From ee3ba26057341fb438f4e8341bb7f2ced78fad5f Mon Sep 17 00:00:00 2001 From: Jianlin Liu Date: Thu, 27 Nov 2025 18:32:29 +0800 Subject: [PATCH] Revert "MULTIARCH-5190: Promote ImageStreamImportMode to default" --- ...erator_01_clusterversions-Default.crd.yaml | 33 --- ...erator_01_images-CustomNoUpgrade.crd.yaml} | 1 + ...config-operator_01_images-Default.crd.yaml | 183 +++++++++++++++ ...tor_01_images-DevPreviewNoUpgrade.crd.yaml | 218 ++++++++++++++++++ ...or_01_images-TechPreviewNoUpgrade.crd.yaml | 218 ++++++++++++++++++ features.md | 2 +- features/features.go | 2 +- ...erator_01_images-CustomNoUpgrade.crd.yaml} | 1 + ...config-operator_01_images-Default.crd.yaml | 183 +++++++++++++++ ...tor_01_images-DevPreviewNoUpgrade.crd.yaml | 218 ++++++++++++++++++ ...or_01_images-TechPreviewNoUpgrade.crd.yaml | 218 ++++++++++++++++++ .../featureGate-Hypershift-Default.yaml | 6 +- .../featureGate-SelfManagedHA-Default.yaml | 6 +- 13 files changed, 1248 insertions(+), 41 deletions(-) rename config/v1/zz_generated.crd-manifests/{0000_10_config-operator_01_images.crd.yaml => 0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml} (99%) create mode 100644 config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml create mode 100644 config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml create mode 100644 config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml rename payload-manifests/crds/{0000_10_config-operator_01_images.crd.yaml => 0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml} (99%) create mode 100644 payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml create mode 100644 payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml create mode 100644 payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml index 1388523f846..372b22bf0f5 100644 --- a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-Default.crd.yaml @@ -273,17 +273,6 @@ spec: description: Release represents an OpenShift release image and associated metadata. properties: - architecture: - description: |- - architecture is an optional field that indicates the - value of the cluster architecture. In this context cluster - architecture means either a single architecture or a multi - architecture. - Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string channels: description: |- channels is the set of Cincinnati channels to which the release @@ -459,17 +448,6 @@ spec: release: description: release is the target of the update. properties: - architecture: - description: |- - architecture is an optional field that indicates the - value of the cluster architecture. In this context cluster - architecture means either a single architecture or a multi - architecture. - Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string channels: description: |- channels is the set of Cincinnati channels to which the release @@ -645,17 +623,6 @@ spec: If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag. properties: - architecture: - description: |- - architecture is an optional field that indicates the - value of the cluster architecture. In this context cluster - architecture means either a single architecture or a multi - architecture. - Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string channels: description: |- channels is the set of Cincinnati channels to which the release diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml similarity index 99% rename from config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml rename to config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml index 52ea2a9a579..0477bd98347 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml @@ -7,6 +7,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: CustomNoUpgrade name: images.config.openshift.io spec: group: config.openshift.io diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml new file mode 100644 index 00000000000..34c6dbefff1 --- /dev/null +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml @@ -0,0 +1,183 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: Default + name: images.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Image + listKind: ImageList + plural: images + singular: image + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Image governs policies related to imagestream imports and runtime configuration + for external registries. It allows cluster admins to configure which registries + OpenShift is allowed to import images from, extra CA trust bundles for external + registries, and policies to block or allow registry hostnames. + When exposing OpenShift's image registry to the public, this also lets cluster + admins specify the external hostname. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + additionalTrustedCA: + description: |- + additionalTrustedCA is a reference to a ConfigMap containing additional CAs that + should be trusted during imagestream import, pod image pull, build image pull, and + imageregistry pullthrough. + The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + allowedRegistriesForImport: + description: |- + allowedRegistriesForImport limits the container image registries that normal users may import + images from. Set this list to the registries that you trust to contain valid Docker + images and that you want applications to be able to import from. Users with + permission to create Images or ImageStreamMappings via the API are not affected by + this policy - typically only administrators or system integrations will have those + permissions. + items: + description: |- + RegistryLocation contains a location of the registry specified by the registry domain + name. The domain name might include wildcards, like '*' or '??'