From be6636795c98a05fc7d5a0073d43981b5a035fcd Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Wed, 28 Jul 2021 16:06:44 +0200 Subject: [PATCH 1/3] bump library-go Signed-off-by: Antonio Ojea --- go.mod | 16 +- go.sum | 57 +- vendor/github.com/openshift/api/Makefile | 9 +- ...piserver.openshift.io_apirequestcount.yaml | 442 ++- .../api/apiserver/v1/types_apirequestcount.go | 6 + .../v1/zz_generated.swagger_doc_generated.go | 4 +- .../openshift/api/apps/v1/generated.proto | 18 + .../github.com/openshift/api/apps/v1/types.go | 18 + .../v1/zz_generated.swagger_doc_generated.go | 12 +- ...enshift_01_rolebindingrestriction.crd.yaml | 330 +-- .../api/authorization/v1/generated.proto | 57 + .../openshift/api/authorization/v1/types.go | 57 + .../v1/zz_generated.swagger_doc_generated.go | 38 +- .../openshift/api/build/v1/generated.pb.go | 1425 +++++++--- .../openshift/api/build/v1/generated.proto | 146 +- .../openshift/api/build/v1/types.go | 157 +- .../api/build/v1/zz_generated.deepcopy.go | 78 + .../v1/zz_generated.swagger_doc_generated.go | 65 +- .../v1/001-cloudprivateipconfig.crd.yaml | 12 +- .../api/cloudnetwork/v1/generated.proto | 5 + .../openshift/api/cloudnetwork/v1/types.go | 5 + .../v1/zz_generated.swagger_doc_generated.go | 4 +- ...rsion-operator_01_clusteroperator.crd.yaml | 268 +- ...ersion-operator_01_clusterversion.crd.yaml | 506 ++-- ...03_config-operator_01_operatorhub.crd.yaml | 156 +- .../0000_03_config-operator_01_proxy.crd.yaml | 147 +- ...0_10_config-operator_01_apiserver.crd.yaml | 397 ++- ...config-operator_01_authentication.crd.yaml | 214 +- .../0000_10_config-operator_01_build.crd.yaml | 605 ++--- ...000_10_config-operator_01_console.crd.yaml | 100 +- .../0000_10_config-operator_01_dns.crd.yaml | 139 +- ...10_config-operator_01_featuregate.crd.yaml | 111 +- .../0000_10_config-operator_01_image.crd.yaml | 219 +- ...config-operator_01_infrastructure.crd.yaml | 837 +++--- ...000_10_config-operator_01_ingress.crd.yaml | 516 ++-- ...000_10_config-operator_01_network.crd.yaml | 255 +- .../0000_10_config-operator_01_oauth.crd.yaml | 1036 +++---- ...000_10_config-operator_01_project.crd.yaml | 91 +- ...0_10_config-operator_01_scheduler.crd.yaml | 148 +- .../openshift/api/config/v1/types.go | 86 + .../api/config/v1/types_apiserver.go | 64 +- .../api/config/v1/types_authentication.go | 5 + .../openshift/api/config/v1/types_build.go | 5 + .../api/config/v1/types_cluster_operator.go | 23 +- .../api/config/v1/types_cluster_version.go | 19 +- .../openshift/api/config/v1/types_console.go | 5 + .../openshift/api/config/v1/types_dns.go | 5 + .../openshift/api/config/v1/types_feature.go | 8 + .../openshift/api/config/v1/types_image.go | 5 + .../api/config/v1/types_infrastructure.go | 34 +- .../openshift/api/config/v1/types_ingress.go | 30 + .../openshift/api/config/v1/types_network.go | 5 + .../openshift/api/config/v1/types_oauth.go | 5 + .../api/config/v1/types_operatorhub.go | 6 + .../openshift/api/config/v1/types_project.go | 5 + .../openshift/api/config/v1/types_proxy.go | 5 + .../api/config/v1/types_scheduling.go | 5 + .../api/config/v1/zz_generated.deepcopy.go | 83 +- .../v1/zz_generated.swagger_doc_generated.go | 200 +- vendor/github.com/openshift/api/go.mod | 13 +- vendor/github.com/openshift/api/go.sum | 30 +- .../0000_10-helm-chart-repository.crd.yaml | 263 +- .../openshift/api/helm/v1beta1/types_helm.go | 5 + .../api/image/docker10/dockertypes.go | 4 + .../api/image/dockerpre012/dockertypes.go | 4 + .../openshift/api/image/v1/generated.proto | 40 + .../openshift/api/image/v1/types.go | 40 + .../v1/zz_generated.swagger_doc_generated.go | 26 +- .../api/imageregistry/v1/00-crd.yaml | 2405 +++++++---------- .../api/imageregistry/v1/01-crd.yaml | 1524 ++++------- .../openshift/api/imageregistry/v1/types.go | 41 + .../api/imageregistry/v1/types_imagepruner.go | 6 + .../imageregistry/v1/zz_generated.deepcopy.go | 21 + .../v1/zz_generated.swagger_doc_generated.go | 22 +- vendor/github.com/openshift/api/install.go | 2 + .../api/kubecontrolplane/v1/types.go | 6 + .../v1/zz_generated.swagger_doc_generated.go | 2 + .../openshift/api/legacyconfig/v1/types.go | 72 + .../v1/zz_generated.swagger_doc_generated.go | 36 +- .../network/v1/001-clusternetwork-crd.yaml | 188 +- .../api/network/v1/002-hostsubnet-crd.yaml | 148 +- .../api/network/v1/003-netnamespace-crd.yaml | 104 +- .../v1/004-egressnetworkpolicy-crd.yaml | 119 +- .../openshift/api/network/v1/generated.proto | 24 + .../openshift/api/network/v1/types.go | 24 + .../v1/zz_generated.swagger_doc_generated.go | 16 +- .../v1/001-egressrouter.crd.yaml | 9 +- .../v1/001-egressrouter.crd.yaml-patch | 5 - .../api/networkoperator/v1/generated.proto | 5 + .../networkoperator/v1/types_egressrouter.go | 6 + .../v1/zz_generated.swagger_doc_generated.go | 4 +- .../openshift/api/oauth/v1/generated.proto | 31 + .../openshift/api/oauth/v1/types.go | 31 + .../v1/zz_generated.swagger_doc_generated.go | 20 +- .../api/openshiftcontrolplane/v1/types.go | 14 + .../v1/zz_generated.swagger_doc_generated.go | 6 +- ...0000_10_config-operator_01_config.crd.yaml | 266 +- .../0000_12_etcd-operator_01_config.crd.yaml | 388 ++- ...kube-apiserver-operator_01_config.crd.yaml | 22 +- ...roller-manager-operator_01_config.crd.yaml | 32 +- ...kube-scheduler-operator_01_config.crd.yaml | 22 +- ...hift-apiserver-operator_01_config.crd.yaml | 279 +- ...oud-credential-operator_00_config.crd.yaml | 288 +- ...rsion-migrator-operator_00_config.crd.yaml | 256 +- ...authentication-operator_01_config.crd.yaml | 274 +- ...roller-manager-operator_02_config.crd.yaml | 262 +- ...00_50_cluster_storage_operator_01_crd.yaml | 261 +- ...ess-operator_00-ingresscontroller.crd.yaml | 146 +- .../0000_50_service-ca-operator_02_crd.yaml | 263 +- ...00_70_cluster-network-operator_01_crd.yaml | 986 +++---- .../v1/0000_70_console-operator.crd.yaml | 579 ++-- ...perator_00-custom-resource-definition.yaml | 291 +- ...i_snapshot_controller_operator_01_crd.yaml | 261 +- ...0_90_cluster_csi_driver_01_config.crd.yaml | 12 +- ...luster_csi_driver_01_config.crd.yaml-patch | 2 + .../openshift/api/operator/v1/types.go | 11 +- .../api/operator/v1/types_authentication.go | 6 + .../api/operator/v1/types_cloudcredential.go | 5 + .../openshift/api/operator/v1/types_config.go | 8 +- .../api/operator/v1/types_console.go | 21 + .../operator/v1/types_csi_cluster_driver.go | 27 +- .../api/operator/v1/types_csi_snapshot.go | 6 + .../openshift/api/operator/v1/types_dns.go | 20 +- .../openshift/api/operator/v1/types_etcd.go | 6 + .../api/operator/v1/types_ingress.go | 199 +- .../api/operator/v1/types_kubeapiserver.go | 7 + .../v1/types_kubecontrollermanager.go | 14 + .../v1/types_kubestorageversionmigrator.go | 6 + .../api/operator/v1/types_network.go | 15 +- .../operator/v1/types_openshiftapiserver.go | 6 + .../v1/types_openshiftcontrollermanager.go | 6 + .../api/operator/v1/types_scheduler.go | 6 + .../api/operator/v1/types_serviceca.go | 6 + .../v1/types_servicecatalogapiserver.go | 6 + .../types_servicecatalogcontrollermanager.go | 6 + .../api/operator/v1/types_storage.go | 6 + .../api/operator/v1/zz_generated.deepcopy.go | 77 +- .../v1/zz_generated.swagger_doc_generated.go | 157 +- ...rator_01_imagecontentsourcepolicy.crd.yaml | 123 +- .../openshift/api/operator/v1alpha1/types.go | 3 + .../types_image_content_source_policy.go | 6 + .../zz_generated.swagger_doc_generated.go | 6 +- ...10-pod-network-connectivity-check.crd.yaml | 448 ++- .../api/operatorcontrolplane/v1alpha1/doc.go | 1 + .../v1alpha1/types_conditioncheck.go | 6 + .../zz_generated.swagger_doc_generated.go | 4 +- .../github.com/openshift/api/osin/v1/types.go | 51 + .../openshift/api/project/v1/generated.proto | 9 + .../openshift/api/project/v1/types.go | 9 + .../v1/zz_generated.swagger_doc_generated.go | 6 +- ...openshift_01_clusterresourcequota.crd.yaml | 376 ++- ..._clusterresourcequota.crd.yaml-merge-patch | 13 - .../openshift/api/quota/v1/generated.proto | 12 + .../openshift/api/quota/v1/types.go | 12 + .../v1/zz_generated.swagger_doc_generated.go | 8 +- .../openshift/api/route/v1/generated.proto | 6 + .../openshift/api/route/v1/types.go | 6 + .../v1/zz_generated.swagger_doc_generated.go | 4 +- .../samples/v1/0000_10_samplesconfig.crd.yaml | 271 +- .../openshift/api/samples/v1/generated.proto | 5 + .../openshift/api/samples/v1/types_config.go | 5 + .../v1/zz_generated.swagger_doc_generated.go | 10 +- ...0000_03_security-openshift_01_scc.crd.yaml | 591 ++-- .../openshift/api/security/v1/generated.proto | 21 + .../openshift/api/security/v1/types.go | 21 + .../v1/zz_generated.swagger_doc_generated.go | 14 +- .../api/servicecertsigner/v1alpha1/types.go | 8 + .../zz_generated.swagger_doc_generated.go | 4 +- .../openshift/api/template/v1/generated.proto | 18 + .../openshift/api/template/v1/types.go | 18 + .../v1/zz_generated.swagger_doc_generated.go | 12 +- .../openshift/api/user/v1/generated.proto | 21 + .../github.com/openshift/api/user/v1/types.go | 21 + .../v1/zz_generated.swagger_doc_generated.go | 14 +- .../openshift/build-machinery-go/OWNERS | 1 + .../make/default.example.mk.help.log | 1 + .../build-machinery-go/make/default.mk | 20 +- .../build-machinery-go/make/golang.mk | 15 +- .../make/operator.example.mk.help.log | 1 + .../build-machinery-go/make/operator.mk | 9 +- .../make/targets/golang/build.mk | 11 +- .../make/targets/golang/test-unit.mk | 11 +- .../make/targets/golang/verify-update.mk | 13 +- .../make/targets/golang/version.mk | 17 +- .../make/targets/openshift/controller-gen.mk | 37 +- .../make/targets/openshift/crd-schema-gen.mk | 20 +- .../make/targets/openshift/deps-glide.mk | 3 +- .../make/targets/openshift/deps-gomod.mk | 13 +- .../make/targets/openshift/deps.mk | 10 +- .../make/targets/openshift/imagebuilder.mk | 25 + .../make/targets/openshift/images.mk | 2 +- .../make/targets/openshift/kustomize.mk | 27 + .../openshift/operator/profile-manifests.mk | 24 +- .../openshift/operator/telepresence.mk | 3 +- .../make/targets/openshift/rpm.mk | 11 +- .../make/targets/openshift/yaml-patch.mk | 21 +- .../make/targets/openshift/yq.mk | 21 +- .../config/leaderelection/leaderelection.go | 20 +- .../pkg/controller/controllercmd/builder.go | 18 +- .../pkg/controller/controllercmd/cmd.go | 12 +- .../pkg/controller/factory/base_controller.go | 10 +- .../pkg/controller/factory/eventfilters.go | 26 + .../pkg/operator/condition/condition.go | 72 - .../dynamic_operator_client.go | 67 +- .../operator/loglevel/logging_controller.go | 7 + .../operator/management/management_state.go | 36 +- .../management/management_state_controller.go | 76 - .../resourceapply/admissionregistration.go | 16 +- .../resource/resourceapply/apiextensions.go | 39 +- .../resource/resourceapply/apiregistration.go | 8 +- .../operator/resource/resourceapply/apps.go | 24 +- .../operator/resource/resourceapply/core.go | 169 +- .../resourceapply/credentialsrequest.go | 7 +- .../resource/resourceapply/generic.go | 73 +- .../resource/resourceapply/migration.go | 46 + .../resource/resourceapply/monitoring.go | 64 +- .../operator/resource/resourceapply/policy.go | 47 + .../operator/resource/resourceapply/rbac.go | 32 +- .../resource/resourceapply/storage.go | 24 +- .../resource/resourceapply/unstructured.go | 9 +- .../resourceapply/volumesnapshotclass.go | 116 + .../resource/resourcemerge/apiextensions.go | 37 + .../resource/resourceread/migration.go | 26 + .../operator/resource/resourceread/policy.go | 25 + .../pkg/operator/v1helpers/helpers.go | 35 + .../pkg/operator/v1helpers/interfaces.go | 8 + .../pkg/operator/v1helpers/test_helpers.go | 43 +- .../api/core/v1/annotation_key_constants.go | 4 +- .../pkg/api/resource/quantity_proto.go | 2 +- vendor/modules.txt | 27 +- .../pkg/apis/migration/v1alpha1/doc.go | 20 + .../pkg/apis/migration/v1alpha1/register.go | 54 + .../pkg/apis/migration/v1alpha1/types.go | 186 ++ .../v1alpha1/zz_generated.deepcopy.go | 275 ++ .../pkg/clients/clientset/clientset.go | 97 + .../pkg/clients/clientset/doc.go | 20 + .../pkg/clients/clientset/scheme/doc.go | 20 + .../pkg/clients/clientset/scheme/register.go | 56 + .../clientset/typed/migration/v1alpha1/doc.go | 20 + .../migration/v1alpha1/generated_expansion.go | 23 + .../migration/v1alpha1/migration_client.go | 94 + .../typed/migration/v1alpha1/storagestate.go | 184 ++ .../v1alpha1/storageversionmigration.go | 184 ++ 243 files changed, 13351 insertions(+), 11728 deletions(-) delete mode 100644 vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml-merge-patch create mode 100644 vendor/github.com/openshift/build-machinery-go/make/targets/openshift/imagebuilder.mk create mode 100644 vendor/github.com/openshift/build-machinery-go/make/targets/openshift/kustomize.mk create mode 100644 vendor/github.com/openshift/library-go/pkg/controller/factory/eventfilters.go delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/condition/condition.go delete mode 100644 vendor/github.com/openshift/library-go/pkg/operator/management/management_state_controller.go create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/migration.go create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/policy.go create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/volumesnapshotclass.go create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/migration.go create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/policy.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/doc.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/register.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/types.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/zz_generated.deepcopy.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/clientset.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/doc.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme/doc.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme/register.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/doc.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/generated_expansion.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/migration_client.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/storagestate.go create mode 100644 vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/storageversionmigration.go diff --git a/go.mod b/go.mod index 17d274350..ca6e7be06 100644 --- a/go.mod +++ b/go.mod @@ -5,17 +5,17 @@ go 1.13 require ( github.com/go-bindata/go-bindata v3.1.2+incompatible github.com/google/gofuzz v1.2.0 // indirect - github.com/openshift/api v0.0.0-20210423140644-156ca80f8d83 - github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e - github.com/openshift/client-go v0.0.0-20210422153130-25c8450d1535 - github.com/openshift/library-go v0.0.0-20210420183610-0e395da73318 + github.com/openshift/api v0.0.0-20210726144523-6fcabc0010ca + github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3 + github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142 + github.com/openshift/library-go v0.0.0-20210728105326-4a78e9dddb00 github.com/prometheus/client_golang v1.7.1 github.com/spf13/cobra v1.1.1 github.com/spf13/pflag v1.0.5 - k8s.io/api v0.21.0 - k8s.io/apimachinery v0.21.0 - k8s.io/client-go v0.21.0 - k8s.io/component-base v0.21.0 + k8s.io/api v0.21.1 + k8s.io/apimachinery v0.21.1 + k8s.io/client-go v0.21.1 + k8s.io/component-base v0.21.1 k8s.io/klog v1.0.0 sigs.k8s.io/kube-storage-version-migrator v0.0.5-0.20210421184352-acdee30ced21 ) diff --git a/go.sum b/go.sum index 8204e71fe..b3a5181ca 100644 --- a/go.sum +++ b/go.sum @@ -102,6 +102,11 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU= +github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ= +github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= +github.com/dave/kerr v0.0.0-20170318121727-bc25dd6abe8e/go.mod h1:qZqlPyPvfsDJt+3wHJ1EvSXDuVjFTK0j2p/ca+gtsb8= +github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWEmXBA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -253,6 +258,7 @@ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/pprof v0.0.0-20181127221834-b4f47329b966/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -392,23 +398,20 @@ github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/openshift/api v0.0.0-20210331162552-3e31249e6a55/go.mod h1:dZ4kytOo3svxJHNYd0J55hwe/6IQG5gAUHUE0F3Jkio= -github.com/openshift/api v0.0.0-20210331193751-3acddb19d360/go.mod h1:dZ4kytOo3svxJHNYd0J55hwe/6IQG5gAUHUE0F3Jkio= -github.com/openshift/api v0.0.0-20210422150128-d8a48168c81c/go.mod h1:dZ4kytOo3svxJHNYd0J55hwe/6IQG5gAUHUE0F3Jkio= -github.com/openshift/api v0.0.0-20210423140644-156ca80f8d83 h1:Rz7+q64KDked7wonxYd3r87QAcuiTSt5H+EPghmGMt0= -github.com/openshift/api v0.0.0-20210423140644-156ca80f8d83/go.mod h1:dZ4kytOo3svxJHNYd0J55hwe/6IQG5gAUHUE0F3Jkio= -github.com/openshift/build-machinery-go