProviderAzure,
+		},
+		OwningJiraComponent: "cloud-provider",
+		ResponsiblePerson:   "jspeed",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateExternalCloudProviderGCP = FeatureGateName("ExternalCloudProviderGCP")
+	externalCloudProviderGCP            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateExternalCloudProviderGCP,
+		},
+		OwningJiraComponent: "cloud-provider",
+		ResponsiblePerson:   "jspeed",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateCSIDriverSharedResource = FeatureGateName("CSIDriverSharedResource")
+	csiDriverSharedResource            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateCSIDriverSharedResource,
+		},
+		OwningJiraComponent: "builds",
+		ResponsiblePerson:   "adkaplan",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateBuildCSIVolumes = FeatureGateName("BuildCSIVolumes")
+	buildCSIVolumes            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateBuildCSIVolumes,
+		},
+		OwningJiraComponent: "builds",
+		ResponsiblePerson:   "adkaplan",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateNodeSwap = FeatureGateName("NodeSwap")
+	nodeSwap            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateNodeSwap,
+		},
+		OwningJiraComponent: "node",
+		ResponsiblePerson:   "ehashman",
+		OwningProduct:       kubernetes,
+	}
+
+	FeatureGateMachineAPIProviderOpenStack = FeatureGateName("MachineAPIProviderOpenStack")
+	machineAPIProviderOpenStack            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateMachineAPIProviderOpenStack,
+		},
+		OwningJiraComponent: "openstack",
+		ResponsiblePerson:   "egarcia",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateInsightsConfigAPI = FeatureGateName("InsightsConfigAPI")
+	insightsConfigAPI            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateInsightsConfigAPI,
+		},
+		OwningJiraComponent: "insights",
+		ResponsiblePerson:   "tremes",
+		OwningProduct:       ocpSpecific,
+	}
+
+	FeatureGateMatchLabelKeysInPodTopologySpread = FeatureGateName("MatchLabelKeysInPodTopologySpread")
+	matchLabelKeysInPodTopologySpread            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateMatchLabelKeysInPodTopologySpread,
+		},
+		OwningJiraComponent: "scheduling",
+		ResponsiblePerson:   "ingvagabund",
+		OwningProduct:       kubernetes,
+	}
+
+	FeatureGatePDBUnhealthyPodEvictionPolicy = FeatureGateName("PDBUnhealthyPodEvictionPolicy")
+	pdbUnhealthyPodEvictionPolicy            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGatePDBUnhealthyPodEvictionPolicy,
+		},
+		OwningJiraComponent: "apps",
+		ResponsiblePerson:   "atiratree",
+		OwningProduct:       kubernetes,
+	}
+
+	FeatureGateDynamicResourceAllocation = FeatureGateName("DynamicResourceAllocation")
+	dynamicResourceAllocation            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateDynamicResourceAllocation,
+		},
+		OwningJiraComponent: "scheduling",
+		ResponsiblePerson:   "jchaloup",
+		OwningProduct:       kubernetes,
+	}
+
+	FeatureGateAdmissionWebhookMatchConditions = FeatureGateName("AdmissionWebhookMatchConditions")
+	admissionWebhookMatchConditions            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateAdmissionWebhookMatchConditions,
+		},
+		OwningJiraComponent: "kube-apiserver",
+		ResponsiblePerson:   "benluddy",
+		OwningProduct:       kubernetes,
+	}
+
+	FeatureGateAzureWorkloadIdentity = FeatureGateName("AzureWorkloadIdentity")
+	azureWorkloadIdentity            = FeatureGateDescription{
+		FeatureGateAttributes: FeatureGateAttributes{
+			Name: FeatureGateAzureWorkloadIdentity,
+		},
+		OwningJiraComponent: "cloud-credential-operator",
+		ResponsiblePerson:   "abutcher",
+		OwningProduct:       ocpSpecific,
+	}
+)