. + properties: + domainName: + description: |- + domainName specifies a domain name for the registry + In case the registry use non-standard (80 or 443) port, the port should be included + in the domain name as well. + type: string + insecure: + description: |- + insecure indicates whether the registry is secure (https) or insecure (http) + By default (if not specified) the registry is assumed as secure. + type: boolean + type: object + type: array + x-kubernetes-list-type: atomic + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + registrySources: + description: |- + registrySources contains configuration that determines how the container runtime + should treat individual registries when accessing images for builds+pods. (e.g. + whether or not to allow insecure access). It does not contain configuration for the + internal cluster registry. + properties: + allowedRegistries: + description: |- + allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + blockedRegistries: + description: |- + blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + containerRuntimeSearchRegistries: + description: |- + containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + domains in their pull specs. Registries will be searched in the order provided in the list. + Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + format: hostname + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have + a valid TLS certificates or only support HTTP connections. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + internalRegistryHostname: + description: |- + internalRegistryHostname sets the hostname for the default internal image + registry. The value must be in "hostname[:port]" format. + This value is set by the image registry operator which controls the internal registry + hostname. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..8ff715e262b --- /dev/null +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,218 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: images.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Image + listKind: ImageList + plural: images + singular: image + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Image governs policies related to imagestream imports and runtime configuration + for external registries. It allows cluster admins to configure which registries + OpenShift is allowed to import images from, extra CA trust bundles for external + registries, and policies to block or allow registry hostnames. + When exposing OpenShift's image registry to the public, this also lets cluster + admins specify the external hostname. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + additionalTrustedCA: + description: |- + additionalTrustedCA is a reference to a ConfigMap containing additional CAs that + should be trusted during imagestream import, pod image pull, build image pull, and + imageregistry pullthrough. + The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + allowedRegistriesForImport: + description: |- + allowedRegistriesForImport limits the container image registries that normal users may import + images from. Set this list to the registries that you trust to contain valid Docker + images and that you want applications to be able to import from. Users with + permission to create Images or ImageStreamMappings via the API are not affected by + this policy - typically only administrators or system integrations will have those + permissions. + items: + description: |- + RegistryLocation contains a location of the registry specified by the registry domain + name. The domain name might include wildcards, like '*' or '??'. + properties: + domainName: + description: |- + domainName specifies a domain name for the registry + In case the registry use non-standard (80 or 443) port, the port should be included + in the domain name as well. + type: string + insecure: + description: |- + insecure indicates whether the registry is secure (https) or insecure (http) + By default (if not specified) the registry is assumed as secure. + type: boolean + type: object + type: array + x-kubernetes-list-type: atomic + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + imageStreamImportMode: + description: |- + imageStreamImportMode controls the import mode behaviour of imagestreams. + It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value + is specified, this setting is applied to all newly created imagestreams which do not have the + value set. `Legacy` indicates that the legacy behaviour should be used. + For manifest lists, the legacy behaviour will discard the manifest list and import a single + sub-manifest. In this case, the platform is chosen in the following order of priority: + 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be + decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload + implies the import mode is Legacy and multi payload implies PreserveOriginal. + enum: + - "" + - Legacy + - PreserveOriginal + type: string + registrySources: + description: |- + registrySources contains configuration that determines how the container runtime + should treat individual registries when accessing images for builds+pods. (e.g. + whether or not to allow insecure access). It does not contain configuration for the + internal cluster registry. + properties: + allowedRegistries: + description: |- + allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + blockedRegistries: + description: |- + blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + containerRuntimeSearchRegistries: + description: |- + containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + domains in their pull specs. Registries will be searched in the order provided in the list. + Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + format: hostname + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have + a valid TLS certificates or only support HTTP connections. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + imageStreamImportMode: + description: |- + imageStreamImportMode controls the import mode behaviour of imagestreams. It can be + `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. + For manifest lists, the legacy behaviour will discard the manifest list and import a single + sub-manifest. In this case, the platform is chosen in the following order of priority: + 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + the manifest list and all its sub-manifests will be imported. This value will be reconciled based + on either the spec value or if no spec value is specified, the image registry operator would look + at the ClusterVersion status to determine the payload type and set the import mode accordingly, + i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal. + enum: + - "" + - Legacy + - PreserveOriginal + type: string + internalRegistryHostname: + description: |- + internalRegistryHostname sets the hostname for the default internal image + registry. The value must be in "hostname[:port]" format. + This value is set by the image registry operator which controls the internal registry + hostname. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..ccc1c72e5e7 --- /dev/null +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,218 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: images.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Image + listKind: ImageList + plural: images + singular: image + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Image governs policies related to imagestream imports and runtime configuration + for external registries. It allows cluster admins to configure which registries + OpenShift is allowed to import images from, extra CA trust bundles for external + registries, and policies to block or allow registry hostnames. + When exposing OpenShift's image registry to the public, this also lets cluster + admins specify the external hostname. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + additionalTrustedCA: + description: |- + additionalTrustedCA is a reference to a ConfigMap containing additional CAs that + should be trusted during imagestream import, pod image pull, build image pull, and + imageregistry pullthrough. + The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + allowedRegistriesForImport: + description: |- + allowedRegistriesForImport limits the container image registries that normal users may import + images from. Set this list to the registries that you trust to contain valid Docker + images and that you want applications to be able to import from. Users with + permission to create Images or ImageStreamMappings via the API are not affected by + this policy - typically only administrators or system integrations will have those + permissions. + items: + description: |- + RegistryLocation contains a location of the registry specified by the registry domain + name. The domain name might include wildcards, like '*' or '??'. + properties: + domainName: + description: |- + domainName specifies a domain name for the registry + In case the registry use non-standard (80 or 443) port, the port should be included + in the domain name as well. + type: string + insecure: + description: |- + insecure indicates whether the registry is secure (https) or insecure (http) + By default (if not specified) the registry is assumed as secure. + type: boolean + type: object + type: array + x-kubernetes-list-type: atomic + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + imageStreamImportMode: + description: |- + imageStreamImportMode controls the import mode behaviour of imagestreams. + It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value + is specified, this setting is applied to all newly created imagestreams which do not have the + value set. `Legacy` indicates that the legacy behaviour should be used. + For manifest lists, the legacy behaviour will discard the manifest list and import a single + sub-manifest. In this case, the platform is chosen in the following order of priority: + 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be + decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload + implies the import mode is Legacy and multi payload implies PreserveOriginal. + enum: + - "" + - Legacy + - PreserveOriginal + type: string + registrySources: + description: |- + registrySources contains configuration that determines how the container runtime + should treat individual registries when accessing images for builds+pods. (e.g. + whether or not to allow insecure access). It does not contain configuration for the + internal cluster registry. + properties: + allowedRegistries: + description: |- + allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + blockedRegistries: + description: |- + blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + containerRuntimeSearchRegistries: + description: |- + containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + domains in their pull specs. Registries will be searched in the order provided in the list. + Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + format: hostname + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have + a valid TLS certificates or only support HTTP connections. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + imageStreamImportMode: + description: |- + imageStreamImportMode controls the import mode behaviour of imagestreams. It can be + `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. + For manifest lists, the legacy behaviour will discard the manifest list and import a single + sub-manifest. In this case, the platform is chosen in the following order of priority: + 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + the manifest list and all its sub-manifests will be imported. This value will be reconciled based + on either the spec value or if no spec value is specified, the image registry operator would look + at the ClusterVersion status to determine the payload type and set the import mode accordingly, + i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal. + enum: + - "" + - Legacy + - PreserveOriginal + type: string + internalRegistryHostname: + description: |- + internalRegistryHostname sets the hostname for the default internal image + registry. The value must be in "hostname[:port]" format. + This value is set by the image registry operator which controls the internal registry + hostname. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/features.md b/features.md index 708bb1e21ec..1e3041ee9b2 100644 --- a/features.md +++ b/features.md @@ -50,6 +50,7 @@ | GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | Enabled | Enabled | | GCPDualStackInstall| | | Enabled | Enabled | Enabled | Enabled | | ImageModeStatusReporting| | | Enabled | Enabled | Enabled | Enabled | +| ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| | | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled | | IrreconcilableMachineConfig| | | Enabled | Enabled | Enabled | Enabled | @@ -87,7 +88,6 @@ | GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/features/features.go b/features/features.go index 29622d508e3..f18b67efe7c 100644 --- a/features/features.go +++ b/features/features.go @@ -596,7 +596,7 @@ var ( contactPerson("psundara"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateUserNamespacesSupport = newFeatureGate("UserNamespacesSupport"). diff --git a/payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml similarity index 99% rename from payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml rename to payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml index 52ea2a9a579..0477bd98347 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml @@ -7,6 +7,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: CustomNoUpgrade name: images.config.openshift.io spec: group: config.openshift.io diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml new file mode 100644 index 00000000000..34c6dbefff1 --- /dev/null +++ b/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml @@ -0,0 +1,183 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: Default + name: images.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Image + listKind: ImageList + plural: images + singular: image + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Image governs policies related to imagestream imports and runtime configuration + for external registries. It allows cluster admins to configure which registries + OpenShift is allowed to import images from, extra CA trust bundles for external + registries, and policies to block or allow registry hostnames. + When exposing OpenShift's image registry to the public, this also lets cluster + admins specify the external hostname. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + additionalTrustedCA: + description: |- + additionalTrustedCA is a reference to a ConfigMap containing additional CAs that + should be trusted during imagestream import, pod image pull, build image pull, and + imageregistry pullthrough. + The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + allowedRegistriesForImport: + description: |- + allowedRegistriesForImport limits the container image registries that normal users may import + images from. Set this list to the registries that you trust to contain valid Docker + images and that you want applications to be able to import from. Users with + permission to create Images or ImageStreamMappings via the API are not affected by + this policy - typically only administrators or system integrations will have those + permissions. + items: + description: |- + RegistryLocation contains a location of the registry specified by the registry domain + name. The domain name might include wildcards, like '*' or '??'. + properties: + domainName: + description: |- + domainName specifies a domain name for the registry + In case the registry use non-standard (80 or 443) port, the port should be included + in the domain name as well. + type: string + insecure: + description: |- + insecure indicates whether the registry is secure (https) or insecure (http) + By default (if not specified) the registry is assumed as secure. + type: boolean + type: object + type: array + x-kubernetes-list-type: atomic + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + registrySources: + description: |- + registrySources contains configuration that determines how the container runtime + should treat individual registries when accessing images for builds+pods. (e.g. + whether or not to allow insecure access). It does not contain configuration for the + internal cluster registry. + properties: + allowedRegistries: + description: |- + allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + blockedRegistries: + description: |- + blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + containerRuntimeSearchRegistries: + description: |- + containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + domains in their pull specs. Registries will be searched in the order provided in the list. + Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + format: hostname + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have + a valid TLS certificates or only support HTTP connections. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + internalRegistryHostname: + description: |- + internalRegistryHostname sets the hostname for the default internal image + registry. The value must be in "hostname[:port]" format. + This value is set by the image registry operator which controls the internal registry + hostname. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..8ff715e262b --- /dev/null +++ b/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,218 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: images.