v0.0.0-20210209125900-0da259a2c359/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e h1:F7rBobgSjtYL3/zsgDUjlTVx3Z06hdgpoldpDcn7jzc= +github.com/openshift/api v0.0.0-20210521075222-e273a339932a/go.mod h1:izBmoXbUu3z5kUa4FjZhvekTsyzIWiOoaIgJiZBBMQs= +github.com/openshift/api v0.0.0-20210726144523-6fcabc0010ca h1:pRqnhgtIkZoDb4di1R+9JizseuYhNK7PKaktwdqmW+g= +github.com/openshift/api v0.0.0-20210726144523-6fcabc0010ca/go.mod h1:wf/SnvIX5Aq1NkALk26b2extjOGm3Q781gEgvr0+CDY= github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/openshift/client-go v0.0.0-20210331195552-cf6c2669e01f/go.mod h1:hHaRJ6vp2MRd/CpuZ1oJkqnMGy5eEnoAkQmKPZKcUPI= -github.com/openshift/client-go v0.0.0-20210422153130-25c8450d1535 h1:JGSJhDJiQxqUETyqseqeXD7X/hgA6V/F3WW/2dN4QCs= -github.com/openshift/client-go v0.0.0-20210422153130-25c8450d1535/go.mod h1:v5/AYttPCjfqMGC1Ed/vutuDpuXmgWc5O+W9nwQ7EtE= +github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3 h1:hYMLjavR8LrcCva788SxDqYjRc1k2w0LNGi7eX9vY5Y= +github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142 h1:ZHRIMCFIJN1p9LsJt4HQ+akDrys4PrYnXzOWI5LK03I= +github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142/go.mod h1:fjS8r9mqDVsPb5td3NehsNOAWa4uiFkYEfVZioQ2gH0= github.com/openshift/kube-storage-version-migrator v0.0.3-0.20210503105529-901a6d221d1c h1:+kJ9NXLQ24FIMt85B++O+XuDQi7mwM/JFq6xDQoJUkw= github.com/openshift/kube-storage-version-migrator v0.0.3-0.20210503105529-901a6d221d1c/go.mod h1:h1vYwmSiI2QF0w0M12CSOhCWTJY/ZifTDOqjKdUJtk0= github.com/openshift/kubernetes-apiserver v0.0.0-20210419140141-620426e63a99 h1:KrCYRAJcgZYzMCB1PjJHJMYPu/d+dEkelq5eYyi0fDw= github.com/openshift/kubernetes-apiserver v0.0.0-20210419140141-620426e63a99/go.mod h1:w2YSn4/WIwYuxG5zJmcqtRdtqgW/J2JRgFAqps3bBpg= -github.com/openshift/library-go v0.0.0-20210420183610-0e395da73318 h1:ib7um2nUXJUHU8QOwqkXXTfXFzPmQUdBhNXXrX8SrfY= -github.com/openshift/library-go v0.0.0-20210420183610-0e395da73318/go.mod h1:pnz961veImKsbn7pQcuFbcVpCQosYiC1fUOjzEDeOLU= +github.com/openshift/library-go v0.0.0-20210728105326-4a78e9dddb00 h1:lpbCjr/fHVA0jDHYQR/eNwfk3RbeyiR7TqW81nlyZmg= +github.com/openshift/library-go v0.0.0-20210728105326-4a78e9dddb00/go.mod h1:diy0KICoC34Kq5YQYJZmUNOSQ5iNFQoUQwzo4OUp2ng= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -529,6 +532,7 @@ go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -627,6 +631,7 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -727,6 +732,7 @@ golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200616195046-dc31b401abb5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -813,6 +819,7 @@ gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXL gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= @@ -835,28 +842,28 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= -k8s.io/api v0.21.0-rc.0/go.mod h1:Dkc/ZauWJrgZhjOjeBgW89xZQiTBJA2RaBKYHXPsi2Y= -k8s.io/api v0.21.0 h1:gu5iGF4V6tfVCQ/R+8Hc0h7H1JuEhzyEi9S4R5LM8+Y= k8s.io/api v0.21.0/go.mod h1:+YbrhBBGgsxbF6o6Kj4KJPJnBmAKuXDeS3E18bgHNVU= +k8s.io/api v0.21.1 h1:94bbZ5NTjdINJEdzOkpS4vdPhkb1VFpTYC9zh43f75c= +k8s.io/api v0.21.1/go.mod h1:FstGROTmsSHBarKc8bylzXih8BLNYTiS3TZcsoEDg2s= k8s.io/apiextensions-apiserver v0.18.2/go.mod h1:q3faSnRGmYimiocj6cHQ1I3WpLqmDgJFlKL37fC4ZvY= -k8s.io/apiextensions-apiserver v0.21.0-rc.0/go.mod h1:ItIoMBJU1gy93Qwr/B2699r4b0VmZqAOU+15BvozxMY= -k8s.io/apiextensions-apiserver v0.21.0 h1:Nd4uBuweg6ImzbxkC1W7xUNZcCV/8Vt10iTdTIVF3hw= k8s.io/apiextensions-apiserver v0.21.0/go.mod h1:gsQGNtGkc/YoDG9loKI0V+oLZM4ljRPjc/sql5tmvzc= +k8s.io/apiextensions-apiserver v0.21.1 h1:AA+cnsb6w7SZ1vD32Z+zdgfXdXY8X9uGX5bN6EoPEIo= +k8s.io/apiextensions-apiserver v0.21.1/go.mod h1:KESQFCGjqVcVsZ9g0xX5bacMjyX5emuWcS2arzdEouA= k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= -k8s.io/apimachinery v0.21.0-rc.0/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= -k8s.io/apimachinery v0.21.0 h1:3Fx+41if+IRavNcKOz09FwEXDBG6ORh6iMsTSelhkMA= k8s.io/apimachinery v0.21.0/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= +k8s.io/apimachinery v0.21.1 h1:Q6XuHGlj2xc+hlMCvqyYfbv3H7SRGn2c8NycxJquDVs= +k8s.io/apimachinery v0.21.1/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= -k8s.io/client-go v0.21.0-rc.0/go.mod h1:zU5HY/bSOKH3YOqoge9nFvICgrpeSdJu8DQ4fkjKIZk= -k8s.io/client-go v0.21.0 h1:n0zzzJsAQmJngpC0IhgFcApZyoGXPrDIAD601HD09ag= k8s.io/client-go v0.21.0/go.mod h1:nNBytTF9qPFDEhoqgEPaarobC8QPae13bElIVHzIglA= +k8s.io/client-go v0.21.1 h1:bhblWYLZKUu+pm50plvQF8WpY6TXdRRtcS/K9WauOj4= +k8s.io/client-go v0.21.1/go.mod h1:/kEw4RgW+3xnBGzvp9IWxKSNA+lXn3A7AuH3gdOAzLs= k8s.io/code-generator v0.18.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= -k8s.io/code-generator v0.21.0-rc.0/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= k8s.io/code-generator v0.21.0/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= +k8s.io/code-generator v0.21.1/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= k8s.io/component-base v0.18.2/go.mod h1:kqLlMuhJNHQ9lz8Z7V5bxUUtjFZnrypArGl58gmDfUM= -k8s.io/component-base v0.21.0-rc.0/go.mod h1:XlP0bM7QJFWRGZYPc5NmphkvsYQ+o7804HWH3GTGjDY= -k8s.io/component-base v0.21.0 h1:tLLGp4BBjQaCpS/KiuWh7m2xqvAdsxLm4ATxHSe5Zpg= k8s.io/component-base v0.21.0/go.mod h1:qvtjz6X0USWXbgmbfXR+Agik4RZ3jv2Bgr5QnZzdPYw= +k8s.io/component-base v0.21.1 h1:iLpj2btXbR326s/xNQWmPNGu0gaYSjzn7IN/5i28nQw= +k8s.io/component-base v0.21.1/go.mod h1:NgzFZ2qu4m1juby4TnrmpR8adRk6ka62YdH5DkIIyKA= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -869,9 +876,9 @@ k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.8.0 h1:Q3gmuM9hKEjefWFFYF0Mat+YyFJvsUyYuwyNNJ5C9Ts= k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= -k8s.io/kube-aggregator v0.21.0-rc.0/go.mod h1:M+whOmsAeQf8ObJ0/eO9Af1Dz2UQEB9OW9BWmt9b2sU= -k8s.io/kube-aggregator v0.21.0 h1:my2WYu8RJcj/ZzWAjPPnmxNRELk/iCdPjMaOmsZOeBU= k8s.io/kube-aggregator v0.21.0/go.mod h1:sIaa9L4QCBo9gjPyoGJns4cBjYVLq3s49FxF7m/1A0A= +k8s.io/kube-aggregator v0.21.1 h1:3pPRhOXZcJYjNDjPDizFx0G5//DArWKANZE03J5z8Ck= +k8s.io/kube-aggregator v0.21.1/go.mod h1:cAZ0n02IiSl57sQSHz4vvrz3upQRMbytOiZnpPJaQzQ= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7 h1:vEx13qjvaZ4yfObSSXW7BrMc/KQBBT/Jyee8XtLf4x0= k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index 8a25ed492..a3e30d74f 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -1,6 +1,9 @@ all: build .PHONY: all +# Ensure update-scripts are run before crd-gen so updates to Godoc are included in CRDs. +update-codegen-crds: update-scripts + # Include the library makefile include $(addprefix ./vendor/github.com/openshift/build-machinery-go/make/, \ golang.mk \ @@ -13,7 +16,7 @@ GO_BUILD_PACKAGES :=$(GO_PACKAGES) GO_BUILD_PACKAGES_EXPANDED :=$(GO_BUILD_PACKAGES) # LDFLAGS are not needed for dummy builds (saving time on calling git commands) GO_LD_FLAGS:= -CONTROLLER_GEN_VERSION :=v0.2.5 +CONTROLLER_GEN_VERSION :=v0.6.0 # $1 - target name # $2 - apis @@ -48,15 +51,17 @@ verify-scripts: hack/verify-crds.sh bash -x hack/verify-types.sh hack/verify-crds-version-upgrade.sh + bash -x hack/verify-compatibility.sh + .PHONY: verify-scripts verify: verify-scripts verify-codegen-crds update-scripts: hack/update-deepcopy.sh + hack/update-compatibility.sh hack/update-protobuf.sh hack/update-swagger-docs.sh .PHONY: update-scripts -update: update-scripts update-codegen-crds generate-with-container: Dockerfile.build $(RUNTIME) build -t $(RUNTIME_IMAGE_NAME) -f Dockerfile.build . diff --git a/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml b/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml index 4442f2a14..169106ecb 100644 --- a/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml +++ b/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/897 include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" name: apirequestcounts.apiserver.openshift.io @@ -14,224 +15,100 @@ spec: singular: apirequestcount scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: RemovedInRelease - type: string - description: Release in which an API will be removed. - jsonPath: .status.removedInRelease - - name: RequestsInCurrentHour - type: integer - description: Number of requests in the last hour. - jsonPath: .status.requestsInTheCurrentHour.requestCount - - name: RequestsInLast24h - type: integer - description: Number of requests in the last 24h. - jsonPath: .status.requestCount - "schema": - "openAPIV3Schema": - description: APIRequestCount tracks requests made to an API. The instance - name must be of the form `resource.version.group`, matching the resource. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec defines the characteristics of the resource. - type: object - properties: - numberOfUsersToReport: - description: numberOfUsersToReport is the number of users to include - in the report. If unspecified or zero, the default is ten. This - is default is subject to change. - type: integer - format: int64 - default: 10 - maximum: 100 - minimum: 0 - status: - description: status contains the observed state of the resource. - type: object - properties: - conditions: - description: conditions contains details of the current status of - this API Resource. - type: array - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - currentHour: - description: currentHour contains request history for the current - hour. This is porcelain to make the API easier to read by humans - seeing if they addressed a problem. This field is reset on the hour. - type: object - properties: - byNode: - description: byNode contains logs of requests per node. - type: array - maxItems: 512 - items: - description: PerNodeAPIRequestLog contains logs of requests - to a certain node. - type: object - properties: - byUser: - description: byUser contains request details by top .spec.numberOfUsersToReport - users. Note that because in the case of an apiserver, - restart the list of top users is determined on a best-effort - basis, the list might be imprecise. In addition, some - system users may be explicitly included in the list. - type: array - maxItems: 500 - items: - description: PerUserAPIRequestCount contains logs of a - user's requests. - type: object - properties: - byVerb: - description: byVerb details by verb. - type: array - maxItems: 10 - items: - description: PerVerbAPIRequestCount requestCounts - requests by API request verb. - type: object - properties: - requestCount: - description: requestCount of requests for verb. - type: integer - format: int64 - minimum: 0 - verb: - description: verb of API request (get, list, - create, etc...) - type: string - maxLength: 20 - requestCount: - description: requestCount of requests by the user - across all verbs. - type: integer - format: int64 - minimum: 0 - userAgent: - description: userAgent that made the request. The - same user often has multiple binaries which connect - (pods with many containers). The different binaries - will have different userAgents, but the same user. In - addition, we have userAgents with version information - embedded and the userName isn't likely to change. - type: string - maxLength: 1024 - username: - description: userName that made the request. - type: string - maxLength: 512 - nodeName: - description: nodeName where the request are being handled. - type: string - maxLength: 512 - minLength: 1 - requestCount: - description: requestCount is a sum of all requestCounts - across all users, even those outside of the top 10 users. - type: integer - format: int64 - minimum: 0 - requestCount: - description: requestCount is a sum of all requestCounts across - nodes. - type: integer - format: int64 - minimum: 0 - last24h: - description: last24h contains request history for the last 24 hours, - indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am - is index 6, etc. The index of the current hour is updated live and - then duplicated into the requestsLastHour field. - type: array - maxItems: 24 - items: - description: PerResourceAPIRequestLog logs request for various nodes. + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: RemovedInRelease + type: string + description: Release in which an API will be removed. + jsonPath: .status.removedInRelease + - name: RequestsInCurrentHour + type: integer + description: Number of requests in the current hour. + jsonPath: .status.currentHour.requestCount + - name: RequestsInLast24h + type: integer + description: Number of requests in the last 24h. + jsonPath: .status.requestCount + "schema": + "openAPIV3Schema": + description: "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec defines the characteristics of the resource. + type: object + properties: + numberOfUsersToReport: + description: numberOfUsersToReport is the number of users to include in the report. If unspecified or zero, the default is ten. This is default is subject to change. + type: integer + format: int64 + default: 10 + maximum: 100 + minimum: 0 + status: + description: status contains the observed state of the resource. + type: object + properties: + conditions: + description: conditions contains details of the current status of this API Resource. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + currentHour: + description: currentHour contains request history for the current hour. This is porcelain to make the API easier to read by humans seeing if they addressed a problem. This field is reset on the hour. type: object properties: byNode: @@ -239,21 +116,15 @@ spec: type: array maxItems: 512 items: - description: PerNodeAPIRequestLog contains logs of requests - to a certain node. + description: PerNodeAPIRequestLog contains logs of requests to a certain node. type: object properties: byUser: - description: byUser contains request details by top .spec.numberOfUsersToReport - users. Note that because in the case of an apiserver, - restart the list of top users is determined on a best-effort - basis, the list might be imprecise. In addition, some - system users may be explicitly included in the list. + description: byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list. type: array maxItems: 500 items: - description: PerUserAPIRequestCount contains logs of - a user's requests. + description: PerUserAPIRequestCount contains logs of a user's requests. type: object properties: byVerb: @@ -261,34 +132,25 @@ spec: type: array maxItems: 10 items: - description: PerVerbAPIRequestCount requestCounts - requests by API request verb. + description: PerVerbAPIRequestCount requestCounts requests by API request verb. type: object properties: requestCount: - description: requestCount of requests for - verb. + description: requestCount of requests for verb. type: integer format: int64 minimum: 0 verb: - description: verb of API request (get, list, - create, etc...) + description: verb of API request (get, list, create, etc...) type: string maxLength: 20 requestCount: - description: requestCount of requests by the user - across all verbs. + description: requestCount of requests by the user across all verbs. type: integer format: int64 minimum: 0 userAgent: - description: userAgent that made the request. The - same user often has multiple binaries which connect - (pods with many containers). The different binaries - will have different userAgents, but the same user. In - addition, we have userAgents with version information - embedded and the userName isn't likely to change. + description: userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change. type: string maxLength: 1024 username: @@ -301,26 +163,92 @@ spec: maxLength: 512 minLength: 1 requestCount: - description: requestCount is a sum of all requestCounts - across all users, even those outside of the top 10 users. + description: requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users. type: integer format: int64 minimum: 0 requestCount: - description: requestCount is a sum of all requestCounts across - nodes. + description: requestCount is a sum of all requestCounts across nodes. type: integer format: int64 minimum: 0 - removedInRelease: - description: removedInRelease is when the API will be removed. - type: string - maxLength: 64 - minLength: 0 - pattern: ^[0-9][0-9]*\.