diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml
index 1388523f846..372b22bf0f5 100644
--- a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml
+++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml
@@ -273,17 +273,6 @@ spec:
description: Release represents an OpenShift release image and associated
metadata.
properties:
- architecture:
- description: |-
- architecture is an optional field that indicates the
- value of the cluster architecture. In this context cluster
- architecture means either a single architecture or a multi
- architecture.
- Valid values are 'Multi' and empty.
- enum:
- - Multi
- - ""
- type: string
channels:
description: |-
channels is the set of Cincinnati channels to which the release
@@ -459,17 +448,6 @@ spec:
release:
description: release is the target of the update.
properties:
- architecture:
- description: |-
- architecture is an optional field that indicates the
- value of the cluster architecture. In this context cluster
- architecture means either a single architecture or a multi
- architecture.
- Valid values are 'Multi' and empty.
- enum:
- - Multi
- - ""
- type: string
channels:
description: |-
channels is the set of Cincinnati channels to which the release
@@ -645,17 +623,6 @@ spec:
If the cluster is not yet fully initialized desired will be set
with the information available, which may be an image or a tag.
properties:
- architecture:
- description: |-
- architecture is an optional field that indicates the
- value of the cluster architecture. In this context cluster
- architecture means either a single architecture or a multi
- architecture.
- Valid values are 'Multi' and empty.
- enum:
- - Multi
- - ""
- type: string
channels:
description: |-
channels is the set of Cincinnati channels to which the release
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
similarity index 99%
rename from config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml
rename to config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
index 52ea2a9a579..0477bd98347 100644
--- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
@@ -7,6 +7,7 @@ metadata:
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
name: images.config.openshift.io
spec:
group: config.openshift.io
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml
new file mode 100644
index 00000000000..34c6dbefff1
--- /dev/null
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml
@@ -0,0 +1,183 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: Default
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Image governs policies related to imagestream imports and runtime configuration
+ for external registries. It allows cluster admins to configure which registries
+ OpenShift is allowed to import images from, extra CA trust bundles for external
+ registries, and policies to block or allow registry hostnames.
+ When exposing OpenShift's image registry to the public, this also lets cluster
+ admins specify the external hostname.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: |-
+ additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+ should be trusted during imagestream import, pod image pull, build image pull, and
+ imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: |-
+ allowedRegistriesForImport limits the container image registries that normal users may import
+ images from. Set this list to the registries that you trust to contain valid Docker
+ images and that you want applications to be able to import from. Users with
+ permission to create Images or ImageStreamMappings via the API are not affected by
+ this policy - typically only administrators or system integrations will have those
+ permissions.
+ items:
+ description: |-
+ RegistryLocation contains a location of the registry specified by the registry domain
+ name. The domain name might include wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: |-
+ domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the port should be included
+ in the domain name as well.
+ type: string
+ insecure:
+ description: |-
+ insecure indicates whether the registry is secure (https) or insecure (http)
+ By default (if not specified) the registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ registrySources:
+ description: |-
+ registrySources contains configuration that determines how the container runtime
+ should treat individual registries when accessing images for builds+pods. (e.g.
+ whether or not to allow insecure access). It does not contain configuration for the
+ internal cluster registry.
+ properties:
+ allowedRegistries:
+ description: |-
+ allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: |-
+ blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: |-
+ containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
+ domains in their pull specs. Registries will be searched in the order provided in the list.
+ Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-validations:
+ - message: Only one of blockedRegistries or allowedRegistries may
+ be set
+ rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries)
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ internalRegistryHostname:
+ description: |-
+ internalRegistryHostname sets the hostname for the default internal image
+ registry. The value must be in "hostname[:port]" format.
+ This value is set by the image registry operator which controls the internal registry
+ hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..8ff715e262b
--- /dev/null
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,218 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Image governs policies related to imagestream imports and runtime configuration
+ for external registries. It allows cluster admins to configure which registries
+ OpenShift is allowed to import images from, extra CA trust bundles for external
+ registries, and policies to block or allow registry hostnames.
+ When exposing OpenShift's image registry to the public, this also lets cluster
+ admins specify the external hostname.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: |-
+ additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+ should be trusted during imagestream import, pod image pull, build image pull, and
+ imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: |-
+ allowedRegistriesForImport limits the container image registries that normal users may import
+ images from. Set this list to the registries that you trust to contain valid Docker
+ images and that you want applications to be able to import from. Users with
+ permission to create Images or ImageStreamMappings via the API are not affected by
+ this policy - typically only administrators or system integrations will have those
+ permissions.
+ items:
+ description: |-
+ RegistryLocation contains a location of the registry specified by the registry domain
+ name. The domain name might include wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: |-
+ domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the port should be included
+ in the domain name as well.
