diff --git a/config/v1/types_cluster_version.go b/config/v1/types_cluster_version.go index 54e1de94ceb..49afaddb380 100644 --- a/config/v1/types_cluster_version.go +++ b/config/v1/types_cluster_version.go @@ -72,8 +72,10 @@ type ClusterVersionSpec struct { // // If an upgrade fails the operator will halt and report status // about the failing component. Setting the desired update value back to - // the previous version will cause a rollback to be attempted. Not all - // rollbacks will succeed. + // the previous version will cause a rollback to be attempted if the + // previous version is within the current minor version. Not all + // rollbacks will succeed, and some may unrecoverably break the + // cluster. // // +optional DesiredUpdate *Update `json:"desiredUpdate,omitempty"` @@ -718,9 +720,13 @@ type Update struct { Image string `json:"image"` // force allows an administrator to update to an image that has failed - // verification or upgradeable checks. This option should only - // be used when the authenticity of the provided image has been verified out - // of band because the provided image will run with full administrative access + // verification or upgradeable checks that are designed to keep your + // cluster safe. Only use this if: + // * you are testing unsigned release images in short-lived test clusters or + // * you are working around a known bug in the cluster-version + // operator and you have verified the authenticity of the provided + // image yourself. + // The provided image will run with full administrative access // to the cluster. Do not use this flag with images that comes from unknown // or potentially malicious sources. // diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml index 087b62dda1c..ca9ac646d05 100644 --- a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml @@ -151,8 +151,10 @@ spec: If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to - the previous version will cause a rollback to be attempted. Not all - rollbacks will succeed. + the previous version will cause a rollback to be attempted if the + previous version is within the current minor version. Not all + rollbacks will succeed, and some may unrecoverably break the + cluster. properties: architecture: description: |- @@ -171,9 +173,13 @@ spec: force: description: |- force allows an administrator to update to an image that has failed - verification or upgradeable checks. This option should only - be used when the authenticity of the provided image has been verified out - of band because the provided image will run with full administrative access + verification or upgradeable checks that are designed to keep your + cluster safe. Only use this if: + * you are testing unsigned release images in short-lived test clusters or + * you are working around a known bug in the cluster-version + operator and you have verified the authenticity of the provided + image yourself. + The provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. type: boolean diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml index f93da1e2e2b..ad8fd49afba 100644 --- a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml @@ -151,8 +151,10 @@ spec: If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to - the previous version will cause a rollback to be attempted. Not all - rollbacks will succeed. + the previous version will cause a rollback to be attempted if the + previous version is within the current minor version. Not all + rollbacks will succeed, and some may unrecoverably break the + cluster. properties: architecture: description: |- @@ -171,9 +173,13 @@ spec: force: description: |- force allows an administrator to update to an image that has failed - verification or upgradeable checks. This option should only - be used when the authenticity of the provided image has been verified out - of band because the provided image will run with full administrative access + verification or upgradeable checks that are designed to keep your + cluster safe. Only use this if: + * you are testing unsigned release images in short-lived test clusters or + * you are working around a known bug in the cluster-version + operator and you have verified the authenticity of the provided + image yourself. + The provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. type: boolean diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml index 300d94a714f..fc25990c026 100644 --- a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml @@ -151,8 +151,10 @@ spec: If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to - the previous version will cause a rollback to be attempted. Not all - rollbacks will succeed. + the previous version will cause a rollback to be attempted if the + previous version is within the current minor version. Not all + rollbacks will succeed, and some may unrecoverably break the + cluster. properties: architecture: description: |- @@ -171,9 +173,13 @@ spec: force: description: |- force allows an administrator to update to an image that has failed - verification or upgradeable checks. This option should only - be used when the authenticity of the provided image has been verified out - of band because the provided image will run with full administrative access + verification or upgradeable checks that are designed to keep your + cluster safe. Only use this if: + * you are testing unsigned release images in short-lived test clusters or + * you are working around a known bug in the cluster-version + operator and you have verified the authenticity of the provided + image yourself. + The provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. type: boolean diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml index 6fc2cb0d949..db04e614131 100644 --- a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-TechPreviewNoUpgrade.crd.yaml @@ -151,8 +151,10 @@ spec: If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to - the previous version will cause a rollback to be attempted. Not all - rollbacks will succeed. + the previous version will cause a rollback to be attempted if the + previous version is within the current minor version. Not all + rollbacks will succeed, and some may unrecoverably break the + cluster. properties: architecture: description: |- @@ -171,9 +173,13 @@ spec: force: description: |- force allows an administrator to update to an image that has failed - verification or upgradeable checks. This option should only - be used when the authenticity of the provided image has been verified out - of band because the provided image will run with full administrative access + verification or upgradeable checks that are designed to keep your + cluster safe. Only use this if: + * you are testing unsigned release images in short-lived test clusters or + * you are working around a known bug in the cluster-version + operator and you have verified the authenticity of the provided + image yourself. + The provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. type: boolean diff --git a/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/AAA_ungated.yaml index f1f9f661bde..968da14b8b8 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/AAA_ungated.yaml @@ -153,8 +153,10 @@ spec: If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to - the previous version will cause a rollback to be attempted. Not all - rollbacks will succeed. + the previous version will cause a rollback to be attempted if the + previous version is within the current minor version. Not all + rollbacks will succeed, and some may unrecoverably break the + cluster. properties: architecture: description: |- @@ -173,9 +175,13 @@ spec: force: description: |- force allows an administrator to update to an image that has failed - verification or upgradeable checks. This option should only - be used when the authenticity of the provided image has been verified out - of band because the provided image will run with full administrative access + verification or upgradeable checks that are designed to keep your + cluster safe. Only use this if: + * you are testing unsigned release images in short-lived test clusters or + * you are working around a known bug in the cluster-version + operator and you have verified the authenticity of the provided + image yourself. + The provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. type: boolean diff --git a/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/ImageStreamImportMode.yaml b/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/ImageStreamImportMode.yaml index 386b85a8609..eb2834a0e2d 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/ImageStreamImportMode.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/ImageStreamImportMode.yaml @@ -153,8 +153,10 @@ spec: If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to - the previous version will cause a rollback to be attempted. Not all - rollbacks will succeed. + the previous version will cause a rollback to be attempted if the + previous version is within the current minor version. Not all + rollbacks will succeed, and some may unrecoverably break the + cluster. properties: architecture: description: |- @@ -173,9 +175,13 @@ spec: force: description: |- force allows an administrator to update to an image that has failed - verification or upgradeable checks. This option should only - be used when the authenticity of the provided image has been verified out - of band because the provided image will run with full administrative access + verification or upgradeable checks that are designed to keep your + cluster safe. Only use this if: + * you are testing unsigned release images in short-lived test clusters or + * you are working around a known bug in the cluster-version + operator and you have verified the authenticity of the provided + image yourself. + The provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. type: boolean diff --git a/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/SignatureStores.yaml b/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/SignatureStores.yaml index bbc6435b680..c339ac08bda 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/SignatureStores.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/clusterversions.config.openshift.io/SignatureStores.yaml @@ -153,8 +153,10 @@ spec: If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to - the previous version will cause a rollback to be attempted. Not all - rollbacks will succeed. + the previous version will cause a rollback to be attempted if the + previous version is within the current minor version. Not all + rollbacks will succeed, and some may unrecoverably break the + cluster. properties: architecture: description: |- @@ -173,9 +175,13 @@ spec: force: description: |- force allows an administrator to update to an image that has failed - verification or upgradeable checks. This option should only - be used when the authenticity of the provided image has been verified out - of band because the provided image will run with full administrative access + verification or upgradeable checks that are designed to keep your + cluster safe. Only use this if: + * you are testing unsigned release images in short-lived test clusters or + * you are working around a known bug in the cluster-version + operator and you have verified the authenticity of the provided + image yourself. + The provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. type: boolean diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index 13ae075da99..c8e99fc07fa 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -777,7 +777,7 @@ func (ClusterVersionList) SwaggerDoc() map[string]string { var map_ClusterVersionSpec = map[string]string{ "": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", "clusterID": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", - "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted if the previous version is within the current minor version. Not all rollbacks will succeed, and some may unrecoverably break the cluster.", "upstream": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", "channel": "channel is an identifier for explicitly requesting a non-default set of updates to be applied to this cluster. The default channel will contain stable updates that are appropriate for production clusters.", "capabilities": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", @@ -878,7 +878,7 @@ var map_Update = map[string]string{ "architecture": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", "version": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", - "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", + "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", } func (Update) SwaggerDoc() map[string]string { diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index ca03cb5450f..48ea69a5ee5 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -10910,7 +10910,7 @@ func schema_openshift_api_config_v1_ClusterVersionSpec(ref common.ReferenceCallb }, "desiredUpdate": { SchemaProps: spec.SchemaProps{ - Description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + Description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted if the previous version is within the current minor version. Not all rollbacks will succeed, and some may unrecoverably break the cluster.", Ref: ref("github.com/openshift/api/config/v1.Update"), }, }, @@ -20355,7 +20355,7 @@ func schema_openshift_api_config_v1_Update(ref common.ReferenceCallback) common. }, "force": { SchemaProps: spec.SchemaProps{ - Description: "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", + Description: "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", Default: false, Type: []string{"boolean"}, Format: "", diff --git a/openapi/openapi.json b/openapi/openapi.json index 42ee6c97da5..6087b5621c9 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -5504,7 +5504,7 @@ "default": "" }, "desiredUpdate": { - "description": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + "description": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted if the previous version is within the current minor version. Not all rollbacks will succeed, and some may unrecoverably break the cluster.", "$ref": "#/definitions/com.github.openshift.api.config.v1.Update" }, "overrides": { @@ -11030,7 +11030,7 @@ "default": "" }, "force": { - "description": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", + "description": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", "type": "boolean", "default": false },