[0-9][0-9]*$ - requestCount: - description: requestCount is a sum of all requestCounts across all - current hours, nodes, and users. - type: integer - format: int64 - minimum: 0 + last24h: + description: last24h contains request history for the last 24 hours, indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am is index 6, etc. The index of the current hour is updated live and then duplicated into the requestsLastHour field. + type: array + maxItems: 24 + items: + description: PerResourceAPIRequestLog logs request for various nodes. + type: object + properties: + byNode: + description: byNode contains logs of requests per node. + type: array + maxItems: 512 + items: + description: PerNodeAPIRequestLog contains logs of requests to a certain node. + type: object + properties: + byUser: + description: byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list. + type: array + maxItems: 500 + items: + description: PerUserAPIRequestCount contains logs of a user's requests. + type: object + properties: + byVerb: + description: byVerb details by verb. + type: array + maxItems: 10 + items: + description: PerVerbAPIRequestCount requestCounts requests by API request verb. + type: object + properties: + requestCount: + description: requestCount of requests for verb. + type: integer + format: int64 + minimum: 0 + verb: + description: verb of API request (get, list, create, etc...) + type: string + maxLength: 20 + requestCount: + description: requestCount of requests by the user across all verbs. + type: integer + format: int64 + minimum: 0 + userAgent: + description: userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change. + type: string + maxLength: 1024 + username: + description: userName that made the request. + type: string + maxLength: 512 + nodeName: + description: nodeName where the request are being handled. + type: string + maxLength: 512 + minLength: 1 + requestCount: + description: requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users. + type: integer + format: int64 + minimum: 0 + requestCount: + description: requestCount is a sum of all requestCounts across nodes. + type: integer + format: int64 + minimum: 0 + removedInRelease: + description: removedInRelease is when the API will be removed. + type: string + maxLength: 64 + minLength: 0 + pattern: ^[0-9][0-9]*\.[0-9][0-9]*$ + requestCount: + description: requestCount is a sum of all requestCounts across all current hours, nodes, and users. + type: integer + format: int64 + minimum: 0 diff --git a/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go b/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go index 61f56a161..c8b469f6c 100644 --- a/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go +++ b/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go @@ -14,9 +14,12 @@ const ( // +kubebuilder:resource:scope="Cluster" // +kubebuilder:subresource:status // +genclient:nonNamespaced +// +openshift:compatibility-gen:level=1 // APIRequestCount tracks requests made to an API. The instance name must // be of the form `resource.version.group`, matching the resource. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). type APIRequestCount struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -149,8 +152,11 @@ type PerVerbAPIRequestCount struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 // APIRequestCountList is a list of APIRequestCount resources. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). type APIRequestCountList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/apiserver/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/apiserver/v1/zz_generated.swagger_doc_generated.go index d028d3696..3a56e1ee0 100644 --- a/vendor/github.com/openshift/api/apiserver/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/apiserver/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_APIRequestCount = map[string]string{ - "": "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource.", + "": "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec defines the characteristics of the resource.", "status": "status contains the observed state of the resource.", } @@ -22,7 +22,7 @@ func (APIRequestCount) SwaggerDoc() map[string]string { } var map_APIRequestCountList = map[string]string{ - "": "APIRequestCountList is a list of APIRequestCount resources.", + "": "APIRequestCountList is a list of APIRequestCount resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (APIRequestCountList) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/apps/v1/generated.proto b/vendor/github.com/openshift/api/apps/v1/generated.proto index 464ed9a51..599407f29 100644 --- a/vendor/github.com/openshift/api/apps/v1/generated.proto +++ b/vendor/github.com/openshift/api/apps/v1/generated.proto @@ -72,6 +72,9 @@ message DeploymentCondition { // Triggers can be disabled to allow manual control over a deployment. The "strategy" determines how the deployment // is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment // is triggered by any means. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message DeploymentConfig { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -84,6 +87,9 @@ message DeploymentConfig { } // DeploymentConfigList is a collection of deployment configs. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message DeploymentConfigList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -92,6 +98,9 @@ message DeploymentConfigList { } // DeploymentConfigRollback provides the input to rollback generation. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message DeploymentConfigRollback { // Name of the deployment config that will be rolled back. optional string name = 1; @@ -213,10 +222,16 @@ message DeploymentDetails { } // DeploymentLog represents the logs for a deployment +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message DeploymentLog { } // DeploymentLogOptions is the REST options for a deployment log +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message DeploymentLogOptions { // The container for which to stream logs. Defaults to only container if there is one container in the pod. optional string container = 1; @@ -263,6 +278,9 @@ message DeploymentLogOptions { } // DeploymentRequest is a request to a deployment config for a new deployment. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message DeploymentRequest { // Name of the deployment config for requesting a new deployment. optional string name = 1; diff --git a/vendor/github.com/openshift/api/apps/v1/types.go b/vendor/github.com/openshift/api/apps/v1/types.go index 2a2a7e7b5..d6fbd0954 100644 --- a/vendor/github.com/openshift/api/apps/v1/types.go +++ b/vendor/github.com/openshift/api/apps/v1/types.go @@ -24,6 +24,9 @@ import ( // Triggers can be disabled to allow manual control over a deployment. The "strategy" determines how the deployment // is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment // is triggered by any means. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DeploymentConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -388,6 +391,9 @@ type DeploymentCondition struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DeploymentConfigList is a collection of deployment configs. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DeploymentConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -399,6 +405,9 @@ type DeploymentConfigList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DeploymentConfigRollback provides the input to rollback generation. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DeploymentConfigRollback struct { metav1.TypeMeta `json:",inline"` // Name of the deployment config that will be rolled back. @@ -428,6 +437,9 @@ type DeploymentConfigRollbackSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DeploymentRequest is a request to a deployment config for a new deployment. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DeploymentRequest struct { metav1.TypeMeta `json:",inline"` // Name of the deployment config for requesting a new deployment. @@ -446,6 +458,9 @@ type DeploymentRequest struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DeploymentLog represents the logs for a deployment +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DeploymentLog struct { metav1.TypeMeta `json:",inline"` } @@ -453,6 +468,9 @@ type DeploymentLog struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DeploymentLogOptions is the REST options for a deployment log +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DeploymentLogOptions struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go index 9e3a07e8f..fe9ec2faf 100644 --- a/vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go @@ -56,7 +56,7 @@ func (DeploymentCondition) SwaggerDoc() map[string]string { } var map_DeploymentConfig = map[string]string{ - "": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.", + "": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec represents a desired deployment state and how to deploy to it.", "status": "Status represents the current deployment state.", } @@ -66,7 +66,7 @@ func (DeploymentConfig) SwaggerDoc() map[string]string { } var map_DeploymentConfigList = map[string]string{ - "": "DeploymentConfigList is a collection of deployment configs.", + "": "DeploymentConfigList is a collection of deployment configs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of deployment configs", } @@ -75,7 +75,7 @@ func (DeploymentConfigList) SwaggerDoc() map[string]string { } var map_DeploymentConfigRollback = map[string]string{ - "": "DeploymentConfigRollback provides the input to rollback generation.", + "": "DeploymentConfigRollback provides the input to rollback generation.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "name": "Name of the deployment config that will be rolled back.", "updatedAnnotations": "UpdatedAnnotations is a set of new annotations that will be added in the deployment config.", "spec": "Spec defines the options to rollback generation.", @@ -144,7 +144,7 @@ func (DeploymentDetails) SwaggerDoc() map[string]string { } var map_DeploymentLog = map[string]string{ - "": "DeploymentLog represents the logs for a deployment", + "": "DeploymentLog represents the logs for a deployment\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (DeploymentLog) SwaggerDoc() map[string]string { @@ -152,7 +152,7 @@ func (DeploymentLog) SwaggerDoc() map[string]string { } var map_DeploymentLogOptions = map[string]string{ - "": "DeploymentLogOptions is the REST options for a deployment log", + "": "DeploymentLogOptions is the REST options for a deployment log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "container": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", "follow": "Follow if true indicates that the build log should be streamed until the build terminates.", "previous": "Return previous deployment logs. Defaults to false.", @@ -170,7 +170,7 @@ func (DeploymentLogOptions) SwaggerDoc() map[string]string { } var map_DeploymentRequest = map[string]string{ - "": "DeploymentRequest is a request to a deployment config for a new deployment.", + "": "DeploymentRequest is a request to a deployment config for a new deployment.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "name": "Name of the deployment config for requesting a new deployment.", "latest": "Latest will update the deployment config with the latest state from all triggers.", "force": "Force will try to force a new deployment to run. If the deployment config is paused, then setting this to true will return an Invalid error.", diff --git a/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml b/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml index ce911a84d..0158c8be6 100644 --- a/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml +++ b/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml @@ -1,210 +1,156 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: rolebindingrestrictions.authorization.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: rolebindingrestrictions.authorization.openshift.io spec: group: authorization.openshift.io - scope: Namespaced names: kind: RoleBindingRestriction listKind: RoleBindingRestrictionList plural: rolebindingrestrictions singular: rolebindingrestriction + scope: Namespaced versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - description: RoleBindingRestriction is an object that can be matched against - a subject (user, group, or service account) to determine whether rolebindings - on that subject are allowed in the namespace to which the RoleBindingRestriction - belongs. If any one of those RoleBindingRestriction objects matches a subject, - rolebindings on that subject in the namespace are allowed. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the matcher. - type: object - properties: - grouprestriction: - description: GroupRestriction matches against group subjects. - type: object - properties: - groups: - description: Groups is a list of groups used to match against - an individual user's groups. If the user is a member of one - of the whitelisted groups, the user is allowed to be bound to - a role. - type: array - items: - type: string - nullable: true - labels: - description: Selectors specifies a list of label selectors over - group labels. - type: array - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - type: array - items: + - name: v1 + schema: + openAPIV3Schema: + description: "RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs. If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the matcher. + type: object + properties: + grouprestriction: + description: GroupRestriction matches against group subjects. + type: object + properties: + groups: + description: Groups is a list of groups used to match against an individual user's groups. If the user is a member of one of the whitelisted groups, the user is allowed to be bound to a role. + type: array + items: + type: string + nullable: true + labels: + description: Selectors specifies a list of label selectors over group labels. + type: array + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - nullable: true - nullable: true - serviceaccountrestriction: - description: ServiceAccountRestriction matches against service-account - subjects. - type: object - properties: - namespaces: - description: Namespaces specifies a list of literal namespace - names. - type: array - items: - type: string - serviceaccounts: - description: ServiceAccounts specifies a list of literal service-account - names. - type: array - items: - description: ServiceAccountReference specifies a service account - and namespace by their names. - type: object - properties: - name: - description: Name is the name of the service account. - type: string - namespace: - description: Namespace is the namespace of the service account. Service - accounts from inside the whitelisted namespaces are allowed - to be bound to roles. If Namespace is empty, then the - namespace of the RoleBindingRestriction in which the ServiceAccountReference - is embedded is used. - type: string - nullable: true - userrestriction: - description: UserRestriction matches against user subjects. - type: object - properties: - groups: - description: Groups specifies a list of literal group names. - type: array - items: - type: string - nullable: true - labels: - description: Selectors specifies a list of label selectors over - user labels. - type: array - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - type: array - items: + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - additionalProperties: + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + nullable: true + nullable: true + serviceaccountrestriction: + description: ServiceAccountRestriction matches against service-account subjects. + type: object + properties: + namespaces: + description: Namespaces specifies a list of literal namespace names. + type: array + items: + type: string + serviceaccounts: + description: ServiceAccounts specifies a list of literal service-account names. + type: array + items: + description: ServiceAccountReference specifies a service account and namespace by their names. + type: object + properties: + name: + description: Name is the name of the service account. + type: string + namespace: + description: Namespace is the namespace of the service account. Service accounts from inside the whitelisted namespaces are allowed to be bound to roles. If Namespace is empty, then the namespace of the RoleBindingRestriction in which the ServiceAccountReference is embedded is used. type: string - nullable: true - users: - description: Users specifies a list of literal user names. - type: array - items: - type: string - nullable: true + nullable: true + userrestriction: + description: UserRestriction matches against user subjects. + type: object + properties: + groups: + description: Groups specifies a list of literal group names. + type: array + items: + type: string + nullable: true + labels: + description: Selectors specifies a list of label selectors over user labels. + type: array + items: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + nullable: true + users: + description: Users specifies a list of literal user names. + type: array + items: + type: string + nullable: true + served: true + storage: true diff --git a/vendor/github.com/openshift/api/authorization/v1/generated.proto b/vendor/github.com/openshift/api/authorization/v1/generated.proto index 5bf2e5df6..e1c8b08f9 100644 --- a/vendor/github.com/openshift/api/authorization/v1/generated.proto +++ b/vendor/github.com/openshift/api/authorization/v1/generated.proto @@ -48,6 +48,9 @@ message Action { } // ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ClusterRole { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -63,6 +66,9 @@ message ClusterRole { // ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. // It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. // ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces). +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ClusterRoleBinding { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -94,6 +100,9 @@ message ClusterRoleBinding { } // ClusterRoleBindingList is a collection of ClusterRoleBindings +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ClusterRoleBindingList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -102,6 +111,9 @@ message ClusterRoleBindingList { } // ClusterRoleList is a collection of ClusterRoles +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ClusterRoleList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -124,16 +136,25 @@ message GroupRestriction { } // IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message IsPersonalSubjectAccessReview { } // LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message LocalResourceAccessReview { // Action describes the action being tested. The Namespace element is FORCED to the current namespace. optional Action Action = 1; } // LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message LocalSubjectAccessReview { // Action describes the action being tested. The Namespace element is FORCED to the current namespace. optional Action Action = 1; @@ -237,12 +258,18 @@ message PolicyRule { // ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the // action specified by spec +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ResourceAccessReview { // Action describes the action being tested. optional Action Action = 1; } // ResourceAccessReviewResponse describes who can perform the action +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ResourceAccessReviewResponse { // Namespace is the namespace used for the access review optional string namespace = 1; @@ -262,6 +289,9 @@ message ResourceAccessReviewResponse { } // Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Role { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -272,6 +302,9 @@ message Role { // RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. // It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. // RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces). +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RoleBinding { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -303,6 +336,9 @@ message RoleBinding { } // RoleBindingList is a collection of RoleBindings +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RoleBindingList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -315,6 +351,9 @@ message RoleBindingList { // subject are allowed in the namespace to which the RoleBindingRestriction // belongs. If any one of those RoleBindingRestriction objects matches // a subject, rolebindings on that subject in the namespace are allowed. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RoleBindingRestriction { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -323,6 +362,9 @@ message RoleBindingRestriction { } // RoleBindingRestrictionList is a collection of RoleBindingRestriction objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RoleBindingRestrictionList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -347,6 +389,9 @@ message RoleBindingRestrictionSpec { } // RoleList is a collection of Roles +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RoleList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -355,6 +400,9 @@ message RoleList { } // SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message SelfSubjectRulesReview { // Spec adds information about how to conduct the check optional SelfSubjectRulesReviewSpec spec = 1; @@ -396,6 +444,9 @@ message ServiceAccountRestriction { } // SubjectAccessReview is an object for requesting information about whether a user or group can perform an action +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message SubjectAccessReview { // Action describes the action being tested. optional Action Action = 1; @@ -415,6 +466,9 @@ message SubjectAccessReview { } // SubjectAccessReviewResponse describes whether or not a user or group can perform an action +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message SubjectAccessReviewResponse { // Namespace is the namespace used for the access review optional string namespace = 1; @@ -432,6 +486,9 @@ message SubjectAccessReviewResponse { } // SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message SubjectRulesReview { // Spec adds information about how to conduct the check optional SubjectRulesReviewSpec spec = 1; diff --git a/vendor/github.com/openshift/api/authorization/v1/types.go b/vendor/github.com/openshift/api/authorization/v1/types.go index 355d2f312..25be9b37b 100644 --- a/vendor/github.com/openshift/api/authorization/v1/types.go +++ b/vendor/github.com/openshift/api/authorization/v1/types.go @@ -52,6 +52,9 @@ type PolicyRule struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type IsPersonalSubjectAccessReview struct { metav1.TypeMeta `json:",inline"` } @@ -60,6 +63,9 @@ type IsPersonalSubjectAccessReview struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Role struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -83,6 +89,9 @@ func (t OptionalNames) String() string { // RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. // It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. // RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces). +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RoleBinding struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -133,6 +142,9 @@ type NamedRoleBinding struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type SelfSubjectRulesReview struct { metav1.TypeMeta `json:",inline"` @@ -156,6 +168,9 @@ type SelfSubjectRulesReviewSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type SubjectRulesReview struct { metav1.TypeMeta `json:",inline"` @@ -188,6 +203,9 @@ type SubjectRulesReviewStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ResourceAccessReviewResponse describes who can perform the action +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ResourceAccessReviewResponse struct { metav1.TypeMeta `json:",inline"` @@ -214,6 +232,9 @@ type ResourceAccessReviewResponse struct { // ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the // action specified by spec +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ResourceAccessReview struct { metav1.TypeMeta `json:",inline"` @@ -224,6 +245,9 @@ type ResourceAccessReview struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SubjectAccessReviewResponse describes whether or not a user or group can perform an action +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type SubjectAccessReviewResponse struct { metav1.TypeMeta `json:",inline"` @@ -255,6 +279,9 @@ func (t OptionalScopes) String() string { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SubjectAccessReview is an object for requesting information about whether a user or group can perform an action +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type SubjectAccessReview struct { metav1.TypeMeta `json:",inline"` @@ -278,6 +305,9 @@ type SubjectAccessReview struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type LocalResourceAccessReview struct { metav1.TypeMeta `json:",inline"` @@ -291,6 +321,9 @@ type LocalResourceAccessReview struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type LocalSubjectAccessReview struct { metav1.TypeMeta `json:",inline"` @@ -336,6 +369,9 @@ type Action struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RoleBindingList is a collection of RoleBindings +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RoleBindingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -347,6 +383,9 @@ type RoleBindingList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RoleList is a collection of Roles +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RoleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -360,6 +399,9 @@ type RoleList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterRole struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -380,6 +422,9 @@ type ClusterRole struct { // ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. // It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. // ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces). +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterRoleBinding struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -428,6 +473,9 @@ type NamedClusterRoleBinding struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ClusterRoleBindingList is a collection of ClusterRoleBindings +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterRoleBindingList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -439,6 +487,9 @@ type ClusterRoleBindingList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ClusterRoleList is a collection of ClusterRoles +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterRoleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -455,6 +506,9 @@ type ClusterRoleList struct { // subject are allowed in the namespace to which the RoleBindingRestriction // belongs. If any one of those RoleBindingRestriction objects matches // a subject, rolebindings on that subject in the namespace are allowed. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RoleBindingRestriction struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` @@ -482,6 +536,9 @@ type RoleBindingRestrictionSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RoleBindingRestrictionList is a collection of RoleBindingRestriction objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RoleBindingRestrictionList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go index 8bce982f1..746b318c3 100644 --- a/vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go @@ -29,7 +29,7 @@ func (Action) SwaggerDoc() map[string]string { } var map_ClusterRole = map[string]string{ - "": "ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.", + "": "ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "rules": "Rules holds all the PolicyRules for this ClusterRole", "aggregationRule": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", } @@ -39,7 +39,7 @@ func (ClusterRole) SwaggerDoc() map[string]string { } var map_ClusterRoleBinding = map[string]string{ - "": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).", + "": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "userNames": "UserNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "groupNames": "GroupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "subjects": "Subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", @@ -51,7 +51,7 @@ func (ClusterRoleBinding) SwaggerDoc() map[string]string { } var map_ClusterRoleBindingList = map[string]string{ - "": "ClusterRoleBindingList is a collection of ClusterRoleBindings", + "": "ClusterRoleBindingList is a collection of ClusterRoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of ClusterRoleBindings", } @@ -60,7 +60,7 @@ func (ClusterRoleBindingList) SwaggerDoc() map[string]string { } var map_ClusterRoleList = map[string]string{ - "": "ClusterRoleList is a collection of ClusterRoles", + "": "ClusterRoleList is a collection of ClusterRoles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of ClusterRoles", } @@ -79,7 +79,7 @@ func (GroupRestriction) SwaggerDoc() map[string]string { } var map_IsPersonalSubjectAccessReview = map[string]string{ - "": "IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed", + "": "IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (IsPersonalSubjectAccessReview) SwaggerDoc() map[string]string { @@ -87,7 +87,7 @@ func (IsPersonalSubjectAccessReview) SwaggerDoc() map[string]string { } var map_LocalResourceAccessReview = map[string]string{ - "": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace", + "": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (LocalResourceAccessReview) SwaggerDoc() map[string]string { @@ -95,7 +95,7 @@ func (LocalResourceAccessReview) SwaggerDoc() map[string]string { } var map_LocalSubjectAccessReview = map[string]string{ - "": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace", + "": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "user": "User is optional. If both User and Groups are empty, the current authenticated user is used.", "groups": "Groups is optional. Groups is the list of groups to which the User belongs.", "scopes": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", @@ -160,7 +160,7 @@ func (PolicyRule) SwaggerDoc() map[string]string { } var map_ResourceAccessReview = map[string]string{ - "": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec", + "": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ResourceAccessReview) SwaggerDoc() map[string]string { @@ -168,7 +168,7 @@ func (ResourceAccessReview) SwaggerDoc() map[string]string { } var map_ResourceAccessReviewResponse = map[string]string{ - "": "ResourceAccessReviewResponse describes who can perform the action", + "": "ResourceAccessReviewResponse describes who can perform the action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespace": "Namespace is the namespace used for the access review", "users": "UsersSlice is the list of users who can perform the action", "groups": "GroupsSlice is the list of groups who can perform the action", @@ -180,7 +180,7 @@ func (ResourceAccessReviewResponse) SwaggerDoc() map[string]string { } var map_Role = map[string]string{ - "": "Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.", + "": "Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "rules": "Rules holds all the PolicyRules for this Role", } @@ -189,7 +189,7 @@ func (Role) SwaggerDoc() map[string]string { } var map_RoleBinding = map[string]string{ - "": "RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).", + "": "RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "userNames": "UserNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "groupNames": "GroupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "subjects": "Subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", @@ -201,7 +201,7 @@ func (RoleBinding) SwaggerDoc() map[string]string { } var map_RoleBindingList = map[string]string{ - "": "RoleBindingList is a collection of RoleBindings", + "": "RoleBindingList is a collection of RoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of RoleBindings", } @@ -210,7 +210,7 @@ func (RoleBindingList) SwaggerDoc() map[string]string { } var map_RoleBindingRestriction = map[string]string{ - "": "RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs. If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed.", + "": "RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs. If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec defines the matcher.", } @@ -219,7 +219,7 @@ func (RoleBindingRestriction) SwaggerDoc() map[string]string { } var map_RoleBindingRestrictionList = map[string]string{ - "": "RoleBindingRestrictionList is a collection of RoleBindingRestriction objects.", + "": "RoleBindingRestrictionList is a collection of RoleBindingRestriction objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of RoleBindingRestriction objects.", } @@ -239,7 +239,7 @@ func (RoleBindingRestrictionSpec) SwaggerDoc() map[string]string { } var map_RoleList = map[string]string{ - "": "RoleList is a collection of Roles", + "": "RoleList is a collection of Roles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of Roles", } @@ -248,7 +248,7 @@ func (RoleList) SwaggerDoc() map[string]string { } var map_SelfSubjectRulesReview = map[string]string{ - "": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace", + "": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec adds information about how to conduct the check", "status": "Status is completed by the server to tell which permissions you have", } @@ -287,7 +287,7 @@ func (ServiceAccountRestriction) SwaggerDoc() map[string]string { } var map_SubjectAccessReview = map[string]string{ - "": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action", + "": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "user": "User is optional. If both User and