+ type: string
+ insecure:
+ description: |-
+ insecure indicates whether the registry is secure (https) or insecure (http)
+ By default (if not specified) the registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: |-
+ imageStreamImportMode controls the import mode behaviour of imagestreams.
+ It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value
+ is specified, this setting is applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be used.
+ For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ sub-manifest. In this case, the platform is chosen in the following order of priority:
+ 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be
+ decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload
+ implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: |-
+ registrySources contains configuration that determines how the container runtime
+ should treat individual registries when accessing images for builds+pods. (e.g.
+ whether or not to allow insecure access). It does not contain configuration for the
+ internal cluster registry.
+ properties:
+ allowedRegistries:
+ description: |-
+ allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: |-
+ blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: |-
+ containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
+ domains in their pull specs. Registries will be searched in the order provided in the list.
+ Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-validations:
+ - message: Only one of blockedRegistries or allowedRegistries may
+ be set
+ rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries)
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: |-
+ imageStreamImportMode controls the import mode behaviour of imagestreams. It can be
+ `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used.
+ For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ sub-manifest. In this case, the platform is chosen in the following order of priority:
+ 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ the manifest list and all its sub-manifests will be imported. This value will be reconciled based
+ on either the spec value or if no spec value is specified, the image registry operator would look
+ at the ClusterVersion status to determine the payload type and set the import mode accordingly,
+ i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: |-
+ internalRegistryHostname sets the hostname for the default internal image
+ registry. The value must be in "hostname[:port]" format.
+ This value is set by the image registry operator which controls the internal registry
+ hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..ccc1c72e5e7
--- /dev/null
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,218 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Image governs policies related to imagestream imports and runtime configuration
+ for external registries. It allows cluster admins to configure which registries
+ OpenShift is allowed to import images from, extra CA trust bundles for external
+ registries, and policies to block or allow registry hostnames.
+ When exposing OpenShift's image registry to the public, this also lets cluster
+ admins specify the external hostname.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: |-
+ additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+ should be trusted during imagestream import, pod image pull, build image pull, and
+ imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: |-
+ allowedRegistriesForImport limits the container image registries that normal users may import
+ images from. Set this list to the registries that you trust to contain valid Docker
+ images and that you want applications to be able to import from. Users with
+ permission to create Images or ImageStreamMappings via the API are not affected by
+ this policy - typically only administrators or system integrations will have those
+ permissions.
+ items:
+ description: |-
+ RegistryLocation contains a location of the registry specified by the registry domain
+ name. The domain name might include wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: |-
+ domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the port should be included
+ in the domain name as well.
+ type: string
+ insecure:
+ description: |-
+ insecure indicates whether the registry is secure (https) or insecure (http)
+ By default (if not specified) the registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: |-
+ imageStreamImportMode controls the import mode behaviour of imagestreams.
+ It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value
+ is specified, this setting is applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be used.
+ For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ sub-manifest. In this case, the platform is chosen in the following order of priority:
+ 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be
+ decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload
+ implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: |-
+ registrySources contains configuration that determines how the container runtime
+ should treat individual registries when accessing images for builds+pods. (e.g.
+ whether or not to allow insecure access). It does not contain configuration for the
+ internal cluster registry.
+ properties:
+ allowedRegistries:
+ description: |-
+ allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: |-
+ blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: |-
+ containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
+ domains in their pull specs. Registries will be searched in the order provided in the list.
+ Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-validations:
+ - message: Only one of blockedRegistries or allowedRegistries may
+ be set
+ rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries)
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: |-
+ imageStreamImportMode controls the import mode behaviour of imagestreams. It can be
+ `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used.
+ For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ sub-manifest. In this case, the platform is chosen in the following order of priority:
+ 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ the manifest list and all its sub-manifests will be imported. This value will be reconciled based
+ on either the spec value or if no spec value is specified, the image registry operator would look
+ at the ClusterVersion status to determine the payload type and set the import mode accordingly,
+ i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: |-
+ internalRegistryHostname sets the hostname for the default internal image
+ registry. The value must be in "hostname[:port]" format.
+ This value is set by the image registry operator which controls the internal registry
+ hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/features.md b/features.md
index 708bb1e21ec..1e3041ee9b2 100644
--- a/features.md
+++ b/features.md
@@ -50,6 +50,7 @@
| GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | Enabled | Enabled |
| GCPDualStackInstall| | | Enabled | Enabled | Enabled | Enabled |
| ImageModeStatusReporting| | | Enabled | Enabled | Enabled | Enabled |
+| ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled |
| InsightsConfig| | | Enabled | Enabled | Enabled | Enabled |
| InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled |
| IrreconcilableMachineConfig| | | Enabled | Enabled | Enabled | Enabled |
@@ -87,7 +88,6 @@
| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
-| ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
diff --git a/features/features.go b/features/features.go
index 29622d508e3..f18b67efe7c 100644
--- a/features/features.go
+++ b/features/features.go
@@ -596,7 +596,7 @@ var (
contactPerson("psundara").
productScope(ocpSpecific).
enhancementPR(legacyFeatureGateWithoutEnhancement).
- enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+ enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
mustRegister()
FeatureGateUserNamespacesSupport = newFeatureGate("UserNamespacesSupport").
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
similarity index 99%
rename from payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml
rename to payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
index 52ea2a9a579..0477bd98347 100644
--- a/payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml
+++ b/payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
@@ -7,6 +7,7 @@ metadata:
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
name: images.config.openshift.io
spec:
group: config.openshift.io
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml
new file mode 100644
index 00000000000..34c6dbefff1
--- /dev/null
+++ b/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml
@@ -0,0 +1,183 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: Default
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Image governs policies related to imagestream imports and runtime configuration
+ for external registries. It allows cluster admins to configure which registries
+ OpenShift is allowed to import images from, extra CA trust bundles for external
+ registries, and policies to block or allow registry hostnames.
+ When exposing OpenShift's image registry to the public, this also lets cluster
+ admins specify the external hostname.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: |-
+ additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+ should be trusted during imagestream import, pod image pull, build image pull, and
+ imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: |-
+ allowedRegistriesForImport limits the container image registries that normal users may import
+ images from. Set this list to the registries that you trust to contain valid Docker
+ images and that you want applications to be able to import from. Users with
+ permission to create Images or ImageStreamMappings via the API are not affected by
+ this policy - typically only administrators or system integrations will have those
+ permissions.
+ items:
+ description: |-
+ RegistryLocation contains a location of the registry specified by the registry domain
+ name. The domain name might include wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: |-
+ domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the port should be included
+ in the domain name as well.
+ type: string
+ insecure:
+ description: |-
+ insecure indicates whether the registry is secure (https) or insecure (http)
+ By default (if not specified) the registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ registrySources:
+ description: |-
+ registrySources contains configuration that determines how the container runtime
+ should treat individual registries when accessing images for builds+pods. (e.g.
+ whether or not to allow insecure access). It does not contain configuration for the
+ internal cluster registry.
+ properties:
+ allowedRegistries:
+ description: |-
+ allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: |-
+ blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: |-
+ containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
+ domains in their pull specs. Registries will be searched in the order provided in the list.
+ Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-validations:
+ - message: Only one of blockedRegistries or allowedRegistries may
+ be set
+ rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries)
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ internalRegistryHostname:
+ description: |-
+ internalRegistryHostname sets the hostname for the default internal image
+ registry. The value must be in "hostname[:port]" format.
+ This value is set by the image registry operator which controls the internal registry
+ hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..8ff715e262b
--- /dev/null
+++ b/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,218 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Image governs policies related to imagestream imports and runtime configuration
+ for external registries. It allows cluster admins to configure which registries
+ OpenShift is allowed to import images from, extra CA trust bundles for external
+ registries, and policies to block or allow registry hostnames.
+ When exposing OpenShift's image registry to the public, this also lets cluster
+ admins specify the external hostname.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: |-
+ additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+ should be trusted during imagestream import, pod image pull, build image pull, and
+ imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: |-
+ allowedRegistriesForImport limits the container image registries that normal users may import
+ images from. Set this list to the registries that you trust to contain valid Docker
+ images and that you want applications to be able to import from. Users with
+ permission to create Images or ImageStreamMappings via the API are not affected by
+ this policy - typically only administrators or system integrations will have those
+ permissions.
+ items:
+ description: |-
+ RegistryLocation contains a location of the registry specified by the registry domain
+ name. The domain name might include wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: |-
+ domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the port should be included
+ in the domain name as well.
+ type: string
+ insecure:
+ description: |-
+ insecure indicates whether the registry is secure (https) or insecure (http)
+ By default (if not specified) the registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: |-
+ imageStreamImportMode controls the import mode behaviour of imagestreams.
+ It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value
+ is specified, this setting is applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be used.
+ For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ sub-manifest. In this case, the platform is chosen in the following order of priority:
+ 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be
+ decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload
+ implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: |-
+ registrySources contains configuration that determines how the container runtime
+ should treat individual registries when accessing images for builds+pods. (e.g.
+ whether or not to allow insecure access). It does not contain configuration for the
+ internal cluster registry.
+ properties:
+ allowedRegistries:
+ description: |-
+ allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: |-
+ blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: |-
+ containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
+ domains in their pull specs. Registries will be searched in the order provided in the list.
+ Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-validations:
+ - message: Only one of blockedRegistries or allowedRegistries may
+ be set
+ rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries)
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: |-
+ imageStreamImportMode controls the import mode behaviour of imagestreams. It can be
+ `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used.
+ For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ sub-manifest. In this case, the platform is chosen in the following order of priority:
+ 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ the manifest list and all its sub-manifests will be imported. This value will be reconciled based
+ on either the spec value or if no spec value is specified, the image registry operator would look
+ at the ClusterVersion status to determine the payload type and set the import mode accordingly,
+ i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: |-
+ internalRegistryHostname sets the hostname for the default internal image
+ registry. The value must be in "hostname[:port]" format.
+ This value is set by the image registry operator which controls the internal registry
+ hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..ccc1c72e5e7
--- /dev/null
+++ b/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,218 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Image governs policies related to imagestream imports and runtime configuration
+ for external registries. It allows cluster admins to configure which registries
+ OpenShift is allowed to import images from, extra CA trust bundles for external
+ registries, and policies to block or allow registry hostnames.
+ When exposing OpenShift's image registry to the public, this also lets cluster
+ admins specify the external hostname.
+
+ Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: |-
+ additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
+ should be trusted during imagestream import, pod image pull, build image pull, and
+ imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: |-
+ allowedRegistriesForImport limits the container image registries that normal users may import
+ images from. Set this list to the registries that you trust to contain valid Docker
+ images and that you want applications to be able to import from. Users with
+ permission to create Images or ImageStreamMappings via the API are not affected by
+ this policy - typically only administrators or system integrations will have those
+ permissions.
+ items:
+ description: |-
+ RegistryLocation contains a location of the registry specified by the registry domain
+ name. The domain name might include wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: |-
+ domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the port should be included
+ in the domain name as well.
+ type: string
+ insecure:
+ description: |-
+ insecure indicates whether the registry is secure (https) or insecure (http)
+ By default (if not specified) the registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: |-
+ imageStreamImportMode controls the import mode behaviour of imagestreams.
+ It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value
+ is specified, this setting is applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be used.
+ For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ sub-manifest. In this case, the platform is chosen in the following order of priority:
+ 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be
+ decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload
+ implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: |-
+ registrySources contains configuration that determines how the container runtime
+ should treat individual registries when accessing images for builds+pods. (e.g.
+ whether or not to allow insecure access). It does not contain configuration for the
+ internal cluster registry.
+ properties:
+ allowedRegistries:
+ description: |-
+ allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: |-
+ blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
+
+ Only one of BlockedRegistries or AllowedRegistries may be set.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: |-
+ containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
+ domains in their pull specs. Registries will be searched in the order provided in the list.
+ Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-validations:
+ - message: Only one of blockedRegistries or allowedRegistries may
+ be set
+ rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries)
+ : true'
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: |-
+ externalRegistryHostnames provides the hostnames for the default external image
+ registry. The external hostname should be set only when the image registry
+ is exposed externally. The first value is used in 'publicDockerImageRepository'
+ field in ImageStreams. The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: |-
+ imageStreamImportMode controls the import mode behaviour of imagestreams. It can be
+ `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used.
+ For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ sub-manifest. In this case, the platform is chosen in the following order of priority:
+ 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ the manifest list and all its sub-manifests will be imported. This value will be reconciled based
+ on either the spec value or if no spec value is specified, the image registry operator would look
+ at the ClusterVersion status to determine the payload type and set the import mode accordingly,
+ i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: |-
+ internalRegistryHostname sets the hostname for the default internal image
+ registry. The value must be in "hostname[:port]" format.
+ This value is set by the image registry operator which controls the internal registry
+ hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
index 54a1688daa1..5fdb6fd0155 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
@@ -123,6 +123,9 @@
{
"name": "ImageModeStatusReporting"
},
+ {
+ "name": "ImageStreamImportMode"
+ },
{
"name": "IngressControllerDynamicConfigurationManager"
},
@@ -275,9 +278,6 @@
{
"name": "HyperShiftOnlyDynamicResourceAllocation"
},
- {
- "name": "ImageStreamImportMode"
- },
{
"name": "ImageVolume"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
index 1768547e665..b619bdb03bb 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
@@ -126,6 +126,9 @@
{
"name": "ImageModeStatusReporting"
},
+ {
+ "name": "ImageStreamImportMode"
+ },
{
"name": "IngressControllerDynamicConfigurationManager"
},
@@ -269,9 +272,6 @@
{
"name": "HighlyAvailableArbiter"
},
- {
- "name": "ImageStreamImportMode"
- },
{
"name": "ImageVolume"
},