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Image + listKind: ImageList + plural: images + singular: image + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Image governs policies related to imagestream imports and runtime configuration + for external registries. It allows cluster admins to configure which registries + OpenShift is allowed to import images from, extra CA trust bundles for external + registries, and policies to block or allow registry hostnames. + When exposing OpenShift's image registry to the public, this also lets cluster + admins specify the external hostname. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + additionalTrustedCA: + description: |- + additionalTrustedCA is a reference to a ConfigMap containing additional CAs that + should be trusted during imagestream import, pod image pull, build image pull, and + imageregistry pullthrough. + The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + allowedRegistriesForImport: + description: |- + allowedRegistriesForImport limits the container image registries that normal users may import + images from. Set this list to the registries that you trust to contain valid Docker + images and that you want applications to be able to import from. Users with + permission to create Images or ImageStreamMappings via the API are not affected by + this policy - typically only administrators or system integrations will have those + permissions. + items: + description: |- + RegistryLocation contains a location of the registry specified by the registry domain + name. The domain name might include wildcards, like '*' or '??'. + properties: + domainName: + description: |- + domainName specifies a domain name for the registry + In case the registry use non-standard (80 or 443) port, the port should be included + in the domain name as well. + type: string + insecure: + description: |- + insecure indicates whether the registry is secure (https) or insecure (http) + By default (if not specified) the registry is assumed as secure. + type: boolean + type: object + type: array + x-kubernetes-list-type: atomic + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + imageStreamImportMode: + description: |- + imageStreamImportMode controls the import mode behaviour of imagestreams. + It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value + is specified, this setting is applied to all newly created imagestreams which do not have the + value set. `Legacy` indicates that the legacy behaviour should be used. + For manifest lists, the legacy behaviour will discard the manifest list and import a single + sub-manifest. In this case, the platform is chosen in the following order of priority: + 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be + decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload + implies the import mode is Legacy and multi payload implies PreserveOriginal. + enum: + - "" + - Legacy + - PreserveOriginal + type: string + registrySources: + description: |- + registrySources contains configuration that determines how the container runtime + should treat individual registries when accessing images for builds+pods. (e.g. + whether or not to allow insecure access). It does not contain configuration for the + internal cluster registry. + properties: + allowedRegistries: + description: |- + allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + blockedRegistries: + description: |- + blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + containerRuntimeSearchRegistries: + description: |- + containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + domains in their pull specs. Registries will be searched in the order provided in the list. + Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + format: hostname + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have + a valid TLS certificates or only support HTTP connections. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + imageStreamImportMode: + description: |- + imageStreamImportMode controls the import mode behaviour of imagestreams. It can be + `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. + For manifest lists, the legacy behaviour will discard the manifest list and import a single + sub-manifest. In this case, the platform is chosen in the following order of priority: + 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + the manifest list and all its sub-manifests will be imported. This value will be reconciled based + on either the spec value or if no spec value is specified, the image registry operator would look + at the ClusterVersion status to determine the payload type and set the import mode accordingly, + i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal. + enum: + - "" + - Legacy + - PreserveOriginal + type: string + internalRegistryHostname: + description: |- + internalRegistryHostname sets the hostname for the default internal image + registry. The value must be in "hostname[:port]" format. + This value is set by the image registry operator which controls the internal registry + hostname. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..ccc1c72e5e7 --- /dev/null +++ b/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,218 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: images.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Image + listKind: ImageList + plural: images + singular: image + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Image governs policies related to imagestream imports and runtime configuration + for external registries. It allows cluster admins to configure which registries + OpenShift is allowed to import images from, extra CA trust bundles for external + registries, and policies to block or allow registry hostnames. + When exposing OpenShift's image registry to the public, this also lets cluster + admins specify the external hostname. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + additionalTrustedCA: + description: |- + additionalTrustedCA is a reference to a ConfigMap containing additional CAs that + should be trusted during imagestream import, pod image pull, build image pull, and + imageregistry pullthrough. + The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + allowedRegistriesForImport: + description: |- + allowedRegistriesForImport limits the container image registries that normal users may import + images from. Set this list to the registries that you trust to contain valid Docker + images and that you want applications to be able to import from. Users with + permission to create Images or ImageStreamMappings via the API are not affected by + this policy - typically only administrators or system integrations will have those + permissions. + items: + description: |- + RegistryLocation contains a location of the registry specified by the registry domain + name. The domain name might include wildcards, like '*' or '??'. + properties: + domainName: + description: |- + domainName specifies a domain name for the registry + In case the registry use non-standard (80 or 443) port, the port should be included + in the domain name as well. + type: string + insecure: + description: |- + insecure indicates whether the registry is secure (https) or insecure (http) + By default (if not specified) the registry is assumed as secure. + type: boolean + type: object + type: array + x-kubernetes-list-type: atomic + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + imageStreamImportMode: + description: |- + imageStreamImportMode controls the import mode behaviour of imagestreams. + It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value + is specified, this setting is applied to all newly created imagestreams which do not have the + value set. `Legacy` indicates that the legacy behaviour should be used. + For manifest lists, the legacy behaviour will discard the manifest list and import a single + sub-manifest. In this case, the platform is chosen in the following order of priority: + 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be + decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload + implies the import mode is Legacy and multi payload implies PreserveOriginal. + enum: + - "" + - Legacy + - PreserveOriginal + type: string + registrySources: + description: |- + registrySources contains configuration that determines how the container runtime + should treat individual registries when accessing images for builds+pods. (e.g. + whether or not to allow insecure access). It does not contain configuration for the + internal cluster registry. + properties: + allowedRegistries: + description: |- + allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + blockedRegistries: + description: |- + blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + + Only one of BlockedRegistries or AllowedRegistries may be set. + items: + type: string + type: array + x-kubernetes-list-type: atomic + containerRuntimeSearchRegistries: + description: |- + containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + domains in their pull specs. Registries will be searched in the order provided in the list. + Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + format: hostname + items: + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have + a valid TLS certificates or only support HTTP connections. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-validations: + - message: Only one of blockedRegistries or allowedRegistries may + be set + rule: 'has(self.blockedRegistries) ? !has(self.allowedRegistries) + : true' + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + externalRegistryHostnames: + description: |- + externalRegistryHostnames provides the hostnames for the default external image + registry. The external hostname should be set only when the image registry + is exposed externally. The first value is used in 'publicDockerImageRepository' + field in ImageStreams. The value must be in "hostname[:port]" format. + items: + type: string + type: array + x-kubernetes-list-type: atomic + imageStreamImportMode: + description: |- + imageStreamImportMode controls the import mode behaviour of imagestreams. It can be + `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. + For manifest lists, the legacy behaviour will discard the manifest list and import a single + sub-manifest. In this case, the platform is chosen in the following order of priority: + 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + the manifest list and all its sub-manifests will be imported. This value will be reconciled based + on either the spec value or if no spec value is specified, the image registry operator would look + at the ClusterVersion status to determine the payload type and set the import mode accordingly, + i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal. + enum: + - "" + - Legacy + - PreserveOriginal + type: string + internalRegistryHostname: + description: |- + internalRegistryHostname sets the hostname for the default internal image + registry. The value must be in "hostname[:port]" format. + This value is set by the image registry operator which controls the internal registry + hostname. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml index 54a1688daa1..5fdb6fd0155 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml @@ -123,6 +123,9 @@ { "name": "ImageModeStatusReporting" }, + { + "name": "ImageStreamImportMode" + }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -275,9 +278,6 @@ { "name": "HyperShiftOnlyDynamicResourceAllocation" }, - { - "name": "ImageStreamImportMode" - }, { "name": "ImageVolume" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml index 1768547e665..b619bdb03bb 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml @@ -126,6 +126,9 @@ { "name": "ImageModeStatusReporting" }, + { + "name": "ImageStreamImportMode" + }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -269,9 +272,6 @@ { "name": "HighlyAvailableArbiter" }, - { - "name": "ImageStreamImportMode" - }, { "name": "ImageVolume" },