Groups are empty, the current authenticated user is used.", "groups": "GroupsSlice is optional. Groups is the list of groups to which the User belongs.", "scopes": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", @@ -298,7 +298,7 @@ func (SubjectAccessReview) SwaggerDoc() map[string]string { } var map_SubjectAccessReviewResponse = map[string]string{ - "": "SubjectAccessReviewResponse describes whether or not a user or group can perform an action", + "": "SubjectAccessReviewResponse describes whether or not a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "namespace": "Namespace is the namespace used for the access review", "allowed": "Allowed is required. True if the action would be allowed, false otherwise.", "reason": "Reason is optional. It indicates why a request was allowed or denied.", @@ -310,7 +310,7 @@ func (SubjectAccessReviewResponse) SwaggerDoc() map[string]string { } var map_SubjectRulesReview = map[string]string{ - "": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace", + "": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec adds information about how to conduct the check", "status": "Status is completed by the server to tell which permissions you have", } diff --git a/vendor/github.com/openshift/api/build/v1/generated.pb.go b/vendor/github.com/openshift/api/build/v1/generated.pb.go index 54ddd2c22..15a4b6994 100644 --- a/vendor/github.com/openshift/api/build/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/build/v1/generated.pb.go @@ -677,10 +677,94 @@ func (m *BuildTriggerPolicy) XXX_DiscardUnknown() { var xxx_messageInfo_BuildTriggerPolicy proto.InternalMessageInfo +func (m *BuildVolume) Reset() { *m = BuildVolume{} } +func (*BuildVolume) ProtoMessage() {} +func (*BuildVolume) Descriptor() ([]byte, []int) { + return fileDescriptor_2ba579f6f004cb75, []int{23} +} +func (m *BuildVolume) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *BuildVolume) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *BuildVolume) XXX_Merge(src proto.Message) { + xxx_messageInfo_BuildVolume.Merge(m, src) +} +func (m *BuildVolume) XXX_Size() int { + return m.Size() +} +func (m *BuildVolume) XXX_DiscardUnknown() { + xxx_messageInfo_BuildVolume.DiscardUnknown(m) +} + +var xxx_messageInfo_BuildVolume proto.InternalMessageInfo + +func (m *BuildVolumeMount) Reset() { *m = BuildVolumeMount{} } +func (*BuildVolumeMount) ProtoMessage() {} +func (*BuildVolumeMount) Descriptor() ([]byte, []int) { + return fileDescriptor_2ba579f6f004cb75, []int{24} +} +func (m *BuildVolumeMount) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *BuildVolumeMount) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *BuildVolumeMount) XXX_Merge(src proto.Message) { + xxx_messageInfo_BuildVolumeMount.Merge(m, src) +} +func (m *BuildVolumeMount) XXX_Size() int { + return m.Size() +} +func (m *BuildVolumeMount) XXX_DiscardUnknown() { + xxx_messageInfo_BuildVolumeMount.DiscardUnknown(m) +} + +var xxx_messageInfo_BuildVolumeMount proto.InternalMessageInfo + +func (m *BuildVolumeSource) Reset() { *m = BuildVolumeSource{} } +func (*BuildVolumeSource) ProtoMessage() {} +func (*BuildVolumeSource) Descriptor() ([]byte, []int) { + return fileDescriptor_2ba579f6f004cb75, []int{25} +} +func (m *BuildVolumeSource) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *BuildVolumeSource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *BuildVolumeSource) XXX_Merge(src proto.Message) { + xxx_messageInfo_BuildVolumeSource.Merge(m, src) +} +func (m *BuildVolumeSource) XXX_Size() int { + return m.Size() +} +func (m *BuildVolumeSource) XXX_DiscardUnknown() { + xxx_messageInfo_BuildVolumeSource.DiscardUnknown(m) +} + +var xxx_messageInfo_BuildVolumeSource proto.InternalMessageInfo + func (m *CommonSpec) Reset() { *m = CommonSpec{} } func (*CommonSpec) ProtoMessage() {} func (*CommonSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{23} + return fileDescriptor_2ba579f6f004cb75, []int{26} } func (m *CommonSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -708,7 +792,7 @@ var xxx_messageInfo_CommonSpec proto.InternalMessageInfo func (m *CommonWebHookCause) Reset() { *m = CommonWebHookCause{} } func (*CommonWebHookCause) ProtoMessage() {} func (*CommonWebHookCause) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{24} + return fileDescriptor_2ba579f6f004cb75, []int{27} } func (m *CommonWebHookCause) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -736,7 +820,7 @@ var xxx_messageInfo_CommonWebHookCause proto.InternalMessageInfo func (m *ConfigMapBuildSource) Reset() { *m = ConfigMapBuildSource{} } func (*ConfigMapBuildSource) ProtoMessage() {} func (*ConfigMapBuildSource) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{25} + return fileDescriptor_2ba579f6f004cb75, []int{28} } func (m *ConfigMapBuildSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -764,7 +848,7 @@ var xxx_messageInfo_ConfigMapBuildSource proto.InternalMessageInfo func (m *CustomBuildStrategy) Reset() { *m = CustomBuildStrategy{} } func (*CustomBuildStrategy) ProtoMessage() {} func (*CustomBuildStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{26} + return fileDescriptor_2ba579f6f004cb75, []int{29} } func (m *CustomBuildStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -792,7 +876,7 @@ var xxx_messageInfo_CustomBuildStrategy proto.InternalMessageInfo func (m *DockerBuildStrategy) Reset() { *m = DockerBuildStrategy{} } func (*DockerBuildStrategy) ProtoMessage() {} func (*DockerBuildStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{27} + return fileDescriptor_2ba579f6f004cb75, []int{30} } func (m *DockerBuildStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -820,7 +904,7 @@ var xxx_messageInfo_DockerBuildStrategy proto.InternalMessageInfo func (m *DockerStrategyOptions) Reset() { *m = DockerStrategyOptions{} } func (*DockerStrategyOptions) ProtoMessage() {} func (*DockerStrategyOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{28} + return fileDescriptor_2ba579f6f004cb75, []int{31} } func (m *DockerStrategyOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -848,7 +932,7 @@ var xxx_messageInfo_DockerStrategyOptions proto.InternalMessageInfo func (m *GenericWebHookCause) Reset() { *m = GenericWebHookCause{} } func (*GenericWebHookCause) ProtoMessage() {} func (*GenericWebHookCause) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{29} + return fileDescriptor_2ba579f6f004cb75, []int{32} } func (m *GenericWebHookCause) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -876,7 +960,7 @@ var xxx_messageInfo_GenericWebHookCause proto.InternalMessageInfo func (m *GenericWebHookEvent) Reset() { *m = GenericWebHookEvent{} } func (*GenericWebHookEvent) ProtoMessage() {} func (*GenericWebHookEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{30} + return fileDescriptor_2ba579f6f004cb75, []int{33} } func (m *GenericWebHookEvent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -904,7 +988,7 @@ var xxx_messageInfo_GenericWebHookEvent proto.InternalMessageInfo func (m *GitBuildSource) Reset() { *m = GitBuildSource{} } func (*GitBuildSource) ProtoMessage() {} func (*GitBuildSource) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{31} + return fileDescriptor_2ba579f6f004cb75, []int{34} } func (m *GitBuildSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -932,7 +1016,7 @@ var xxx_messageInfo_GitBuildSource proto.InternalMessageInfo func (m *GitHubWebHookCause) Reset() { *m = GitHubWebHookCause{} } func (*GitHubWebHookCause) ProtoMessage() {} func (*GitHubWebHookCause) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{32} + return fileDescriptor_2ba579f6f004cb75, []int{35} } func (m *GitHubWebHookCause) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -960,7 +1044,7 @@ var xxx_messageInfo_GitHubWebHookCause proto.InternalMessageInfo func (m *GitInfo) Reset() { *m = GitInfo{} } func (*GitInfo) ProtoMessage() {} func (*GitInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{33} + return fileDescriptor_2ba579f6f004cb75, []int{36} } func (m *GitInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -988,7 +1072,7 @@ var xxx_messageInfo_GitInfo proto.InternalMessageInfo func (m *GitLabWebHookCause) Reset() { *m = GitLabWebHookCause{} } func (*GitLabWebHookCause) ProtoMessage() {} func (*GitLabWebHookCause) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{34} + return fileDescriptor_2ba579f6f004cb75, []int{37} } func (m *GitLabWebHookCause) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1016,7 +1100,7 @@ var xxx_messageInfo_GitLabWebHookCause proto.InternalMessageInfo func (m *GitRefInfo) Reset() { *m = GitRefInfo{} } func (*GitRefInfo) ProtoMessage() {} func (*GitRefInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{35} + return fileDescriptor_2ba579f6f004cb75, []int{38} } func (m *GitRefInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1044,7 +1128,7 @@ var xxx_messageInfo_GitRefInfo proto.InternalMessageInfo func (m *GitSourceRevision) Reset() { *m = GitSourceRevision{} } func (*GitSourceRevision) ProtoMessage() {} func (*GitSourceRevision) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{36} + return fileDescriptor_2ba579f6f004cb75, []int{39} } func (m *GitSourceRevision) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1072,7 +1156,7 @@ var xxx_messageInfo_GitSourceRevision proto.InternalMessageInfo func (m *ImageChangeCause) Reset() { *m = ImageChangeCause{} } func (*ImageChangeCause) ProtoMessage() {} func (*ImageChangeCause) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{37} + return fileDescriptor_2ba579f6f004cb75, []int{40} } func (m *ImageChangeCause) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1100,7 +1184,7 @@ var xxx_messageInfo_ImageChangeCause proto.InternalMessageInfo func (m *ImageChangeTrigger) Reset() { *m = ImageChangeTrigger{} } func (*ImageChangeTrigger) ProtoMessage() {} func (*ImageChangeTrigger) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{38} + return fileDescriptor_2ba579f6f004cb75, []int{41} } func (m *ImageChangeTrigger) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1128,7 +1212,7 @@ var xxx_messageInfo_ImageChangeTrigger proto.InternalMessageInfo func (m *ImageChangeTriggerStatus) Reset() { *m = ImageChangeTriggerStatus{} } func (*ImageChangeTriggerStatus) ProtoMessage() {} func (*ImageChangeTriggerStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{39} + return fileDescriptor_2ba579f6f004cb75, []int{42} } func (m *ImageChangeTriggerStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1156,7 +1240,7 @@ var xxx_messageInfo_ImageChangeTriggerStatus proto.InternalMessageInfo func (m *ImageLabel) Reset() { *m = ImageLabel{} } func (*ImageLabel) ProtoMessage() {} func (*ImageLabel) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{40} + return fileDescriptor_2ba579f6f004cb75, []int{43} } func (m *ImageLabel) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1184,7 +1268,7 @@ var xxx_messageInfo_ImageLabel proto.InternalMessageInfo func (m *ImageSource) Reset() { *m = ImageSource{} } func (*ImageSource) ProtoMessage() {} func (*ImageSource) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{41} + return fileDescriptor_2ba579f6f004cb75, []int{44} } func (m *ImageSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1212,7 +1296,7 @@ var xxx_messageInfo_ImageSource proto.InternalMessageInfo func (m *ImageSourcePath) Reset() { *m = ImageSourcePath{} } func (*ImageSourcePath) ProtoMessage() {} func (*ImageSourcePath) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{42} + return fileDescriptor_2ba579f6f004cb75, []int{45} } func (m *ImageSourcePath) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1240,7 +1324,7 @@ var xxx_messageInfo_ImageSourcePath proto.InternalMessageInfo func (m *ImageStreamTagReference) Reset() { *m = ImageStreamTagReference{} } func (*ImageStreamTagReference) ProtoMessage() {} func (*ImageStreamTagReference) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{43} + return fileDescriptor_2ba579f6f004cb75, []int{46} } func (m *ImageStreamTagReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1268,7 +1352,7 @@ var xxx_messageInfo_ImageStreamTagReference proto.InternalMessageInfo func (m *JenkinsPipelineBuildStrategy) Reset() { *m = JenkinsPipelineBuildStrategy{} } func (*JenkinsPipelineBuildStrategy) ProtoMessage() {} func (*JenkinsPipelineBuildStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{44} + return fileDescriptor_2ba579f6f004cb75, []int{47} } func (m *JenkinsPipelineBuildStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1296,7 +1380,7 @@ var xxx_messageInfo_JenkinsPipelineBuildStrategy proto.InternalMessageInfo func (m *OptionalNodeSelector) Reset() { *m = OptionalNodeSelector{} } func (*OptionalNodeSelector) ProtoMessage() {} func (*OptionalNodeSelector) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{45} + return fileDescriptor_2ba579f6f004cb75, []int{48} } func (m *OptionalNodeSelector) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1324,7 +1408,7 @@ var xxx_messageInfo_OptionalNodeSelector proto.InternalMessageInfo func (m *ProxyConfig) Reset() { *m = ProxyConfig{} } func (*ProxyConfig) ProtoMessage() {} func (*ProxyConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{46} + return fileDescriptor_2ba579f6f004cb75, []int{49} } func (m *ProxyConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1352,7 +1436,7 @@ var xxx_messageInfo_ProxyConfig proto.InternalMessageInfo func (m *SecretBuildSource) Reset() { *m = SecretBuildSource{} } func (*SecretBuildSource) ProtoMessage() {} func (*SecretBuildSource) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{47} + return fileDescriptor_2ba579f6f004cb75, []int{50} } func (m *SecretBuildSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1380,7 +1464,7 @@ var xxx_messageInfo_SecretBuildSource proto.InternalMessageInfo func (m *SecretLocalReference) Reset() { *m = SecretLocalReference{} } func (*SecretLocalReference) ProtoMessage() {} func (*SecretLocalReference) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{48} + return fileDescriptor_2ba579f6f004cb75, []int{51} } func (m *SecretLocalReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1408,7 +1492,7 @@ var xxx_messageInfo_SecretLocalReference proto.InternalMessageInfo func (m *SecretSpec) Reset() { *m = SecretSpec{} } func (*SecretSpec) ProtoMessage() {} func (*SecretSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{49} + return fileDescriptor_2ba579f6f004cb75, []int{52} } func (m *SecretSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1436,7 +1520,7 @@ var xxx_messageInfo_SecretSpec proto.InternalMessageInfo func (m *SourceBuildStrategy) Reset() { *m = SourceBuildStrategy{} } func (*SourceBuildStrategy) ProtoMessage() {} func (*SourceBuildStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{50} + return fileDescriptor_2ba579f6f004cb75, []int{53} } func (m *SourceBuildStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1464,7 +1548,7 @@ var xxx_messageInfo_SourceBuildStrategy proto.InternalMessageInfo func (m *SourceControlUser) Reset() { *m = SourceControlUser{} } func (*SourceControlUser) ProtoMessage() {} func (*SourceControlUser) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{51} + return fileDescriptor_2ba579f6f004cb75, []int{54} } func (m *SourceControlUser) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1492,7 +1576,7 @@ var xxx_messageInfo_SourceControlUser proto.InternalMessageInfo func (m *SourceRevision) Reset() { *m = SourceRevision{} } func (*SourceRevision) ProtoMessage() {} func (*SourceRevision) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{52} + return fileDescriptor_2ba579f6f004cb75, []int{55} } func (m *SourceRevision) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1520,7 +1604,7 @@ var xxx_messageInfo_SourceRevision proto.InternalMessageInfo func (m *SourceStrategyOptions) Reset() { *m = SourceStrategyOptions{} } func (*SourceStrategyOptions) ProtoMessage() {} func (*SourceStrategyOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{53} + return fileDescriptor_2ba579f6f004cb75, []int{56} } func (m *SourceStrategyOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1548,7 +1632,7 @@ var xxx_messageInfo_SourceStrategyOptions proto.InternalMessageInfo func (m *StageInfo) Reset() { *m = StageInfo{} } func (*StageInfo) ProtoMessage() {} func (*StageInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{54} + return fileDescriptor_2ba579f6f004cb75, []int{57} } func (m *StageInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1576,7 +1660,7 @@ var xxx_messageInfo_StageInfo proto.InternalMessageInfo func (m *StepInfo) Reset() { *m = StepInfo{} } func (*StepInfo) ProtoMessage() {} func (*StepInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{55} + return fileDescriptor_2ba579f6f004cb75, []int{58} } func (m *StepInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1604,7 +1688,7 @@ var xxx_messageInfo_StepInfo proto.InternalMessageInfo func (m *WebHookTrigger) Reset() { *m = WebHookTrigger{} } func (*WebHookTrigger) ProtoMessage() {} func (*WebHookTrigger) Descriptor() ([]byte, []int) { - return fileDescriptor_2ba579f6f004cb75, []int{56} + return fileDescriptor_2ba579f6f004cb75, []int{59} } func (m *WebHookTrigger) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1653,6 +1737,9 @@ func init() { proto.RegisterType((*BuildStrategy)(nil), "github.com.openshift.api.build.v1.BuildStrategy") proto.RegisterType((*BuildTriggerCause)(nil), "github.com.openshift.api.build.v1.BuildTriggerCause") proto.RegisterType((*BuildTriggerPolicy)(nil), "github.com.openshift.api.build.v1.BuildTriggerPolicy") + proto.RegisterType((*BuildVolume)(nil), "github.com.openshift.api.build.v1.BuildVolume") + proto.RegisterType((*BuildVolumeMount)(nil), "github.com.openshift.api.build.v1.BuildVolumeMount") + proto.RegisterType((*BuildVolumeSource)(nil), "github.com.openshift.api.build.v1.BuildVolumeSource") proto.RegisterType((*CommonSpec)(nil), "github.com.openshift.api.build.v1.CommonSpec") proto.RegisterType((*CommonWebHookCause)(nil), "github.com.openshift.api.build.v1.CommonWebHookCause") proto.RegisterType((*ConfigMapBuildSource)(nil), "github.com.openshift.api.build.v1.ConfigMapBuildSource") @@ -1695,271 +1782,280 @@ func init() { } var fileDescriptor_2ba579f6f004cb75 = []byte{ - // 4210 bytes of a gzipped FileDescriptorProto + // 4362 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5b, 0x4d, 0x6c, 0x1c, 0x47, - 0x76, 0x56, 0xcf, 0x0f, 0x39, 0xf3, 0x86, 0xe2, 0x4f, 0x51, 0xb2, 0x46, 0x5a, 0x2d, 0x47, 0x6e, - 0xc7, 0x86, 0x1c, 0xdb, 0xc3, 0xa5, 0x56, 0x52, 0xb4, 0x36, 0xb2, 0x01, 0x87, 0xa4, 0x64, 0x6a, - 0x47, 0x12, 0x51, 0x43, 0xcb, 0xce, 0x5a, 0xd8, 0xa4, 0xd9, 0x53, 0x33, 0x6c, 0x73, 0xa6, 0x7b, - 0xdc, 0xd5, 0x43, 0x9b, 0x0b, 0x04, 0x30, 0x02, 0x2c, 0x92, 0xf5, 0x5e, 0xb2, 0x97, 0x45, 0x92, - 0x4b, 0x12, 0x04, 0x39, 0xe5, 0x94, 0x43, 0x80, 0x0d, 0xf6, 0x12, 0x20, 0x7b, 0xf0, 0x21, 0x01, - 0x36, 0x48, 0x80, 0x18, 0xc8, 0x62, 0x10, 0x33, 0x87, 0xdc, 0x02, 0xe4, 0xaa, 0x43, 0x10, 0xd4, - 0x4f, 0x77, 0x57, 0xf5, 0xf4, 0x50, 0x3d, 0x94, 0xac, 0x6c, 0xb2, 0xb7, 0xe9, 0x7a, 0xef, 0x7d, - 0xaf, 0x7e, 0x5e, 0xbd, 0x7a, 0xef, 0x55, 0x0d, 0xac, 0x75, 0x9d, 0x60, 0x7f, 0xb8, 0x57, 0xb7, - 0xbd, 0xfe, 0xaa, 0x37, 0x20, 0x2e, 0xdd, 0x77, 0x3a, 0xc1, 0xaa, 0x35, 0x70, 0x56, 0xf7, 0x86, - 0x4e, 0xaf, 0xbd, 0x7a, 0xb8, 0xb6, 0xda, 0x25, 0x2e, 0xf1, 0xad, 0x80, 0xb4, 0xeb, 0x03, 0xdf, - 0x0b, 0x3c, 0xf4, 0x62, 0x2c, 0x52, 0x8f, 0x44, 0xea, 0xd6, 0xc0, 0xa9, 0x73, 0x91, 0xfa, 0xe1, - 0xda, 0xa5, 0x37, 0x14, 0xd4, 0xae, 0xd7, 0xf5, 0x56, 0xb9, 0xe4, 0xde, 0xb0, 0xc3, 0xbf, 0xf8, - 0x07, 0xff, 0x25, 0x10, 0x2f, 0x99, 0x07, 0xb7, 0x68, 0xdd, 0xf1, 0xb8, 0x5a, 0xdb, 0xf3, 0x49, - 0x8a, 0xd6, 0x4b, 0xd7, 0x63, 0x9e, 0xbe, 0x65, 0xef, 0x3b, 0x2e, 0xf1, 0x8f, 0x56, 0x07, 0x07, - 0x5d, 0xd6, 0x40, 0x57, 0xfb, 0x24, 0xb0, 0xd2, 0xa4, 0x6e, 0x4e, 0x92, 0xf2, 0x87, 0x6e, 0xe0, - 0xf4, 0xc9, 0x2a, 0xb5, 0xf7, 0x49, 0xdf, 0x4a, 0xca, 0x99, 0x7f, 0x5b, 0x80, 0x8b, 0x0d, 0xc7, - 0xb5, 0xfc, 0xa3, 0x06, 0x1b, 0x13, 0x26, 0x1f, 0x0e, 0x09, 0x0d, 0x1e, 0x0c, 0x02, 0xc7, 0x73, - 0x29, 0xfa, 0x6d, 0x28, 0x31, 0x85, 0x6d, 0x2b, 0xb0, 0xaa, 0xc6, 0x15, 0xe3, 0x6a, 0xe5, 0xda, - 0xd7, 0xea, 0x42, 0x51, 0x5d, 0x55, 0x54, 0x1f, 0x1c, 0x74, 0x59, 0x03, 0xad, 0x33, 0xee, 0xfa, - 0xe1, 0x5a, 0xfd, 0xc1, 0xde, 0x07, 0xc4, 0x0e, 0xee, 0x91, 0xc0, 0x6a, 0xa0, 0xcf, 0x46, 0xb5, - 0x33, 0xc7, 0xa3, 0x1a, 0xc4, 0x6d, 0x38, 0x42, 0x45, 0xaf, 0xc0, 0x8c, 0x45, 0x6f, 0x3b, 0x3d, - 0x52, 0xcd, 0x5d, 0x31, 0xae, 0x96, 0x1b, 0xf3, 0x92, 0x7b, 0x66, 0x9d, 0xb7, 0x62, 0x49, 0x45, - 0x37, 0x61, 0xde, 0x27, 0x87, 0x0e, 0x75, 0x3c, 0x77, 0xc3, 0xeb, 0xf7, 0x9d, 0xa0, 0x9a, 0xd7, - 0xf9, 0x45, 0x2b, 0x4e, 0x70, 0xa1, 0x6f, 0xc0, 0x42, 0xd8, 0x72, 0x8f, 0x50, 0x6a, 0x75, 0x49, - 0xb5, 0xc0, 0x05, 0x17, 0xa4, 0xe0, 0xac, 0x6c, 0xc6, 0x49, 0x3e, 0xd4, 0x00, 0x14, 0x36, 0xad, - 0x0f, 0x83, 0x7d, 0xcf, 0xbf, 0x6f, 0xf5, 0x49, 0xb5, 0xc8, 0xa5, 0xa3, 0x41, 0xc5, 0x14, 0x9c, - 0xc2, 0x8d, 0xb6, 0x60, 0x59, 0x6f, 0xdd, 0xea, 0x5b, 0x4e, 0xaf, 0x3a, 0xc3, 0x41, 0x96, 0x25, - 0x48, 0x45, 0x21, 0xe1, 0x34, 0x7e, 0xf4, 0x2d, 0x38, 0xaf, 0x8f, 0x2b, 0x20, 0xa2, 0x37, 0xb3, - 0x1c, 0xe8, 0xbc, 0x04, 0x3a, 0xab, 0x11, 0x71, 0xba, 0x0c, 0xba, 0x0f, 0x2f, 0x8c, 0x11, 0x44, - 0xb7, 0x4a, 0x1c, 0xed, 0x05, 0x89, 0x36, 0xaf, 0x53, 0xf1, 0x04, 0x29, 0xf3, 0x2d, 0x58, 0x52, - 0x2c, 0xa8, 0xe5, 0x0d, 0x7d, 0x9b, 0x28, 0xeb, 0x6a, 0x9c, 0xb4, 0xae, 0xe6, 0xa7, 0x06, 0x9c, - 0x6f, 0x38, 0xc1, 0xde, 0xd0, 0x3e, 0x20, 0xc1, 0xbb, 0x64, 0xef, 0x6d, 0xcf, 0x3b, 0xd8, 0xb0, - 0x86, 0x94, 0xa0, 0x0f, 0x01, 0x6c, 0xaf, 0xdf, 0xf7, 0xdc, 0xd6, 0x80, 0xd8, 0xd2, 0xfa, 0x6e, - 0xd4, 0x9f, 0xb8, 0x25, 0xeb, 0x1b, 0x5c, 0x48, 0x85, 0x6a, 0x5c, 0x92, 0xca, 0xd1, 0x38, 0x0d, - 0x2b, 0x4a, 0xcc, 0x1f, 0xe6, 0xa0, 0xc8, 0x07, 0xf1, 0x1c, 0x0c, 0xff, 0x3e, 0x14, 0x28, 0x1b, - 0x58, 0x8e, 0xa3, 0xbf, 0x9e, 0x61, 0x60, 0x62, 0x7a, 0x07, 0xc4, 0x6e, 0xcc, 0x49, 0xe4, 0x02, - 0xfb, 0xc2, 0x1c, 0x07, 0x3d, 0x84, 0x19, 0x1a, 0x58, 0xc1, 0x90, 0xf2, 0x8d, 0x51, 0xb9, 0x56, - 0xcf, 0x8c, 0xc8, 0xa5, 0xe2, 0x05, 0x12, 0xdf, 0x58, 0xa2, 0x99, 0xff, 0x90, 0x87, 0x79, 0xce, - 0xb7, 0xe1, 0xb9, 0x6d, 0x87, 0xb9, 0x05, 0x74, 0x13, 0x0a, 0xc1, 0xd1, 0x20, 0x5c, 0x59, 0x33, - 0xec, 0xcc, 0xee, 0xd1, 0x80, 0x3c, 0x1e, 0xd5, 0x90, 0xce, 0xcd, 0x5a, 0x31, 0xe7, 0x47, 0xcd, - 0xa8, 0x8b, 0x62, 0xaf, 0x5f, 0xd7, 0x55, 0x3e, 0x1e, 0xd5, 0x52, 0xfc, 0x63, 0x3d, 0x42, 0xd2, - 0x3b, 0x86, 0x3e, 0x80, 0xf9, 0x9e, 0x45, 0x83, 0x77, 0x06, 0x6d, 0x2b, 0x20, 0xbb, 0x4e, 0x9f, - 0xf0, 0x5d, 0x55, 0xb9, 0xf6, 0xab, 0xd9, 0x16, 0x8a, 0x49, 0xc4, 0xa6, 0xde, 0xd4, 0x90, 0x70, - 0x02, 0x19, 0x1d, 0x02, 0x62, 0x2d, 0xbb, 0xbe, 0xe5, 0x52, 0x31, 0x2a, 0xa6, 0x2f, 0x3f, 0xb5, - 0xbe, 0xc8, 0x10, 0x9b, 0x63, 0x68, 0x38, 0x45, 0x03, 0xdb, 0x45, 0x3e, 0xb1, 0xa8, 0xe7, 0x4a, - 0xa7, 0x15, 0x2d, 0x12, 0xe6, 0xad, 0x58, 0x52, 0xd1, 0xab, 0x30, 0xdb, 0x97, 0xde, 0xad, 0x98, - 0xee, 0xdd, 0x42, 0xba, 0xf9, 0xe7, 0x39, 0xa8, 0x84, 0x2b, 0xd4, 0x71, 0xba, 0xcf, 0xc1, 0xd2, - 0x77, 0x35, 0x4b, 0xbf, 0x96, 0xd5, 0x2e, 0x45, 0xff, 0x26, 0xda, 0xfb, 0xa3, 0x84, 0xbd, 0x5f, - 0x9f, 0x12, 0xf7, 0x64, 0xab, 0xff, 0xa9, 0x01, 0x0b, 0x0a, 0x77, 0xd3, 0xa1, 0x01, 0x7a, 0x34, - 0x36, 0x53, 0xf5, 0x6c, 0x33, 0xc5, 0xa4, 0xf9, 0x3c, 0x2d, 0x4a, 0x6d, 0xa5, 0xb0, 0x45, 0x99, - 0xa5, 0x16, 0x14, 0x9d, 0x80, 0xf4, 0xd9, 0xde, 0xc8, 0x4f, 0xb3, 0x7d, 0x45, 0x07, 0x1b, 0x67, - 0x25, 0x74, 0x71, 0x9b, 0x81, 0x60, 0x81, 0x65, 0xfe, 0x3c, 0xaf, 0x0d, 0x83, 0x4d, 0x1f, 0xb2, - 0xa1, 0x14, 0xf8, 0x4e, 0xb7, 0x4b, 0x7c, 0x5a, 0x35, 0xb8, 0xae, 0x1b, 0x59, 0x75, 0xed, 0x0a, - 0xb9, 0x1d, 0xaf, 0xe7, 0xd8, 0x47, 0xf1, 0x68, 0x64, 0x33, 0xc5, 0x11, 0x30, 0x5a, 0x87, 0xb2, - 0x3f, 0x74, 0x05, 0xa3, 0xdc, 0xed, 0x2f, 0x49, 0xf6, 0x32, 0x0e, 0x09, 0x8f, 0x47, 0x35, 0xe1, - 0x5a, 0xa2, 0x16, 0x1c, 0x4b, 0x21, 0x4b, 0xf3, 0xff, 0x62, 0x91, 0xdf, 0xc8, 0xec, 0xff, 0xb9, - 0xdd, 0x44, 0x76, 0x19, 0xb7, 0xa9, 0xfe, 0x1e, 0xb5, 0xe1, 0x32, 0x1d, 0xda, 0x36, 0xa1, 0xb4, - 0x33, 0xec, 0xf1, 0x9e, 0xd0, 0xb7, 0x1d, 0x1a, 0x78, 0xfe, 0x51, 0xd3, 0x61, 0x21, 0x06, 0xdb, - 0x74, 0xc5, 0xc6, 0x95, 0xe3, 0x51, 0xed, 0x72, 0xeb, 0x04, 0x3e, 0x7c, 0x22, 0x0a, 0x7a, 0x0f, - 0xaa, 0x1d, 0xcb, 0xe9, 0x91, 0x76, 0x8a, 0x86, 0x22, 0xd7, 0x70, 0xf9, 0x78, 0x54, 0xab, 0xde, - 0x9e, 0xc0, 0x83, 0x27, 0x4a, 0x9b, 0xff, 0x62, 0xc0, 0xd2, 0x98, 0x4d, 0xa3, 0x1b, 0x50, 0x61, - 0xae, 0xe4, 0x21, 0xf1, 0xd9, 0x61, 0xcd, 0x4d, 0x35, 0x1f, 0xc7, 0x1a, 0xcd, 0x98, 0x84, 0x55, - 0x3e, 0xf4, 0xa9, 0x01, 0xcb, 0x4e, 0xdf, 0xea, 0x92, 0x8d, 0x7d, 0xcb, 0xed, 0x92, 0x70, 0x51, - 0xa5, 0x3d, 0xbe, 0x95, 0x61, 0xe6, 0xb7, 0xc7, 0xa4, 0xe5, 0x2e, 0xfb, 0x8a, 0x54, 0xbe, 0x3c, - 0xce, 0x41, 0x71, 0x9a, 0x52, 0xf3, 0xc7, 0x06, 0x94, 0xf9, 0xc8, 0x9e, 0xc3, 0xce, 0xbb, 0xa7, - 0xef, 0xbc, 0xab, 0x59, 0x77, 0xc3, 0x84, 0x3d, 0x07, 0x50, 0x12, 0x3d, 0xf7, 0xba, 0xe6, 0x7f, - 0x15, 0xe4, 0xfe, 0x6b, 0x7a, 0xdd, 0x30, 0xa6, 0x5e, 0x85, 0xb2, 0xed, 0xb9, 0x81, 0xc5, 0xba, - 0x2c, 0x8f, 0xd0, 0xa5, 0x70, 0x6b, 0x6c, 0x84, 0x04, 0x1c, 0xf3, 0xb0, 0x43, 0xa0, 0xe3, 0xf5, - 0x7a, 0xde, 0x47, 0x7c, 0x23, 0x95, 0x62, 0x9f, 0x75, 0x9b, 0xb7, 0x62, 0x49, 0x45, 0xaf, 0x43, - 0x69, 0xc0, 0x42, 0x34, 0x4f, 0xfa, 0xc4, 0x52, 0x3c, 0xea, 0x1d, 0xd9, 0x8e, 0x23, 0x0e, 0x74, - 0x1d, 0xe6, 0xa8, 0xe3, 0xda, 0xa4, 0x45, 0x6c, 0xcf, 0x6d, 0x53, 0x6e, 0xeb, 0xf9, 0xc6, 0xe2, - 0xf1, 0xa8, 0x36, 0xd7, 0x52, 0xda, 0xb1, 0xc6, 0x85, 0xde, 0x85, 0x32, 0xff, 0xe6, 0xe7, 0x5f, - 0x71, 0xea, 0xf3, 0xef, 0x2c, 0x1b, 0x64, 0x2b, 0x04, 0xc0, 0x31, 0x16, 0xba, 0x06, 0xc0, 0xd2, - 0x14, 0x1a, 0x58, 0xfd, 0x01, 0xe5, 0x27, 0x79, 0x29, 0xde, 0xbe, 0xbb, 0x11, 0x05, 0x2b, 0x5c, - 0xe8, 0x35, 0x28, 0x07, 0x96, 0xd3, 0x6b, 0x3a, 0x2e, 0xa1, 0x3c, 0x12, 0xce, 0x0b, 0x05, 0xbb, - 0x61, 0x23, 0x8e, 0xe9, 0xa8, 0x0e, 0xd0, 0x63, 0x9b, 0xa6, 0x71, 0x14, 0x10, 0xca, 0x23, 0xdd, - 0x7c, 0x63, 0x9e, 0x81, 0x37, 0xa3, 0x56, 0xac, 0x70, 0xb0, 0x59, 0x77, 0xbd, 0x8f, 0x2c, 0x27, - 0xa8, 0x96, 0xf5, 0x59, 0xbf, 0xef, 0xbd, 0x6b, 0x39, 0x01, 0x96, 0x54, 0xf4, 0x32, 0xcc, 0x1e, - 0xca, 0x9d, 0x06, 0x1c, 0xb4, 0xc2, 0x8e, 0xdd, 0x70, 0x87, 0x85, 0x34, 0xb4, 0x0f, 0x97, 0x1d, - 0x97, 0x12, 0x7b, 0xe8, 0x93, 0xd6, 0x81, 0x33, 0xd8, 0x6d, 0xb6, 0x1e, 0x12, 0xdf, 0xe9, 0x1c, - 0x35, 0x2c, 0xfb, 0x80, 0xb8, 0xed, 0x6a, 0x85, 0x2b, 0xf9, 0x15, 0xa9, 0xe4, 0xf2, 0xf6, 0x09, - 0xbc, 0xf8, 0x44, 0x24, 0xf3, 0xd3, 0xf0, 0x80, 0x7f, 0x30, 0x0c, 0x06, 0xc3, 0x00, 0xbd, 0x05, - 0xb9, 0xc0, 0x93, 0xdb, 0xe6, 0x25, 0x65, 0xad, 0xea, 0x2c, 0xc0, 0x8a, 0x0f, 0x72, 0x4c, 0x3a, - 0xc4, 0x27, 0xae, 0x4d, 0x1a, 0x33, 0xc7, 0xa3, 0x5a, 0x6e, 0xd7, 0xc3, 0xb9, 0xc0, 0x43, 0xef, - 0x01, 0x0c, 0x86, 0x74, 0xbf, 0x45, 0x6c, 0x9f, 0x04, 0xf2, 0x04, 0xbf, 0x9a, 0x06, 0xd2, 0xf4, - 0x6c, 0xab, 0x97, 0x44, 0xe2, 0xf3, 0xbb, 0x13, 0xc9, 0x63, 0x05, 0x0b, 0xb5, 0xa1, 0xc2, 0x37, - 0x7e, 0xd3, 0xda, 0x23, 0x3d, 0x66, 0xb0, 0xf9, 0x8c, 0xfe, 0x7d, 0x3b, 0x92, 0x8a, 0x9d, 0x5a, - 0xdc, 0x46, 0xb1, 0x0a, 0x6b, 0xfe, 0xae, 0x01, 0xcb, 0x7c, 0x32, 0x76, 0x3c, 0x1a, 0x88, 0xbc, - 0x85, 0x7b, 0xfe, 0x97, 0x61, 0x96, 0x9d, 0x03, 0x96, 0xdb, 0xe6, 0x67, 0x60, 0x59, 0xac, 0xda, - 0x86, 0x68, 0xc2, 0x21, 0x0d, 0x5d, 0x86, 0x82, 0xe5, 0x77, 0x85, 0x67, 0x28, 0x37, 0x4a, 0x2c, - 0x04, 0x59, 0xf7, 0xbb, 0x14, 0xf3, 0x56, 0x66, 0x22, 0xd4, 0xf6, 0x9d, 0xc1, 0x58, 0x2e, 0xda, - 0xe2, 0xad, 0x58, 0x52, 0xcd, 0x9f, 0xce, 0xc2, 0x9c, 0x9a, 0x5d, 0x3f, 0x87, 0x98, 0xeb, 0x7d, - 0x28, 0x85, 0xd9, 0x9a, 0x5c, 0xb5, 0xb5, 0x0c, 0x53, 0x2b, 0x72, 0x37, 0x2c, 0x05, 0x1b, 0x73, - 0xcc, 0x75, 0x84, 0x5f, 0x38, 0x02, 0x44, 0x04, 0x16, 0xe5, 0x41, 0x4f, 0xda, 0x8d, 0x23, 0x3e, - 0xf7, 0xf2, 0x7c, 0xce, 0x64, 0x5f, 0xe7, 0x8e, 0x47, 0xb5, 0xc5, 0xdd, 0x04, 0x00, 0x1e, 0x83, - 0x44, 0xeb, 0x50, 0xe8, 0xf8, 0x5e, 0x9f, 0x7b, 0xa6, 0x8c, 0xd0, 0x7c, 0x85, 0x6e, 0xfb, 0x5e, - 0x1f, 0x73, 0x51, 0xf4, 0x1e, 0xcc, 0xec, 0xf1, 0xd4, 0x54, 0xfa, 0xaa, 0x4c, 0x41, 0x62, 0x32, - 0x97, 0x6d, 0x00, 0x5b, 0x53, 0xd1, 0x8c, 0x25, 0x1e, 0x5a, 0xd3, 0x0f, 0xd9, 0x19, 0xbe, 0xf5, - 0x17, 0x4e, 0x3c, 0x60, 0xbf, 0x01, 0x79, 0xe2, 0x1e, 0x56, 0x67, 0xb9, 0xa5, 0x5f, 0x4a, 0x1b, - 0xce, 0x96, 0x7b, 0xf8, 0xd0, 0xf2, 0x1b, 0x15, 0xb9, 0xb4, 0xf9, 0x2d, 0xf7, 0x10, 0x33, 0x19, - 0x74, 0x00, 0x15, 0x65, 0x7a, 0xaa, 0x25, 0x0e, 0x71, 0x7d, 0xca, 0xb0, 0x4d, 0xe4, 0xc2, 0xd1, - 0x9e, 0x51, 0x56, 0x00, 0xab, 0xe8, 0xe8, 0xfb, 0x06, 0x9c, 0x6f, 0x7b, 0xf6, 0x01, 0x3b, 0xbe, - 0x7d, 0x2b, 0x20, 0xdd, 0x23, 0x79, 0x74, 0x71, 0x4f, 0x58, 0xb9, 0x76, 0x2b, 0x83, 0xde, 0xcd, - 0x34, 0xf9, 0xc6, 0xc5, 0xe3, 0x51, 0xed, 0x7c, 0x2a, 0x09, 0xa7, 0x6b, 0xe4, 0x7d, 0xa1, 0x7c, - 0x15, 0x92, 0x7d, 0x81, 0xcc, 0x7d, 0x69, 0xa5, 0xc9, 0x8b, 0xbe, 0xa4, 0x92, 0x70, 0xba, 0x46, - 0xf3, 0x9f, 0x8b, 0xd2, 0xb1, 0xca, 0x12, 0xc7, 0xd7, 0xb5, 0x34, 0xb8, 0x96, 0x48, 0x83, 0x17, - 0x14, 0x56, 0x25, 0x07, 0x8e, 0x2d, 0x32, 0xf7, 0x8c, 0x2d, 0xb2, 0x0e, 0x20, 0xe6, 0xb0, 0xe3, - 0xf4, 0x48, 0xe8, 0x91, 0x98, 0x83, 0xd8, 0x8c, 0x5a, 0xb1, 0xc2, 0x81, 0x9a, 0x90, 0xef, 0xca, - 0x18, 0x37, 0x9b, 0x77, 0xb8, 0xe3, 0x04, 0x6a, 0x1f, 0x66, 0x99, 0x85, 0xde, 0x71, 0x02, 0xcc, - 0x60, 0xd0, 0x43, 0x98, 0xe1, 0x7e, 0x97, 0x56, 0x8b, 0x99, 0xf3, 0x17, 0xbe, 0xcd, 0x25, 0x5a, - 0xe4, 0x3b, 0x79, 0x23, 0xc5, 0x12, 0x8d, 0xc5, 0x05, 0x2c, 0x12, 0x22, 0x1f, 0x07, 0x9b, 0x8e, - 0x2f, 0xeb, 0x66, 0x4a, 0x58, 0x1f, 0x52, 0xb0, 0xc2, 0x85, 0xbe, 0x03, 0x73, 0x72, 0x05, 0xc5, - 0xb1, 0x35, 0x3b, 0xe5, 0xb1, 0x25, 0x82, 0x20, 0x05, 0x01, 0x6b, 0x78, 0xe8, 0xb7, 0x60, 0x96, - 0xf2, 0x5f, 0x74, 0x8a, 0x9d, 0x28, 0x64, 0xd5, 0x09, 0x8c, 0x72, 0x74, 0x41, 0xa2, 0x38, 0x44, - 0x45, 0x07, 0x7c, 0xd0, 0x1d, 0xa7, 0x7b, 0xcf, 0x1a, 0xb0, 0x5d, 0xc7, 0x74, 0xfc, 0x5a, 0xa6, - 0xd4, 0x47, 0x0a, 0xa9, 0x6a, 0xd4, 0xd9, 0x92, 0x90, 0x58, 0x81, 0x37, 0xff, 0x35, 0x0c, 0xb5, - 0xf9, 0xc1, 0x68, 0xa5, 0x54, 0xdd, 0x9e, 0x71, 0xd6, 0x95, 0x70, 0x66, 0xb9, 0x2f, 0xd3, 0x99, - 0x99, 0xff, 0x39, 0x1b, 0x6e, 0x5a, 0x91, 0x1c, 0xad, 0x41, 0x71, 0xb0, 0x6f, 0xd1, 0x70, 0xd7, - 0x86, 0x99, 0x49, 0x71, 0x87, 0x35, 0x3e, 0x1e, 0xd5, 0x40, 0x44, 0x0b, 0xec, 0x0b, 0x0b, 0x4e, - 0x1e, 0xb0, 0x5b, 0xae, 0x4d, 0x7a, 0x3d, 0xd2, 0x96, 0x21, 0x78, 0x1c, 0xb0, 0x87, 0x04, 0x1c, - 0xf3, 0xa0, 0x9b, 0x51, 0xd5, 0x46, 0xec, 0xc2, 0x15, 0xbd, 0x6a, 0xf3, 0x98, 0x59, 0x97, 0x28, - 0x37, 0x4c, 0xac, 0xe2, 0x14, 0x4e, 0xae, 0xe2, 0xa0, 0x0e, 0xcc, 0xd3, 0xc0, 0xf2, 0x83, 0x28, - 0x32, 0x3e, 0x45, 0x30, 0x8e, 0x8e, 0x47, 0xb5, 0xf9, 0x96, 0x86, 0x82, 0x13, 0xa8, 0x68, 0x08, - 0xcb, 0xb6, 0xd7, 0x1f, 0xf4, 0x48, 0x58, 0x92, 0x12, 0xca, 0xa6, 0xaf, 0xb4, 0x5d, 0x60, 0xe9, - 0xdf, 0xc6, 0x38, 0x14, 0x4e, 0xc3, 0x47, 0xbf, 0x0e, 0xa5, 0xf6, 0xd0, 0xb7, 0x58, 0xa3, 0x0c, - 0xec, 0x5f, 0x0c, 0x53, 0x99, 0x4d, 0xd9, 0xfe, 0x78, 0x54, 0x3b, 0xcb, 0x72, 0x81, 0x7a, 0xd8, - 0x80, 0x23, 0x11, 0xb4, 0x07, 0x97, 0x3c, 0x1e, 0xfc, 0x0a, 0xd7, 0x27, 0x02, 0x8c, 0x70, 0x7b, - 0xcb, 0x2a, 0x77, 0x58, 0xb6, 0xbc, 0xf4, 0x60, 0x22, 0x27, 0x3e, 0x01, 0x05, 0xdd, 0x81, 0x19, - 0xb1, 0x89, 0xe4, 0xa9, 0x98, 0x29, 0x3e, 0x01, 0x71, 0x53, 0xc1, 0xc4, 0xb0, 0x14, 0x47, 0x8f, - 0x60, 0x46, 0xa8, 0x91, 0x47, 0xda, 0xf5, 0xe9, 0x0a, 0xb7, 0xa2, 0xfb, 0xb1, 0xff, 0x14, 0xdf, - 0x58, 0x62, 0xa2, 0x5d, 0x5e, 0x26, 0x63, 0x7e, 0xb9, 0xc2, 0xf7, 0x59, 0x96, 0x42, 0x73, 0x8b, - 0x09, 0x6c, 0xbb, 0x1d, 0x4f, 0x2b, 0x8f, 0x71, 0xaf, 0x2c, 0xb0, 0x98, 0x57, 0xee, 0x79, 0xdd, - 0x96, 0xeb, 0x0c, 0x06, 0x24, 0xa8, 0xce, 0xe9, 0x5e, 0xb9, 0x19, 0x51, 0xb0, 0xc2, 0x85, 0x08, - 0x77, 0x6a, 0xa2, 0x94, 0x4b, 0xab, 0x67, 0x79, 0x6f, 0xd6, 0xa6, 0xa8, 0x72, 0x09, 0x49, 0xcd, - 0x9d, 0x49, 0x30, 0xac, 0x00, 0x9b, 0xb6, 0x2c, 0x89, 0xa8, 0xb3, 0x83, 0xee, 0x2b, 0x39, 0xd0, - 0xcd, 0xd3, 0xcc, 0xef, 0xae, 0xa7, 0xa6, 0x45, 0x66, 0x53, 0x66, 0x15, 0x3a, 0x0b, 0xba, 0x21, - 0x73, 0x9a, 0x4d, 0xa7, 0x4b, 0x68, 0x20, 0x5d, 0x8c, 0x9e, 0xa4, 0x08, 0x12, 0x56, 0xf9, 0xcc, - 0x9f, 0x14, 0xe0, 0xac, 0x84, 0x13, 0x11, 0x07, 0xba, 0xa1, 0x85, 0x16, 0x2f, 0x26, 0x42, 0x8b, - 0x25, 0x8d, 0x59, 0x09, 0x2e, 0x7c, 0x98, 0xd7, 0xc3, 0x28, 0x19, 0x64, 0xdc, 0xcc, 0x1c, 0xb1, - 0x69, 0xc8, 0xc2, 0x43, 0xe8, 0xf1, 0x1a, 0x4e, 0x68, 0x60, 0x3a, 0xf5, 0x70, 0x49, 0xa6, 0x02, - 0x37, 0x33, 0x47, 0x66, 0x29, 0x3a, 0xf5, 0xb8, 0x0c, 0x27, 0x34, 0x30, 0x9d, 0xf6, 0x90, 0x06, - 0x5e, 0x3f, 0xd2, 0x59, 0xc8, 0xac, 0x73, 0x83, 0x0b, 0xa6, 0xe8, 0xdc, 0xd0, 0x10, 0x71, 0x42, - 0x03, 0xfa, 0x91, 0x01, 0x17, 0x3e, 0x20, 0xee, 0x81, 0xe3, 0xd2, 0x1d, 0x67, 0x40, 0x7a, 0x8e, - 0x1b, 0x8f, 0x58, 0xf8, 0xde, 0xdf, 0xc8, 0xa0, 0xfd, 0xae, 0x8e, 0xa0, 0x77, 0xe3, 0x2b, 0xc7, - 0xa3, 0xda, 0x85, 0xbb, 0xe9, 0x3a, 0xf0, 0x24, 0xe5, 0xe6, 0xf7, 0x8a, 0xd2, 0xe2, 0xd5, 0x93, - 0x51, 0x3d, 0x4b, 0x8c, 0x27, 0x9c, 0x25, 0x3e, 0xcc, 0xf3, 0x5b, 0x61, 0xc7, 0x96, 0x17, 0x63, - 0x53, 0x58, 0xcd, 0x1d, 0x4d, 0x50, 0x1c, 0xca, 0x7c, 0x36, 0x75, 0x02, 0x4e, 0x68, 0x40, 0x2e, - 0x9c, 0x15, 0xe0, 0xa1, 0xca, 0x7c, 0xe6, 0xfb, 0xbd, 0x3b, 0x4e, 0xf0, 0x76, 0x24, 0x27, 0x34, - 0x2e, 0x1d, 0x8f, 0x6a, 0x67, 0xb5, 0x76, 0xac, 0xc3, 0xa3, 0x21, 0x2c, 0x2a, 0x65, 0x46, 0x3e, - 0x5d, 0xd2, 0x66, 0xbe, 0x3e, 0x5d, 0x61, 0x53, 0x28, 0xe4, 0x29, 0xec, 0x76, 0x02, 0x10, 0x8f, - 0xa9, 0x90, 0xc3, 0xec, 0x59, 0xd1, 0x30, 0x8b, 0xd3, 0x0c, 0xb3, 0x69, 0xa5, 0x0f, 0x33, 0x6e, - 0xc7, 0x3a, 0x3c, 0xfa, 0x2e, 0x2c, 0xee, 0x25, 0x2e, 0x53, 0xe5, 0x59, 0x7d, 0x2b, 0x53, 0x9e, - 0x91, 0x72, 0x0f, 0x2b, 0xc6, 0x9a, 0x24, 0xe1, 0x31, 0x3d, 0xe6, 0x8f, 0x0b, 0x80, 0xc6, 0x6f, - 0x09, 0xd0, 0x75, 0xcd, 0x95, 0x5d, 0x49, 0xb8, 0xb2, 0x45, 0x55, 0x42, 0xf1, 0x64, 0x8f, 0x60, - 0x46, 0xf4, 0x77, 0x8a, 0xea, 0x85, 0xec, 0x88, 0x04, 0x4b, 0x33, 0x0a, 0x89, 0xc9, 0x02, 0x78, - 0x69, 0x8f, 0xd2, 0xee, 0x4e, 0x01, 0x9f, 0x66, 0xe5, 0x21, 0x2a, 0xda, 0x97, 0x07, 0x81, 0xb0, - 0x05, 0x69, 0x69, 0x37, 0x4e, 0x55, 0x42, 0x17, 0x45, 0x05, 0xa5, 0x1d, 0xab, 0xd0, 0x72, 0xa2, - 0x7a, 0xd6, 0x9e, 0x34, 0xad, 0xa7, 0x98, 0x28, 0xc5, 0xac, 0x24, 0x26, 0x22, 0x50, 0x8e, 0xd6, - 0x59, 0x1a, 0xd2, 0x29, 0x14, 0xa4, 0x5b, 0x50, 0x8c, 0x6c, 0xfe, 0xfe, 0x2c, 0x28, 0xc9, 0x02, - 0xfa, 0x26, 0xcc, 0x53, 0xe2, 0x1f, 0x3a, 0x36, 0x59, 0xb7, 0x6d, 0x6f, 0xe8, 0x86, 0x27, 0x69, - 0x74, 0x5b, 0xdb, 0xd2, 0xa8, 0x38, 0xc1, 0xcd, 0xaf, 0xc2, 0xf9, 0x81, 0x21, 0x8d, 0x27, 0xfb, - 0x55, 0x78, 0x22, 0x17, 0x95, 0xf5, 0x30, 0x89, 0xa6, 0x15, 0xd5, 0xf2, 0xcf, 0xba, 0xa8, 0xf6, - 0x1d, 0x28, 0x51, 0xfd, 0x34, 0xfb, 0x5a, 0xf6, 0x40, 0x45, 0x1e, 0x20, 0x51, 0xbd, 0x3f, 0x3a, - 0x35, 0x22, 0x4c, 0x36, 0x29, 0x32, 0xcc, 0x2c, 0x4e, 0x37, 0x29, 0x4f, 0x08, 0x30, 0x7f, 0x13, - 0xca, 0x3e, 0x11, 0x13, 0x44, 0xa5, 0x89, 0xa4, 0x66, 0xda, 0x58, 0x32, 0x61, 0xf2, 0xe1, 0xd0, - 0xf1, 0x49, 0x9f, 0xb8, 0x01, 0x8d, 0xf3, 0xa8, 0x90, 0x4a, 0x71, 0x8c, 0x86, 0x3e, 0x00, 0x18, - 0x44, 0x65, 0x5b, 0x99, 0xc5, 0x67, 0x8e, 0xde, 0xf4, 0x82, 0x6f, 0x1c, 0x36, 0xc6, 0xed, 0x58, - 0x41, 0x47, 0xef, 0xc3, 0xc5, 0x38, 0x11, 0xd9, 0x24, 0x56, 0x9b, 0x9f, 0xb1, 0xf2, 0x6e, 0x44, - 0xdc, 0x16, 0x7c, 0xf5, 0x78, 0x54, 0xbb, 0xb8, 0x31, 0x89, 0x09, 0x4f, 0x96, 0x47, 0x7d, 0x98, - 0x73, 0xbd, 0x36, 0x69, 0x91, 0x1e, 0xb1, 0x03, 0xcf, 0x97, 0x19, 0x43, 0x96, 0x8c, 0x5e, 0xd4, - 0x9e, 0xac, 0xde, 0x7d, 0x45, 0x5c, 0xd4, 0x27, 0xd4, 0x16, 0xac, 0xc1, 0xa3, 0x37, 0x61, 0xbe, - 0xcf, 0x36, 0xc2, 0xae, 0x3f, 0xa4, 0x01, 0x69, 0x6f, 0xac, 0xf3, 0xcc, 0xa2, 0x24, 0x5c, 0xd6, - 0x3d, 0x8d, 0x82, 0x13, 0x9c, 0xe6, 0x1f, 0x19, 0x90, 0xf2, 0x4a, 0x46, 0x33, 0x7d, 0xe3, 0x59, - 0x9b, 0xfe, 0x2b, 0x30, 0x43, 0xe3, 0x0b, 0x06, 0xb5, 0x8e, 0x2e, 0xaa, 0x2f, 0x92, 0x6a, 0xfe, - 0x95, 0x01, 0xe7, 0xd2, 0x4a, 0x1c, 0xcc, 0x06, 0xa3, 0x82, 0x86, 0xec, 0x5e, 0xf6, 0x6a, 0x8f, - 0x7a, 0xf9, 0x26, 0x20, 0x70, 0x8c, 0xc6, 0x7c, 0x51, 0x9b, 0xd0, 0xc0, 0x71, 0x79, 0x66, 0xb9, - 0xe9, 0xf8, 0xb2, 0x8f, 0x91, 0x2f, 0xda, 0xd4, 0xa8, 0x38, 0xc1, 0x6d, 0xfe, 0xa0, 0x00, 0xcb, - 0x29, 0x21, 0x27, 0xda, 0x92, 0xc5, 0xed, 0x29, 0xee, 0x65, 0xa2, 0x57, 0x10, 0x5a, 0x81, 0x1b, - 0x06, 0xc3, 0x5e, 0xef, 0xe9, 0xee, 0x67, 0x42, 0x79, 0xac, 0x60, 0x85, 0xd5, 0xea, 0xfc, 0x29, - 0xaa, 0xd5, 0x77, 0x01, 0x91, 0x8f, 0x07, 0x1e, 0x25, 0x32, 0x75, 0xf0, 0xf8, 0xf1, 0x51, 0xe0, - 0x36, 0x18, 0xbd, 0x80, 0xd9, 0x1a, 0xe3, 0xc0, 0x29, 0x52, 0x68, 0x15, 0xca, 0x1d, 0xcf, 0xb7, - 0x09, 0xeb, 0x25, 0xf7, 0x5c, 0x4a, 0xf1, 0xe5, 0x76, 0x48, 0xc0, 0x31, 0x0f, 0x7a, 0x2f, 0x2e, - 0xce, 0xcd, 0x64, 0xbe, 0x53, 0x12, 0x63, 0xe6, 0x8e, 0x62, 0x72, 0x55, 0x6e, 0x1d, 0x16, 0xb8, - 0xc0, 0xfa, 0xce, 0x76, 0x58, 0xf6, 0x17, 0xcf, 0xef, 0x2e, 0x48, 0x11, 0x51, 0xf2, 0x8d, 0xc9, - 0x38, 0xc9, 0x6f, 0x7e, 0x56, 0x80, 0xe5, 0x94, 0x44, 0x2b, 0xba, 0xea, 0x30, 0x9e, 0xe6, 0xaa, - 0xe3, 0xcb, 0xb2, 0x84, 0x57, 0x61, 0xd6, 0xf5, 0x36, 0x2c, 0x7b, 0x9f, 0xc8, 0x6b, 0xe5, 0x68, - 0x8a, 0xee, 0x8b, 0x66, 0x1c, 0xd2, 0x43, 0xa3, 0x29, 0x9c, 0xc2, 0x68, 0xa6, 0x5e, 0xe8, 0x6f, - 0x86, 0xc9, 0x6e, 0xc7, 0xe9, 0x91, 0x1d, 0x2b, 0xd8, 0x97, 0xd5, 0xe1, 0x78, 0x67, 0x6a, 0x54, - 0x9c, 0xe0, 0x46, 0xdf, 0x82, 0xb2, 0x58, 0x1e, 0xbf, 0x4b, 0x33, 0x5c, 0xca, 0x44, 0x9d, 0x69, - 0x84, 0x42, 0x38, 0x96, 0x47, 0x03, 0xb8, 0xc0, 0xa3, 0x32, 0xe6, 0xaf, 0xfb, 0xce, 0x77, 0xf9, - 0xf6, 0x97, 0xaf, 0x5f, 0x44, 0xb9, 0xe9, 0x26, 0xcb, 0xed, 0xb6, 0xd3, 0x59, 0x1e, 0x4f, 0x26, - 0xe1, 0x49, 0xb0, 0xe6, 0x0f, 0x0c, 0x48, 0xbf, 0x4a, 0xd1, 0x07, 0x66, 0x3c, 0xe5, 0xc0, 0x5e, - 0x8e, 0x17, 0x5f, 0x94, 0x3e, 0x2b, 0x69, 0x0b, 0x6f, 0xfe, 0xb1, 0x01, 0xcb, 0x29, 0xb9, 0xe0, - 0x2f, 0xc6, 0xb9, 0xf1, 0x79, 0x2e, 0xd9, 0xb9, 0xad, 0x43, 0xe2, 0x06, 0xa7, 0xbb, 0xc0, 0xd9, - 0x12, 0xd7, 0x26, 0x39, 0x59, 0x01, 0xcd, 0x94, 0xc8, 0xf1, 0x5a, 0x9a, 0x7e, 0x5f, 0xf2, 0x14, - 0xee, 0x75, 0xf2, 0xfd, 0x5c, 0xe1, 0x79, 0xdf, 0xcf, 0x99, 0x7f, 0x6d, 0xc0, 0xbc, 0x7e, 0x2f, - 0x84, 0xbe, 0x0a, 0xf9, 0xa1, 0xef, 0xc8, 0x49, 0x8d, 0x7a, 0xff, 0x0e, 0xde, 0xc6, 0xac, 0x9d, - 0x91, 0x7d, 0xd2, 0x91, 0x2b, 0x16, 0x91, 0x31, 0xe9, 0x60, 0xd6, 0x8e, 0x08, 0x54, 0x06, 0xbe, - 0xf7, 0xf1, 0x91, 0x38, 0x8c, 0xa7, 0x78, 0xcb, 0xba, 0x13, 0x4b, 0xc5, 0x25, 0x37, 0xa5, 0x11, - 0xab, 0xb8, 0x3c, 0xcc, 0x19, 0x2f, 0x24, 0xfc, 0x62, 0x98, 0xeb, 0xdf, 0xe7, 0x60, 0x56, 0x1a, - 0x0d, 0xfa, 0x10, 0xe6, 0xbb, 0xda, 0xf4, 0x4e, 0xd1, 0xad, 0xc4, 0x7d, 0x5d, 0xe4, 0x17, 0xf5, - 0x76, 0x9c, 0x50, 0x80, 0x7e, 0x07, 0x96, 0xba, 0x4e, 0xa0, 0x8f, 0x69, 0x8a, 0xcb, 0xca, 0x3b, - 0x49, 0xd9, 0xc6, 0x45, 0xa9, 0x78, 0x69, 0x8c, 0x84, 0xc7, 0x35, 0xa1, 0x07, 0x50, 0xf0, 0x49, - 0x67, 0x9a, 0x07, 0x21, 0x6c, 0x4f, 0x91, 0x0e, 0xdf, 0x63, 0x51, 0x88, 0x84, 0x49, 0x87, 0x62, - 0x0e, 0x64, 0xfe, 0x9e, 0x58, 0xea, 0x44, 0x31, 0xe5, 0x7f, 0xe3, 0x79, 0xf9, 0x7f, 0x1b, 0x00, - 0x71, 0x67, 0x7f, 0xf9, 0xd6, 0xd6, 0xfc, 0xcb, 0x1c, 0x8c, 0x33, 0xb2, 0x7d, 0x61, 0x8b, 0x14, - 0xcf, 0x48, 0xfd, 0x4b, 0x87, 0xa4, 0xa2, 0x47, 0x30, 0x63, 0xf1, 0xff, 0x44, 0x4c, 0xd1, 0x63, - 0xa1, 0x6a, 0xc3, 0x73, 0x03, 0xdf, 0xeb, 0xbd, 0x43, 0x89, 0xaf, 0xfc, 0x11, 0x81, 0x63, 0x61, - 0x89, 0x89, 0x08, 0xcb, 0x21, 0xe4, 0xff, 0x1a, 0xa6, 0x78, 0x52, 0x3c, 0xae, 0x40, 0xc9, 0x27, - 0x24, 0x1c, 0x8e, 0x91, 0xa7, 0xb8, 0xe3, 0x33, 0xbf, 0x6f, 0xc0, 0x62, 0xb2, 0xf2, 0xc8, 0xe4, - 0x79, 0x44, 0xb0, 0xbd, 0x99, 0xac, 0xeb, 0x6e, 0x8b, 0x66, 0x1c, 0xd2, 0xd1, 0x5d, 0x98, 0x65, - 0x91, 0x21, 0x96, 0xde, 0x36, 0x63, 0x5c, 0xc9, 0xcf, 0xf7, 0xdb, 0x42, 0x0e, 0x87, 0x00, 0xe6, - 0x3f, 0x1a, 0x80, 0xc6, 0x6b, 0x53, 0x68, 0x07, 0xce, 0x89, 0x57, 0xeb, 0xf2, 0xc2, 0x75, 0x5b, - 0xeb, 0xda, 0x65, 0xd9, 0xb5, 0x73, 0xcd, 0x14, 0x1e, 0x9c, 0x2a, 0x19, 0x45, 0xc2, 0xb9, 0xd3, - 0x47, 0xc2, 0xaf, 0xc0, 0xcc, 0x80, 0xcd, 0x55, 0x5b, 0x86, 0xab, 0xd1, 0x8a, 0xef, 0xf0, 0x56, - 0x2c, 0xa9, 0xe6, 0xdf, 0xe4, 0xa0, 0x3a, 0xe9, 0xc9, 0xea, 0x97, 0x30, 0xb2, 0x47, 0xda, 0xc8, - 0xde, 0xcc, 0xfc, 0x3e, 0x22, 0xf0, 0x89, 0xd5, 0xdf, 0xb5, 0xba, 0x27, 0x27, 0x82, 0x7d, 0x58, - 0x50, 0xb4, 0x9e, 0xf2, 0xef, 0x09, 0x51, 0x22, 0xd3, 0xd4, 0xa1, 0x70, 0x12, 0xdb, 0x6c, 0x01, - 0xc4, 0x6f, 0xee, 0xd0, 0x15, 0x28, 0xb8, 0x56, 0x3f, 0x0c, 0xa4, 0xa2, 0xee, 0xf1, 0x3f, 0x21, - 0x71, 0x0a, 0x7a, 0x09, 0x8a, 0x87, 0x56, 0x6f, 0x18, 0xfe, 0xcb, 0x2b, 0x7a, 0x39, 0xfb, 0x90, - 0x35, 0x62, 0x41, 0x33, 0xff, 0x24, 0x07, 0x15, 0xe5, 0x4d, 0xc8, 0xb3, 0xca, 0x91, 0x5f, 0x80, - 0x9c, 0x45, 0x79, 0x4e, 0x52, 0x16, 0x97, 0x78, 0xeb, 0x14, 0xe7, 0x2c, 0x8a, 0xde, 0x85, 0xe2, - 0xc0, 0x0a, 0xf6, 0xc3, 0x77, 0xbf, 0xd7, 0xa6, 0x7b, 0xb1, 0xc2, 0x72, 0x88, 0x78, 0x1c, 0xec, - 0x8b, 0x62, 0x81, 0x97, 0x48, 0xc5, 0xf2, 0xcf, 0x2e, 0x15, 0x33, 0xbf, 0x67, 0xc0, 0x42, 0xa2, - 0x0f, 0xe8, 0x1a, 0x00, 0x8d, 0xbe, 0xe4, 0x12, 0x44, 0xd5, 0xae, 0x98, 0x0f, 0x2b, 0x5c, 0x4f, - 0x5d, 0xd5, 0xe8, 0xc1, 0x85, 0x09, 0xc6, 0xc9, 0xf2, 0x38, 0xb6, 0xe2, 0x74, 0x60, 0xd9, 0x24, - 0xf9, 0xbc, 0xf9, 0x7e, 0x48, 0xc0, 0x31, 0x4f, 0x64, 0x3c, 0xb9, 0x49, 0xc6, 0x63, 0xfe, 0x93, - 0x01, 0x97, 0x4f, 0xba, 0x38, 0x63, 0x99, 0xb9, 0xbc, 0x1d, 0x8b, 0x72, 0x41, 0x43, 0xcf, 0xcc, - 0xef, 0xea, 0x64, 0x9c, 0xe4, 0x47, 0x37, 0xa0, 0xa2, 0x34, 0xc9, 0xce, 0x44, 0x71, 0xa4, 0x22, - 0x8e, 0x55, 0xbe, 0xa7, 0x08, 0xe3, 0xcd, 0xbf, 0x33, 0xe0, 0x5c, 0x5a, 0x79, 0x0f, 0x75, 0xc3, - 0xf7, 0xe8, 0x22, 0x77, 0x6b, 0x9c, 0xb2, 0x4c, 0x58, 0xe7, 0xaf, 0xd2, 0xb7, 0xdc, 0xc0, 0x3f, - 0x4a, 0x7f, 0xa9, 0x7e, 0xe9, 0x16, 0x40, 0xcc, 0x83, 0x16, 0x21, 0x7f, 0x40, 0x8e, 0xc4, 0xc4, - 0x61, 0xf6, 0x13, 0x9d, 0xd3, 0x36, 0xad, 0xdc, 0xa5, 0x6f, 0xe6, 0x6e, 0x19, 0x6f, 0x96, 0xfe, - 0xf0, 0x4f, 0x6b, 0x67, 0x3e, 0xf9, 0xf9, 0x95, 0x33, 0xe6, 0x0f, 0x0d, 0x50, 0xa3, 0x6c, 0xf4, - 0x1a, 0x94, 0xf7, 0x83, 0x60, 0xc0, 0x9b, 0xe4, 0xf3, 0x17, 0xfe, 0x26, 0xfb, 0xed, 0xdd, 0xdd, - 0x1d, 0xde, 0x88, 0x63, 0x3a, 0xaa, 0x03, 0xb0, 0x0f, 0x2a, 0xb8, 0x0b, 0xf1, 0x93, 0x35, 0xc6, - 0xdd, 0x12, 0xec, 0x0a, 0x87, 0x48, 0x46, 0x05, 0xb3, 0xf8, 0x9b, 0x93, 0x4c, 0x46, 0x05, 0x67, - 0x48, 0x33, 0xff, 0xc2, 0x80, 0xa5, 0xb1, 0xe7, 0x56, 0x68, 0x27, 0x0a, 0xbf, 0xa7, 0xad, 0x10, - 0x4e, 0x08, 0xd4, 0x9f, 0x7a, 0x17, 0xdd, 0x82, 0x73, 0x02, 0x91, 0x6b, 0x8d, 0xb7, 0xd0, 0x13, - 0xdd, 0xa9, 0xf9, 0x67, 0x06, 0x40, 0x5c, 0xb3, 0x42, 0x7b, 0x30, 0x27, 0xba, 0xa4, 0xc5, 0x91, - 0xd9, 0x07, 0x78, 0x4e, 0xaa, 0x98, 0x6b, 0x29, 0x28, 0x58, 0xc3, 0x64, 0xfb, 0x9a, 0x97, 0x8a, - 0xf9, 0xee, 0xca, 0xe9, 0xfb, 0xfa, 0x5e, 0x48, 0xc0, 0x31, 0x8f, 0xf9, 0x49, 0x1e, 0x96, 0x53, - 0x2e, 0xf8, 0xff, 0x5f, 0x57, 0x3e, 0x5f, 0x85, 0x59, 0xf1, 0xe6, 0x9b, 0x26, 0xa3, 0x3b, 0xf1, - 0x24, 0x9c, 0xe2, 0x90, 0x8e, 0xd6, 0xa0, 0xe2, 0xb8, 0xb6, 0xb8, 0x08, 0xb1, 0xc2, 0x8a, 0x97, - 0xb8, 0xeb, 0x8b, 0x9b, 0xb1, 0xca, 0xa3, 0x97, 0xc8, 0x66, 0x9e, 0x5c, 0x22, 0x33, 0xbf, 0x0d, - 0x4b, 0x63, 0xf1, 0x69, 0xb6, 0xc3, 0x9a, 0xf0, 0xff, 0x03, 0x27, 0x0e, 0x6b, 0xf1, 0x37, 0x60, - 0x41, 0x33, 0x7f, 0x64, 0xc0, 0x7c, 0x22, 0x90, 0x3f, 0x55, 0x3d, 0xe5, 0x81, 0x5a, 0x4f, 0x39, - 0x5d, 0x12, 0xa2, 0x55, 0x56, 0xcc, 0xbb, 0x90, 0xfe, 0xac, 0x37, 0x39, 0xe3, 0xc6, 0x93, 0x67, - 0xdc, 0xfc, 0x49, 0x0e, 0xca, 0xd1, 0x6b, 0x28, 0xf4, 0x86, 0x36, 0x73, 0x17, 0xd5, 0x99, 0x7b, - 0x3c, 0xaa, 0x09, 0x46, 0x65, 0x1a, 0xdf, 0x87, 0x72, 0xf4, 0x9a, 0x2e, 0xaa, 0x17, 0x65, 0x0f, - 0xc6, 0xa2, 0xa5, 0x8d, 0x9e, 0xe8, 0xe1, 0x18, 0x8f, 0xc5, 0xa7, 0xe1, 0x73, 0xb7, 0x7b, 0x4e, - 0xaf, 0xe7, 0x50, 0x79, 0x55, 0x95, 0xe7, 0x57, 0x55, 0x51, 0x7c, 0xba, 0x99, 0xc2, 0x83, 0x53, - 0x25, 0xd1, 0x0e, 0x14, 0x69, 0x40, 0x06, 0x54, 0x56, 0x6f, 0x5f, 0xcb, 0xf4, 0x50, 0x8c, 0x0c, - 0x78, 0xde, 0x1d, 0x99, 0x08, 0x6b, 0xa1, 0x58, 0x00, 0x99, 0xff, 0x61, 0x40, 0x29, 0x64, 0x41, - 0xaf, 0x6b, 0x93, 0x57, 0x4d, 0x4c, 0x1e, 0xe7, 0xfb, 0x3f, 0x3b, 0x77, 0xe6, 0xc8, 0x80, 0x79, - 0xfd, 0xd2, 0x5b, 0xa9, 0xf6, 0x18, 0x27, 0x55, 0x7b, 0xd0, 0xeb, 0x50, 0xb2, 0x7a, 0x3d, 0xef, - 0xa3, 0x2d, 0xf7, 0x50, 0x56, 0x58, 0xa3, 0x5b, 0xdc, 0x75, 0xd9, 0x8e, 0x23, 0x0e, 0x74, 0x08, - 0x0b, 0x42, 0x2e, 0x7e, 0xce, 0x98, 0xcf, 0x7c, 0x99, 0x98, 0x76, 0xd8, 0x34, 0x96, 0x59, 0x78, - 0xd4, 0xd2, 0x31, 0x71, 0x52, 0x49, 0xe3, 0xea, 0x67, 0x5f, 0xac, 0x9c, 0xf9, 0xd9, 0x17, 0x2b, - 0x67, 0x3e, 0xff, 0x62, 0xe5, 0xcc, 0x27, 0xc7, 0x2b, 0xc6, 0x67, 0xc7, 0x2b, 0xc6, 0xcf, 0x8e, - 0x57, 0x8c, 0xcf, 0x8f, 0x57, 0x8c, 0x7f, 0x3b, 0x5e, 0x31, 0xfe, 0xe0, 0xdf, 0x57, 0xce, 0x7c, - 0x3b, 0x77, 0xb8, 0xf6, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x8e, 0x55, 0xa9, 0x0e, 0x68, 0x43, - 0x00, 0x00, + 0x76, 0x56, 0xcf, 0x0f, 0x39, 0xf3, 0x86, 0x22, 0xa9, 0xa2, 0x64, 0x8d, 0xb4, 0x5a, 0x8e, 0xdc, + 0x8e, 0x0d, 0x39, 0xb6, 0x87, 0x4b, 0x59, 0x52, 0x64, 0x1b, 0xd9, 0x80, 0x43, 0x52, 0x32, 0xb5, + 0x23, 0x89, 0xa8, 0xa1, 0x65, 0xef, 0x5a, 0xd8, 0xa4, 0xd9, 0x53, 0x33, 0x6c, 0x73, 0xa6, 0x7b, + 0xdc, 0xd5, 0x43, 0x9b, 0x0b, 0x04, 0x58, 0x04, 0x58, 0x24, 0xeb, 0xbd, 0x64, 0x2f, 0x8b, 0x24, + 0x97, 0x24, 0x58, 0xe4, 0x94, 0x53, 0x0e, 0x01, 0x36, 0xd8, 0x4b, 0x80, 0xec, 0xc1, 0x87, 0x04, + 0xd8, 0x20, 0x01, 0x62, 0x60, 0x17, 0x83, 0x98, 0x39, 0x04, 0xc8, 0x21, 0x40, 0x72, 0xd4, 0x21, + 0x08, 0xea, 0xa7, 0xbb, 0xab, 0x7a, 0x7a, 0xa8, 0x1e, 0x4a, 0x56, 0x9c, 0xe4, 0x36, 0x53, 0xef, + 0xbd, 0xef, 0xd5, 0xcf, 0xab, 0x57, 0xef, 0xbd, 0xaa, 0x86, 0xd5, 0xae, 0x13, 0xec, 0x0d, 0x77, + 0xeb, 0xb6, 0xd7, 0x5f, 0xf1, 0x06, 0xc4, 0xa5, 0x7b, 0x4e, 0x27, 0x58, 0xb1, 0x06, 0xce, 0xca, + 0xee, 0xd0, 0xe9, 0xb5, 0x57, 0x0e, 0x56, 0x57, 0xba, 0xc4, 0x25, 0xbe, 0x15, 0x90, 0x76, 0x7d, + 0xe0, 0x7b, 0x81, 0x87, 0x9e, 0x8f, 0x45, 0xea, 0x91, 0x48, 0xdd, 0x1a, 0x38, 0x75, 0x2e, 0x52, + 0x3f, 0x58, 0xbd, 0xf8, 0x9a, 0x82, 0xda, 0xf5, 0xba, 0xde, 0x0a, 0x97, 0xdc, 0x1d, 0x76, 0xf8, + 0x3f, 0xfe, 0x87, 0xff, 0x12, 0x88, 0x17, 0xcd, 0xfd, 0x9b, 0xb4, 0xee, 0x78, 0x5c, 0xad, 0xed, + 0xf9, 0x24, 0x45, 0xeb, 0xc5, 0x6b, 0x31, 0x4f, 0xdf, 0xb2, 0xf7, 0x1c, 0x97, 0xf8, 0x87, 0x2b, + 0x83, 0xfd, 0x2e, 0x6b, 0xa0, 0x2b, 0x7d, 0x12, 0x58, 0x69, 0x52, 0x37, 0x26, 0x49, 0xf9, 0x43, + 0x37, 0x70, 0xfa, 0x64, 0x85, 0xda, 0x7b, 0xa4, 0x6f, 0x25, 0xe5, 0xcc, 0xbf, 0x2e, 0xc0, 0x85, + 0x86, 0xe3, 0x5a, 0xfe, 0x61, 0x83, 0x8d, 0x09, 0x93, 0x0f, 0x87, 0x84, 0x06, 0xf7, 0x07, 0x81, + 0xe3, 0xb9, 0x14, 0xfd, 0x16, 0x94, 0x98, 0xc2, 0xb6, 0x15, 0x58, 0x55, 0xe3, 0xb2, 0x71, 0xa5, + 0x72, 0xf5, 0x6b, 0x75, 0xa1, 0xa8, 0xae, 0x2a, 0xaa, 0x0f, 0xf6, 0xbb, 0xac, 0x81, 0xd6, 0x19, + 0x77, 0xfd, 0x60, 0xb5, 0x7e, 0x7f, 0xf7, 0x03, 0x62, 0x07, 0x77, 0x49, 0x60, 0x35, 0xd0, 0xa7, + 0xa3, 0xda, 0xa9, 0xa3, 0x51, 0x0d, 0xe2, 0x36, 0x1c, 0xa1, 0xa2, 0x97, 0x60, 0xc6, 0xa2, 0xb7, + 0x9c, 0x1e, 0xa9, 0xe6, 0x2e, 0x1b, 0x57, 0xca, 0x8d, 0x79, 0xc9, 0x3d, 0xb3, 0xc6, 0x5b, 0xb1, + 0xa4, 0xa2, 0x1b, 0x30, 0xef, 0x93, 0x03, 0x87, 0x3a, 0x9e, 0xbb, 0xee, 0xf5, 0xfb, 0x4e, 0x50, + 0xcd, 0xeb, 0xfc, 0xa2, 0x15, 0x27, 0xb8, 0xd0, 0x1b, 0xb0, 0x10, 0xb6, 0xdc, 0x25, 0x94, 0x5a, + 0x5d, 0x52, 0x2d, 0x70, 0xc1, 0x05, 0x29, 0x38, 0x2b, 0x9b, 0x71, 0x92, 0x0f, 0x35, 0x00, 0x85, + 0x4d, 0x6b, 0xc3, 0x60, 0xcf, 0xf3, 0xef, 0x59, 0x7d, 0x52, 0x2d, 0x72, 0xe9, 0x68, 0x50, 0x31, + 0x05, 0xa7, 0x70, 0xa3, 0x4d, 0x58, 0xd2, 0x5b, 0x37, 0xfb, 0x96, 0xd3, 0xab, 0xce, 0x70, 0x90, + 0x25, 0x09, 0x52, 0x51, 0x48, 0x38, 0x8d, 0x1f, 0x7d, 0x03, 0xce, 0xe9, 0xe3, 0x0a, 0x88, 0xe8, + 0xcd, 0x2c, 0x07, 0x3a, 0x27, 0x81, 0x4e, 0x6b, 0x44, 0x9c, 0x2e, 0x83, 0xee, 0xc1, 0x73, 0x63, + 0x04, 0xd1, 0xad, 0x12, 0x47, 0x7b, 0x4e, 0xa2, 0xcd, 0xeb, 0x54, 0x3c, 0x41, 0xca, 0x7c, 0x0b, + 0xce, 0x28, 0x16, 0xd4, 0xf2, 0x86, 0xbe, 0x4d, 0x94, 0x75, 0x35, 0x8e, 0x5b, 0x57, 0xf3, 0x13, + 0x03, 0xce, 0x35, 0x9c, 0x60, 0x77, 0x68, 0xef, 0x93, 0xe0, 0x5d, 0xb2, 0xfb, 0xb6, 0xe7, 0xed, + 0xaf, 0x5b, 0x43, 0x4a, 0xd0, 0x87, 0x00, 0xb6, 0xd7, 0xef, 0x7b, 0x6e, 0x6b, 0x40, 0x6c, 0x69, + 0x7d, 0xd7, 0xeb, 0x8f, 0xdd, 0x92, 0xf5, 0x75, 0x2e, 0xa4, 0x42, 0x35, 0x2e, 0x4a, 0xe5, 0x68, + 0x9c, 0x86, 0x15, 0x25, 0xe6, 0x0f, 0x73, 0x50, 0xe4, 0x83, 0x78, 0x06, 0x86, 0x7f, 0x0f, 0x0a, + 0x94, 0x0d, 0x2c, 0xc7, 0xd1, 0x5f, 0xcd, 0x30, 0x30, 0x31, 0xbd, 0x03, 0x62, 0x37, 0xe6, 0x24, + 0x72, 0x81, 0xfd, 0xc3, 0x1c, 0x07, 0x3d, 0x80, 0x19, 0x1a, 0x58, 0xc1, 0x90, 0xf2, 0x8d, 0x51, + 0xb9, 0x5a, 0xcf, 0x8c, 0xc8, 0xa5, 0xe2, 0x05, 0x12, 0xff, 0xb1, 0x44, 0x33, 0xff, 0x2e, 0x0f, + 0xf3, 0x9c, 0x6f, 0xdd, 0x73, 0xdb, 0x0e, 0x73, 0x0b, 0xe8, 0x06, 0x14, 0x82, 0xc3, 0x41, 0xb8, + 0xb2, 0x66, 0xd8, 0x99, 0x9d, 0xc3, 0x01, 0x79, 0x34, 0xaa, 0x21, 0x9d, 0x9b, 0xb5, 0x62, 0xce, + 0x8f, 0x9a, 0x51, 0x17, 0xc5, 0x5e, 0xbf, 0xa6, 0xab, 0x7c, 0x34, 0xaa, 0xa5, 0xf8, 0xc7, 0x7a, + 0x84, 0xa4, 0x77, 0x0c, 0x7d, 0x00, 0xf3, 0x3d, 0x8b, 0x06, 0xef, 0x0c, 0xda, 0x56, 0x40, 0x76, + 0x9c, 0x3e, 0xe1, 0xbb, 0xaa, 0x72, 0xf5, 0x57, 0xb3, 0x2d, 0x14, 0x93, 0x88, 0x4d, 0xbd, 0xa9, + 0x21, 0xe1, 0x04, 0x32, 0x3a, 0x00, 0xc4, 0x5a, 0x76, 0x7c, 0xcb, 0xa5, 0x62, 0x54, 0x4c, 0x5f, + 0x7e, 0x6a, 0x7d, 0x91, 0x21, 0x36, 0xc7, 0xd0, 0x70, 0x8a, 0x06, 0xb6, 0x8b, 0x7c, 0x62, 0x51, + 0xcf, 0x95, 0x4e, 0x2b, 0x5a, 0x24, 0xcc, 0x5b, 0xb1, 0xa4, 0xa2, 0x97, 0x61, 0xb6, 0x2f, 0xbd, + 0x5b, 0x31, 0xdd, 0xbb, 0x85, 0x74, 0xf3, 0xc7, 0x39, 0xa8, 0x84, 0x2b, 0xd4, 0x71, 0xba, 0xcf, + 0xc0, 0xd2, 0x77, 0x34, 0x4b, 0xbf, 0x9a, 0xd5, 0x2e, 0x45, 0xff, 0x26, 0xda, 0xfb, 0xc3, 0x84, + 0xbd, 0x5f, 0x9b, 0x12, 0xf7, 0x78, 0xab, 0xff, 0x99, 0x01, 0x0b, 0x0a, 0x77, 0xd3, 0xa1, 0x01, + 0x7a, 0x38, 0x36, 0x53, 0xf5, 0x6c, 0x33, 0xc5, 0xa4, 0xf9, 0x3c, 0x2d, 0x4a, 0x6d, 0xa5, 0xb0, + 0x45, 0x99, 0xa5, 0x16, 0x14, 0x9d, 0x80, 0xf4, 0xd9, 0xde, 0xc8, 0x4f, 0xb3, 0x7d, 0x45, 0x07, + 0x1b, 0xa7, 0x25, 0x74, 0x71, 0x8b, 0x81, 0x60, 0x81, 0x65, 0xfe, 0x32, 0xaf, 0x0d, 0x83, 0x4d, + 0x1f, 0xb2, 0xa1, 0x14, 0xf8, 0x4e, 0xb7, 0x4b, 0x7c, 0x5a, 0x35, 0xb8, 0xae, 0xeb, 0x59, 0x75, + 0xed, 0x08, 0xb9, 0x6d, 0xaf, 0xe7, 0xd8, 0x87, 0xf1, 0x68, 0x64, 0x33, 0xc5, 0x11, 0x30, 0x5a, + 0x83, 0xb2, 0x3f, 0x74, 0x05, 0xa3, 0xdc, 0xed, 0x2f, 0x48, 0xf6, 0x32, 0x0e, 0x09, 0x8f, 0x46, + 0x35, 0xe1, 0x5a, 0xa2, 0x16, 0x1c, 0x4b, 0x21, 0x4b, 0xf3, 0xff, 0x62, 0x91, 0x5f, 0xcb, 0xec, + 0xff, 0xb9, 0xdd, 0x44, 0x76, 0x19, 0xb7, 0xa9, 0xfe, 0x1e, 0xb5, 0xe1, 0x12, 0x1d, 0xda, 0x36, + 0xa1, 0xb4, 0x33, 0xec, 0xf1, 0x9e, 0xd0, 0xb7, 0x1d, 0x1a, 0x78, 0xfe, 0x61, 0xd3, 0x61, 0x21, + 0x06, 0xdb, 0x74, 0xc5, 0xc6, 0xe5, 0xa3, 0x51, 0xed, 0x52, 0xeb, 0x18, 0x3e, 0x7c, 0x2c, 0x0a, + 0x7a, 0x0f, 0xaa, 0x1d, 0xcb, 0xe9, 0x91, 0x76, 0x8a, 0x86, 0x22, 0xd7, 0x70, 0xe9, 0x68, 0x54, + 0xab, 0xde, 0x9a, 0xc0, 0x83, 0x27, 0x4a, 0x9b, 0xff, 0x64, 0xc0, 0x99, 0x31, 0x9b, 0x46, 0xd7, + 0xa1, 0xc2, 0x5c, 0xc9, 0x03, 0xe2, 0xb3, 0xc3, 0x9a, 0x9b, 0x6a, 0x3e, 0x8e, 0x35, 0x9a, 0x31, + 0x09, 0xab, 0x7c, 0xe8, 0x13, 0x03, 0x96, 0x9c, 0xbe, 0xd5, 0x25, 0xeb, 0x7b, 0x96, 0xdb, 0x25, + 0xe1, 0xa2, 0x4a, 0x7b, 0x7c, 0x2b, 0xc3, 0xcc, 0x6f, 0x8d, 0x49, 0xcb, 0x5d, 0xf6, 0x15, 0xa9, + 0x7c, 0x69, 0x9c, 0x83, 0xe2, 0x34, 0xa5, 0xe6, 0x4f, 0x0c, 0x28, 0xf3, 0x91, 0x3d, 0x83, 0x9d, + 0x77, 0x57, 0xdf, 0x79, 0x57, 0xb2, 0xee, 0x86, 0x09, 0x7b, 0x0e, 0xa0, 0x24, 0x7a, 0xee, 0x75, + 0xcd, 0xff, 0x28, 0xc8, 0xfd, 0xd7, 0xf4, 0xba, 0x61, 0x4c, 0xbd, 0x02, 0x65, 0xdb, 0x73, 0x03, + 0x8b, 0x75, 0x59, 0x1e, 0xa1, 0x67, 0xc2, 0xad, 0xb1, 0x1e, 0x12, 0x70, 0xcc, 0xc3, 0x0e, 0x81, + 0x8e, 0xd7, 0xeb, 0x79, 0x1f, 0xf1, 0x8d, 0x54, 0x8a, 0x7d, 0xd6, 0x2d, 0xde, 0x8a, 0x25, 0x15, + 0xbd, 0x0a, 0xa5, 0x01, 0x0b, 0xd1, 0x3c, 0xe9, 0x13, 0x4b, 0xf1, 0xa8, 0xb7, 0x65, 0x3b, 0x8e, + 0x38, 0xd0, 0x35, 0x98, 0xa3, 0x8e, 0x6b, 0x93, 0x16, 0xb1, 0x3d, 0xb7, 0x4d, 0xb9, 0xad, 0xe7, + 0x1b, 0x8b, 0x47, 0xa3, 0xda, 0x5c, 0x4b, 0x69, 0xc7, 0x1a, 0x17, 0x7a, 0x17, 0xca, 0xfc, 0x3f, + 0x3f, 0xff, 0x8a, 0x53, 0x9f, 0x7f, 0xa7, 0xd9, 0x20, 0x5b, 0x21, 0x00, 0x8e, 0xb1, 0xd0, 0x55, + 0x00, 0x96, 0xa6, 0xd0, 0xc0, 0xea, 0x0f, 0x28, 0x3f, 0xc9, 0x4b, 0xf1, 0xf6, 0xdd, 0x89, 0x28, + 0x58, 0xe1, 0x42, 0xaf, 0x40, 0x39, 0xb0, 0x9c, 0x5e, 0xd3, 0x71, 0x09, 0xe5, 0x91, 0x70, 0x5e, + 0x28, 0xd8, 0x09, 0x1b, 0x71, 0x4c, 0x47, 0x75, 0x80, 0x1e, 0xdb, 0x34, 0x8d, 0xc3, 0x80, 0x50, + 0x1e, 0xe9, 0xe6, 0x1b, 0xf3, 0x0c, 0xbc, 0x19, 0xb5, 0x62, 0x85, 0x83, 0xcd, 0xba, 0xeb, 0x7d, + 0x64, 0x39, 0x41, 0xb5, 0xac, 0xcf, 0xfa, 0x3d, 0xef, 0x5d, 0xcb, 0x09, 0xb0, 0xa4, 0xa2, 0x17, + 0x61, 0xf6, 0x40, 0xee, 0x34, 0xe0, 0xa0, 0x15, 0x76, 0xec, 0x86, 0x3b, 0x2c, 0xa4, 0xa1, 0x3d, + 0xb8, 0xe4, 0xb8, 0x94, 0xd8, 0x43, 0x9f, 0xb4, 0xf6, 0x9d, 0xc1, 0x4e, 0xb3, 0xf5, 0x80, 0xf8, + 0x4e, 0xe7, 0xb0, 0x61, 0xd9, 0xfb, 0xc4, 0x6d, 0x57, 0x2b, 0x5c, 0xc9, 0xaf, 0x48, 0x25, 0x97, + 0xb6, 0x8e, 0xe1, 0xc5, 0xc7, 0x22, 0x99, 0x9f, 0x84, 0x07, 0xfc, 0xfd, 0x61, 0x30, 0x18, 0x06, + 0xe8, 0x2d, 0xc8, 0x05, 0x9e, 0xdc, 0x36, 0x2f, 0x28, 0x6b, 0x55, 0x67, 0x01, 0x56, 0x7c, 0x90, + 0x63, 0xd2, 0x21, 0x3e, 0x71, 0x6d, 0xd2, 0x98, 0x39, 0x1a, 0xd5, 0x72, 0x3b, 0x1e, 0xce, 0x05, + 0x1e, 0x7a, 0x0f, 0x60, 0x30, 0xa4, 0x7b, 0x2d, 0x62, 0xfb, 0x24, 0x90, 0x27, 0xf8, 0x95, 0x34, + 0x90, 0xa6, 0x67, 0x5b, 0xbd, 0x24, 0x12, 0x9f, 0xdf, 0xed, 0x48, 0x1e, 0x2b, 0x58, 0xa8, 0x0d, + 0x15, 0xbe, 0xf1, 0x9b, 0xd6, 0x2e, 0xe9, 0x31, 0x83, 0xcd, 0x67, 0xf4, 0xef, 0x5b, 0x91, 0x54, + 0xec, 0xd4, 0xe2, 0x36, 0x8a, 0x55, 0x58, 0xf3, 0x77, 0x0c, 0x58, 0xe2, 0x93, 0xb1, 0xed, 0xd1, + 0x40, 0xe4, 0x2d, 0xdc, 0xf3, 0xbf, 0x08, 0xb3, 0xec, 0x1c, 0xb0, 0xdc, 0x36, 0x3f, 0x03, 0xcb, + 0x62, 0xd5, 0xd6, 0x45, 0x13, 0x0e, 0x69, 0xe8, 0x12, 0x14, 0x2c, 0xbf, 0x2b, 0x3c, 0x43, 0xb9, + 0x51, 0x62, 0x21, 0xc8, 0x9a, 0xdf, 0xa5, 0x98, 0xb7, 0x32, 0x13, 0xa1, 0xb6, 0xef, 0x0c, 0xc6, + 0x72, 0xd1, 0x16, 0x6f, 0xc5, 0x92, 0x6a, 0xfe, 0x6c, 0x16, 0xe6, 0xd4, 0xec, 0xfa, 0x19, 0xc4, + 0x5c, 0xef, 0x43, 0x29, 0xcc, 0xd6, 0xe4, 0xaa, 0xad, 0x66, 0x98, 0x5a, 0x91, 0xbb, 0x61, 0x29, + 0xd8, 0x98, 0x63, 0xae, 0x23, 0xfc, 0x87, 0x23, 0x40, 0x44, 0x60, 0x51, 0x1e, 0xf4, 0xa4, 0xdd, + 0x38, 0xe4, 0x73, 0x2f, 0xcf, 0xe7, 0x4c, 0xf6, 0x75, 0xf6, 0x68, 0x54, 0x5b, 0xdc, 0x49, 0x00, + 0xe0, 0x31, 0x48, 0xb4, 0x06, 0x85, 0x8e, 0xef, 0xf5, 0xb9, 0x67, 0xca, 0x08, 0xcd, 0x57, 0xe8, + 0x96, 0xef, 0xf5, 0x31, 0x17, 0x45, 0xef, 0xc1, 0xcc, 0x2e, 0x4f, 0x4d, 0xa5, 0xaf, 0xca, 0x14, + 0x24, 0x26, 0x73, 0xd9, 0x06, 0xb0, 0x35, 0x15, 0xcd, 0x58, 0xe2, 0xa1, 0x55, 0xfd, 0x90, 0x9d, + 0xe1, 0x5b, 0x7f, 0xe1, 0xd8, 0x03, 0xf6, 0x0d, 0xc8, 0x13, 0xf7, 0xa0, 0x3a, 0xcb, 0x2d, 0xfd, + 0x62, 0xda, 0x70, 0x36, 0xdd, 0x83, 0x07, 0x96, 0xdf, 0xa8, 0xc8, 0xa5, 0xcd, 0x6f, 0xba, 0x07, + 0x98, 0xc9, 0xa0, 0x7d, 0xa8, 0x28, 0xd3, 0x53, 0x2d, 0x71, 0x88, 0x6b, 0x53, 0x86, 0x6d, 0x22, + 0x17, 0x8e, 0xf6, 0x8c, 0xb2, 0x02, 0x58, 0x45, 0x47, 0xdf, 0x37, 0xe0, 0x5c, 0xdb, 0xb3, 0xf7, + 0xd9, 0xf1, 0xed, 0x5b, 0x01, 0xe9, 0x1e, 0xca, 0xa3, 0x8b, 0x7b, 0xc2, 0xca, 0xd5, 0x9b, 0x19, + 0xf4, 0x6e, 0xa4, 0xc9, 0x37, 0x2e, 0x1c, 0x8d, 0x6a, 0xe7, 0x52, 0x49, 0x38, 0x5d, 0x23, 0xef, + 0x0b, 0xe5, 0xab, 0x90, 0xec, 0x0b, 0x64, 0xee, 0x4b, 0x2b, 0x4d, 0x5e, 0xf4, 0x25, 0x95, 0x84, + 0xd3, 0x35, 0x9a, 0xff, 0x58, 0x94, 0x8e, 0x55, 0x96, 0x38, 0x5e, 0xd7, 0xd2, 0xe0, 0x5a, 0x22, + 0x0d, 0x5e, 0x50, 0x58, 0x95, 0x1c, 0x38, 0xb6, 0xc8, 0xdc, 0x53, 0xb6, 0xc8, 0x3a, 0x80, 0x98, + 0xc3, 0x8e, 0xd3, 0x23, 0xa1, 0x47, 0x62, 0x0e, 0x62, 0x23, 0x6a, 0xc5, 0x0a, 0x07, 0x6a, 0x42, + 0xbe, 0x2b, 0x63, 0xdc, 0x6c, 0xde, 0xe1, 0xb6, 0x13, 0xa8, 0x7d, 0x98, 0x65, 0x16, 0x7a, 0xdb, + 0x09, 0x30, 0x83, 0x41, 0x0f, 0x60, 0x86, 0xfb, 0x5d, 0x5a, 0x2d, 0x66, 0xce, 0x5f, 0xf8, 0x36, + 0x97, 0x68, 0x91, 0xef, 0xe4, 0x8d, 0x14, 0x4b, 0x34, 0x16, 0x17, 0xb0, 0x48, 0x88, 0x7c, 0x1c, + 0x6c, 0x38, 0xbe, 0xac, 0x9b, 0x29, 0x61, 0x7d, 0x48, 0xc1, 0x0a, 0x17, 0xfa, 0x36, 0xcc, 0xc9, + 0x15, 0x14, 0xc7, 0xd6, 0xec, 0x94, 0xc7, 0x96, 0x08, 0x82, 0x14, 0x04, 0xac, 0xe1, 0xa1, 0xdf, + 0x84, 0x59, 0xca, 0x7f, 0xd1, 0x29, 0x76, 0xa2, 0x90, 0x55, 0x27, 0x30, 0xca, 0xd1, 0x05, 0x89, + 0xe2, 0x10, 0x15, 0xed, 0xf3, 0x41, 0x77, 0x9c, 0xee, 0x5d, 0x6b, 0xc0, 0x76, 0x1d, 0xd3, 0xf1, + 0x6b, 0x99, 0x52, 0x1f, 0x29, 0xa4, 0xaa, 0x51, 0x67, 0x4b, 0x42, 0x62, 0x05, 0xde, 0xfc, 0x45, + 0x18, 0x6a, 0xf3, 0x83, 0xd1, 0x4a, 0xa9, 0xba, 0x3d, 0xe5, 0xac, 0x2b, 0xe1, 0xcc, 0x72, 0x5f, + 0xa4, 0x33, 0x33, 0xff, 0x7d, 0x36, 0xdc, 0xb4, 0x22, 0x39, 0x5a, 0x85, 0xe2, 0x60, 0xcf, 0xa2, + 0xe1, 0xae, 0x0d, 0x33, 0x93, 0xe2, 0x36, 0x6b, 0x7c, 0x34, 0xaa, 0x81, 0x88, 0x16, 0xd8, 0x3f, + 0x2c, 0x38, 0x79, 0xc0, 0x6e, 0xb9, 0x36, 0xe9, 0xf5, 0x48, 0x5b, 0x86, 0xe0, 0x71, 0xc0, 0x1e, + 0x12, 0x70, 0xcc, 0x83, 0x6e, 0x44, 0x55, 0x1b, 0xb1, 0x0b, 0x97, 0xf5, 0xaa, 0xcd, 0x23, 0x66, + 0x5d, 0xa2, 0xdc, 0x30, 0xb1, 0x8a, 0x53, 0x38, 0xbe, 0x8a, 0x83, 0x3a, 0x30, 0x4f, 0x03, 0xcb, + 0x0f, 0xa2, 0xc8, 0xf8, 0x04, 0xc1, 0x38, 0x3a, 0x1a, 0xd5, 0xe6, 0x5b, 0x1a, 0x0a, 0x4e, 0xa0, + 0xa2, 0x21, 0x2c, 0xd9, 0x5e, 0x7f, 0xd0, 0x23, 0x61, 0x49, 0x4a, 0x28, 0x9b, 0xbe, 0xd2, 0x76, + 0x9e, 0xa5, 0x7f, 0xeb, 0xe3, 0x50, 0x38, 0x0d, 0x1f, 0xfd, 0x3a, 0x94, 0xda, 0x43, 0xdf, 0x62, + 0x8d, 0x32, 0xb0, 0x7f, 0x3e, 0x4c, 0x65, 0x36, 0x64, 0xfb, 0xa3, 0x51, 0xed, 0x34, 0xcb, 0x05, + 0xea, 0x61, 0x03, 0x8e, 0x44, 0xd0, 0x2e, 0x5c, 0xf4, 0x78, 0xf0, 0x2b, 0x5c, 0x9f, 0x08, 0x30, + 0xc2, 0xed, 0x2d, 0xab, 0xdc, 0x61, 0xd9, 0xf2, 0xe2, 0xfd, 0x89, 0x9c, 0xf8, 0x18, 0x14, 0x74, + 0x1b, 0x66, 0xc4, 0x26, 0x92, 0xa7, 0x62, 0xa6, 0xf8, 0x04, 0xc4, 0x4d, 0x05, 0x13, 0xc3, 0x52, + 0x1c, 0x3d, 0x84, 0x19, 0xa1, 0x46, 0x1e, 0x69, 0xd7, 0xa6, 0x2b, 0xdc, 0x8a, 0xee, 0xc7, 0xfe, + 0x53, 0xfc, 0xc7, 0x12, 0x13, 0xed, 0xf0, 0x32, 0x19, 0xf3, 0xcb, 0x15, 0xbe, 0xcf, 0xb2, 0x14, + 0x9a, 0x5b, 0x4c, 0x60, 0xcb, 0xed, 0x78, 0x5a, 0x79, 0x8c, 0x7b, 0x65, 0x81, 0xc5, 0xbc, 0x72, + 0xcf, 0xeb, 0xb6, 0x5c, 0x67, 0x30, 0x20, 0x41, 0x75, 0x4e, 0xf7, 0xca, 0xcd, 0x88, 0x82, 0x15, + 0x2e, 0x44, 0xb8, 0x53, 0x13, 0xa5, 0x5c, 0x5a, 0x3d, 0xcd, 0x7b, 0xb3, 0x3a, 0x45, 0x95, 0x4b, + 0x48, 0x6a, 0xee, 0x4c, 0x82, 0x61, 0x05, 0xd8, 0xb4, 0x65, 0x49, 0x44, 0x9d, 0x1d, 0x74, 0x4f, + 0xc9, 0x81, 0x6e, 0x9c, 0x64, 0x7e, 0x77, 0x3c, 0x35, 0x2d, 0x32, 0x9b, 0x32, 0xab, 0xd0, 0x59, + 0xd0, 0x75, 0x99, 0xd3, 0x6c, 0x38, 0x5d, 0x42, 0x03, 0xe9, 0x62, 0xf4, 0x24, 0x45, 0x90, 0xb0, + 0xca, 0x67, 0xfe, 0xb4, 0x00, 0xa7, 0x25, 0x9c, 0x88, 0x38, 0xd0, 0x75, 0x2d, 0xb4, 0x78, 0x3e, + 0x11, 0x5a, 0x9c, 0xd1, 0x98, 0x95, 0xe0, 0xc2, 0x87, 0x79, 0x3d, 0x8c, 0x92, 0x41, 0xc6, 0x8d, + 0xcc, 0x11, 0x9b, 0x86, 0x2c, 0x3c, 0x84, 0x1e, 0xaf, 0xe1, 0x84, 0x06, 0xa6, 0x53, 0x0f, 0x97, + 0x64, 0x2a, 0x70, 0x23, 0x73, 0x64, 0x96, 0xa2, 0x53, 0x8f, 0xcb, 0x70, 0x42, 0x03, 0xd3, 0x69, + 0x0f, 0x69, 0xe0, 0xf5, 0x23, 0x9d, 0x85, 0xcc, 0x3a, 0xd7, 0xb9, 0x60, 0x8a, 0xce, 0x75, 0x0d, + 0x11, 0x27, 0x34, 0xa0, 0x1f, 0x19, 0x70, 0xfe, 0x03, 0xe2, 0xee, 0x3b, 0x2e, 0xdd, 0x76, 0x06, + 0xa4, 0xe7, 0xb8, 0xf1, 0x88, 0x85, 0xef, 0xfd, 0x8d, 0x0c, 0xda, 0xef, 0xe8, 0x08, 0x7a, 0x37, + 0xbe, 0x72, 0x34, 0xaa, 0x9d, 0xbf, 0x93, 0xae, 0x03, 0x4f, 0x52, 0x6e, 0x7e, 0xaf, 0x28, 0x2d, + 0x5e, 0x3d, 0x19, 0xd5, 0xb3, 0xc4, 0x78, 0xcc, 0x59, 0xe2, 0xc3, 0x3c, 0xbf, 0x15, 0x76, 0x6c, + 0x79, 0x31, 0x36, 0x85, 0xd5, 0xdc, 0xd6, 0x04, 0xc5, 0xa1, 0xcc, 0x67, 0x53, 0x27, 0xe0, 0x84, + 0x06, 0xe4, 0xc2, 0x69, 0x01, 0x1e, 0xaa, 0xcc, 0x67, 0xbe, 0xdf, 0xbb, 0xed, 0x04, 0x6f, 0x47, + 0x72, 0x42, 0xe3, 0x99, 0xa3, 0x51, 0xed, 0xb4, 0xd6, 0x8e, 0x75, 0x78, 0x34, 0x84, 0x45, 0xa5, + 0xcc, 0xc8, 0xa7, 0x4b, 0xda, 0xcc, 0xeb, 0xd3, 0x15, 0x36, 0x85, 0x42, 0x9e, 0xc2, 0x6e, 0x25, + 0x00, 0xf1, 0x98, 0x0a, 0x39, 0xcc, 0x9e, 0x15, 0x0d, 0xb3, 0x38, 0xcd, 0x30, 0x9b, 0x56, 0xfa, + 0x30, 0xe3, 0x76, 0xac, 0xc3, 0xa3, 0xef, 0xc0, 0xe2, 0x6e, 0xe2, 0x32, 0x55, 0x9e, 0xd5, 0x37, + 0x33, 0xe5, 0x19, 0x29, 0xf7, 0xb0, 0x62, 0xac, 0x49, 0x12, 0x1e, 0xd3, 0x63, 0xfe, 0xa4, 0x00, + 0x68, 0xfc, 0x96, 0x00, 0x5d, 0xd3, 0x5c, 0xd9, 0xe5, 0x84, 0x2b, 0x5b, 0x54, 0x25, 0x14, 0x4f, + 0xf6, 0x10, 0x66, 0x44, 0x7f, 0xa7, 0xa8, 0x5e, 0xc8, 0x8e, 0x48, 0xb0, 0x34, 0xa3, 0x90, 0x98, + 0x2c, 0x80, 0x97, 0xf6, 0x28, 0xed, 0xee, 0x04, 0xf0, 0x69, 0x56, 0x1e, 0xa2, 0xa2, 0x3d, 0x79, + 0x10, 0x08, 0x5b, 0x90, 0x96, 0x76, 0xfd, 0x44, 0x25, 0x74, 0x51, 0x54, 0x50, 0xda, 0xb1, 0x0a, + 0x2d, 0x27, 0xaa, 0x67, 0xed, 0x4a, 0xd3, 0x7a, 0x82, 0x89, 0x52, 0xcc, 0x4a, 0x62, 0x22, 0x02, + 0xe5, 0x68, 0x9d, 0xa5, 0x21, 0x9d, 0x40, 0x41, 0xba, 0x05, 0xc5, 0xc8, 0xe6, 0xbf, 0x19, 0x32, + 0x48, 0x7f, 0xe0, 0xf5, 0x86, 0x7d, 0x82, 0x2e, 0x43, 0xc1, 0xb5, 0xfa, 0xa1, 0xcd, 0x44, 0xb7, + 0x7f, 0xfc, 0x51, 0x03, 0xa7, 0xf0, 0xdb, 0x3f, 0x7e, 0x26, 0x4c, 0x93, 0x46, 0xc7, 0x1a, 0x92, + 0x49, 0xa7, 0x2c, 0x7c, 0x49, 0x4c, 0xf4, 0x3e, 0xcc, 0xf4, 0xbd, 0xa1, 0x1b, 0x84, 0x65, 0xc9, + 0xd7, 0xa7, 0x43, 0xbf, 0xcb, 0x64, 0x63, 0x70, 0xfe, 0x97, 0x62, 0x09, 0x69, 0xbe, 0x03, 0x8b, + 0x49, 0x5e, 0xb4, 0x06, 0x0b, 0x6d, 0x42, 0x03, 0xc7, 0xe5, 0xf1, 0xeb, 0xb6, 0x15, 0xec, 0xc9, + 0xb1, 0x9f, 0x97, 0x20, 0x0b, 0x1b, 0x3a, 0x19, 0x27, 0xf9, 0xcd, 0xff, 0x0c, 0xef, 0x82, 0xd4, + 0x11, 0xa2, 0x37, 0xb4, 0xdd, 0xf7, 0x62, 0x62, 0xf7, 0x9d, 0x1b, 0x13, 0x50, 0xb6, 0xe0, 0x1d, + 0x98, 0xa1, 0x6a, 0xd9, 0xf7, 0xa5, 0xb4, 0x00, 0x57, 0xa4, 0xae, 0xda, 0xa4, 0xf2, 0x18, 0x57, + 0xe6, 0xcd, 0x12, 0x01, 0x3d, 0xe0, 0x77, 0x1e, 0x22, 0xe3, 0x94, 0x5b, 0xee, 0xe5, 0x34, 0xb8, + 0x28, 0x45, 0xd5, 0x10, 0x4f, 0xcb, 0xab, 0x11, 0x41, 0xc2, 0x31, 0x94, 0xf9, 0x7b, 0xb3, 0xa0, + 0x64, 0x99, 0xe8, 0xeb, 0x30, 0x4f, 0x89, 0x7f, 0xe0, 0xd8, 0x64, 0xcd, 0xb6, 0xd9, 0xc4, 0xca, + 0x71, 0x47, 0xd7, 0xfc, 0x2d, 0x8d, 0x8a, 0x13, 0xdc, 0xfc, 0x0d, 0x85, 0x6a, 0x55, 0xd9, 0xdf, + 0x50, 0x3c, 0xce, 0x9e, 0xe2, 0x6a, 0x6c, 0xfe, 0x69, 0x57, 0x63, 0xbf, 0x0d, 0x25, 0xaa, 0x87, + 0x41, 0x5f, 0xcb, 0x1e, 0xe1, 0xca, 0xc8, 0x23, 0xba, 0x28, 0x8a, 0xc2, 0x8d, 0x08, 0x93, 0x4d, + 0x8a, 0xcc, 0x4f, 0x8a, 0xd3, 0x4d, 0xca, 0x63, 0x32, 0x93, 0x6f, 0x42, 0xd9, 0x27, 0x62, 0x82, + 0xa8, 0xf4, 0x2d, 0xa9, 0x25, 0x1a, 0x2c, 0x99, 0x30, 0xf9, 0x70, 0xe8, 0xf8, 0xa4, 0x4f, 0xdc, + 0x80, 0xc6, 0x09, 0x78, 0x48, 0xa5, 0x38, 0x46, 0x43, 0x1f, 0x00, 0x0c, 0xa2, 0x7a, 0xbf, 0x2c, + 0xff, 0x64, 0x0e, 0xfb, 0xf5, 0x9b, 0x82, 0x38, 0xdf, 0x88, 0xdb, 0xb1, 0x82, 0x8e, 0xde, 0x87, + 0x0b, 0x71, 0x06, 0xbb, 0x41, 0xac, 0x36, 0x0f, 0xce, 0xe4, 0xa5, 0x9a, 0xb8, 0x66, 0xfa, 0xea, + 0xd1, 0xa8, 0x76, 0x61, 0x7d, 0x12, 0x13, 0x9e, 0x2c, 0x8f, 0xfa, 0x30, 0xe7, 0x7a, 0x6d, 0xd2, + 0x22, 0x3d, 0x62, 0x07, 0x9e, 0x2f, 0x53, 0xcd, 0x2c, 0xa5, 0x20, 0x51, 0xb4, 0xb4, 0x7a, 0xf7, + 0x14, 0x71, 0x51, 0xd8, 0x52, 0x5b, 0xb0, 0x06, 0x8f, 0xde, 0x84, 0x79, 0xee, 0xa4, 0x76, 0xfc, + 0x21, 0x0d, 0x48, 0x7b, 0x7d, 0x8d, 0xa7, 0xa4, 0x25, 0x71, 0xd6, 0xdd, 0xd5, 0x28, 0x38, 0xc1, + 0x69, 0xfe, 0xa1, 0x01, 0x29, 0xcf, 0xab, 0x34, 0xd3, 0x37, 0x9e, 0xb6, 0xe9, 0xbf, 0xa4, 0xb9, + 0x28, 0xf5, 0x02, 0x46, 0x73, 0x3f, 0xe6, 0x5f, 0x18, 0x70, 0x36, 0xad, 0x36, 0xc6, 0x6c, 0x30, + 0xf6, 0x4b, 0xc6, 0x94, 0x65, 0x42, 0xf5, 0xd6, 0x76, 0xcc, 0x35, 0x31, 0x5f, 0xa4, 0xb8, 0xe8, + 0x0d, 0xc7, 0x97, 0x7d, 0x8c, 0x7c, 0xd1, 0x86, 0x46, 0xc5, 0x09, 0x6e, 0xf3, 0x07, 0x05, 0x58, + 0x4a, 0xc9, 0x55, 0xd0, 0xa6, 0xbc, 0x15, 0x99, 0xe2, 0x42, 0x2f, 0x3a, 0x40, 0xb5, 0x9b, 0x11, + 0x18, 0x0c, 0x7b, 0xbd, 0x27, 0xbb, 0xd8, 0x0b, 0xe5, 0xb1, 0x82, 0x15, 0x5e, 0x73, 0xe4, 0x4f, + 0x70, 0xcd, 0x71, 0x07, 0x10, 0xf9, 0x78, 0xe0, 0x51, 0x22, 0x73, 0x4e, 0x8f, 0xc7, 0x1d, 0x05, + 0x6e, 0x83, 0xd1, 0xd3, 0xa9, 0xcd, 0x31, 0x0e, 0x9c, 0x22, 0x85, 0x56, 0xa0, 0xdc, 0xf1, 0x7c, + 0x9b, 0xb0, 0x5e, 0x72, 0xcf, 0xa5, 0x54, 0xed, 0x6e, 0x85, 0x04, 0x1c, 0xf3, 0xa0, 0xf7, 0xe2, + 0xaa, 0xee, 0x4c, 0xe6, 0xcb, 0x48, 0x31, 0x66, 0xee, 0x28, 0x26, 0x97, 0x73, 0xd7, 0x60, 0x81, + 0x0b, 0xac, 0x6d, 0x6f, 0x85, 0xf7, 0x45, 0xb3, 0xfa, 0xe9, 0xde, 0xd0, 0xc9, 0x38, 0xc9, 0x6f, + 0xfe, 0xb8, 0x08, 0x4b, 0x29, 0x19, 0x7a, 0x74, 0x47, 0x66, 0x3c, 0xc9, 0x1d, 0xd9, 0x17, 0x65, + 0x09, 0x2f, 0xc3, 0xac, 0xeb, 0xad, 0x5b, 0xf6, 0x1e, 0x91, 0xef, 0x11, 0xa2, 0x29, 0xba, 0x27, + 0x9a, 0x71, 0x48, 0x0f, 0x8d, 0xa6, 0x70, 0x02, 0xa3, 0x99, 0x7a, 0xa1, 0xbf, 0x1e, 0x56, 0x49, + 0x3a, 0x4e, 0x8f, 0xf0, 0x58, 0x6b, 0x26, 0xb1, 0x33, 0x35, 0x2a, 0x4e, 0x70, 0xa3, 0x6f, 0x40, + 0x59, 0x2c, 0x8f, 0xdf, 0xa5, 0x19, 0x6e, 0xf3, 0xa2, 0xce, 0x34, 0x42, 0x21, 0x1c, 0xcb, 0xa3, + 0x01, 0x9c, 0xe7, 0xe1, 0x3c, 0xf3, 0xd7, 0x7d, 0xe7, 0x3b, 0x22, 0x9e, 0x13, 0xcf, 0xa6, 0x44, + 0x9d, 0xf2, 0xc6, 0xd1, 0xa8, 0x76, 0x7e, 0x2b, 0x9d, 0xe5, 0xd1, 0x64, 0x12, 0x9e, 0x04, 0x8b, + 0xbe, 0x09, 0xb3, 0x07, 0x3c, 0xba, 0x0a, 0x6f, 0x16, 0xea, 0xd3, 0x45, 0xb7, 0xf1, 0x2a, 0x8a, + 0xff, 0x14, 0x87, 0x78, 0xe6, 0x0f, 0x0c, 0x48, 0xbf, 0xde, 0xd3, 0xe7, 0xcc, 0x78, 0xc2, 0x39, + 0x7b, 0x31, 0xb6, 0x2b, 0x51, 0x8e, 0xaf, 0xa4, 0xd9, 0x94, 0xf9, 0x47, 0x06, 0x2c, 0xa5, 0xd4, + 0x27, 0xbe, 0x1c, 0x47, 0xd2, 0x67, 0xb9, 0x64, 0xe7, 0x36, 0x0f, 0x88, 0x1b, 0x9c, 0xec, 0x52, + 0x71, 0x53, 0x5c, 0xe5, 0xe5, 0x64, 0x55, 0x3e, 0x53, 0x71, 0x81, 0xd7, 0x77, 0xf5, 0x3b, 0xbc, + 0x27, 0xf0, 0xdc, 0x93, 0xef, 0x8c, 0x0b, 0xcf, 0xfa, 0xce, 0xd8, 0xfc, 0x4b, 0x03, 0xe6, 0xf5, + 0xbb, 0x4a, 0xf4, 0x55, 0xc8, 0x0f, 0x7d, 0x47, 0x4e, 0x6a, 0xd4, 0xfb, 0x77, 0xf0, 0x16, 0x66, + 0xed, 0x8c, 0xec, 0x93, 0x8e, 0x5c, 0xb1, 0x88, 0x8c, 0x49, 0x07, 0xb3, 0x76, 0x44, 0xa0, 0x32, + 0xf0, 0xbd, 0x8f, 0x0f, 0xc5, 0x39, 0x3f, 0xc5, 0xfb, 0xea, 0xed, 0x58, 0x2a, 0x2e, 0x03, 0x2b, + 0x8d, 0x58, 0xc5, 0xe5, 0x11, 0xd4, 0x78, 0x71, 0xeb, 0xcb, 0x61, 0xae, 0x7f, 0x9b, 0x83, 0x59, + 0x69, 0x34, 0xe8, 0x43, 0x98, 0xef, 0x6a, 0xd3, 0x3b, 0x45, 0xb7, 0x12, 0x77, 0xc8, 0x91, 0xcb, + 0xd5, 0xdb, 0x71, 0x42, 0x01, 0xfa, 0x6d, 0x38, 0xd3, 0x75, 0x02, 0x7d, 0x4c, 0x53, 0x64, 0xfe, + 0xb7, 0x93, 0xb2, 0x8d, 0x0b, 0x52, 0xf1, 0x99, 0x31, 0x12, 0x1e, 0xd7, 0x84, 0xee, 0x43, 0xc1, + 0x27, 0x9d, 0x69, 0x1e, 0x29, 0xb1, 0x3d, 0x45, 0x3a, 0x7c, 0x8f, 0x45, 0xd1, 0x17, 0x26, 0x1d, + 0x8a, 0x39, 0x90, 0xf9, 0xbb, 0x62, 0xa9, 0x13, 0x05, 0xbe, 0xff, 0x89, 0x4f, 0x1e, 0xfe, 0xcb, + 0x00, 0x88, 0x3b, 0xfb, 0xff, 0x6f, 0x6d, 0xcd, 0x3f, 0xcf, 0xc1, 0x38, 0x23, 0xdb, 0x17, 0xb6, + 0xc8, 0x1e, 0x8d, 0xd4, 0xcf, 0x8c, 0x24, 0x15, 0x3d, 0x84, 0x19, 0x8b, 0x7f, 0xa7, 0x33, 0x45, + 0x8f, 0x85, 0xaa, 0x75, 0xcf, 0x0d, 0x7c, 0xaf, 0xf7, 0x0e, 0x25, 0xbe, 0xf2, 0x71, 0x0c, 0xc7, + 0xc2, 0x12, 0x13, 0x11, 0x96, 0x9e, 0xc8, 0x6f, 0x6d, 0xa6, 0x78, 0xe6, 0x3e, 0xae, 0x40, 0x49, + 0x55, 0x24, 0x1c, 0x8e, 0x91, 0xa7, 0xb8, 0x77, 0x36, 0xbf, 0x6f, 0xc0, 0x62, 0xb2, 0x1a, 0xce, + 0xe4, 0x79, 0xb0, 0xb1, 0xb5, 0x91, 0xbc, 0x6b, 0xd8, 0x12, 0xcd, 0x38, 0xa4, 0xa3, 0x3b, 0x30, + 0xcb, 0x82, 0x4e, 0x2c, 0xbd, 0x6d, 0xc6, 0x90, 0x95, 0x9f, 0xef, 0xb7, 0x84, 0x1c, 0x0e, 0x01, + 0xcc, 0xbf, 0x37, 0x00, 0x8d, 0xd7, 0x4b, 0xd1, 0x36, 0x9c, 0x15, 0x5f, 0x52, 0xc8, 0x47, 0x00, + 0x5b, 0x5a, 0xd7, 0x2e, 0xc9, 0xae, 0x9d, 0x6d, 0xa6, 0xf0, 0xe0, 0x54, 0xc9, 0x28, 0xc8, 0xce, + 0x9d, 0x3c, 0xc8, 0x7e, 0x09, 0x66, 0x06, 0x6c, 0xae, 0xda, 0x32, 0x12, 0x8e, 0x56, 0x7c, 0x9b, + 0xb7, 0x62, 0x49, 0x35, 0xff, 0x2a, 0x07, 0xd5, 0x49, 0xcf, 0xa8, 0xbf, 0x80, 0x91, 0x3d, 0xd4, + 0x46, 0xf6, 0x66, 0xe6, 0x37, 0x3b, 0x81, 0x4f, 0xac, 0xfe, 0x8e, 0xd5, 0x3d, 0x3e, 0xc7, 0xec, + 0xc3, 0x82, 0xa2, 0xf5, 0x84, 0x9f, 0xcc, 0x44, 0x39, 0x52, 0x53, 0x87, 0xc2, 0x49, 0x6c, 0xb3, + 0x05, 0x10, 0xbf, 0x03, 0xcd, 0x50, 0x43, 0x7e, 0x01, 0x8a, 0x07, 0x56, 0x6f, 0x18, 0x7e, 0x79, + 0x18, 0xbd, 0xe6, 0x7e, 0xc0, 0x1a, 0xb1, 0xa0, 0x99, 0x7f, 0x9c, 0x83, 0x8a, 0xf2, 0x4e, 0xe9, + 0x69, 0xa5, 0xdf, 0xcf, 0x41, 0xce, 0xa2, 0x3c, 0xdd, 0x29, 0x8b, 0x8b, 0xe5, 0x35, 0x8a, 0x73, + 0x16, 0x45, 0xef, 0x42, 0x71, 0x60, 0x05, 0x7b, 0xe1, 0x5b, 0xf4, 0xab, 0xd3, 0xbd, 0xa2, 0x62, + 0xe9, 0x49, 0x3c, 0x0e, 0xf6, 0x8f, 0x62, 0x81, 0x97, 0xc8, 0xf2, 0xf2, 0x4f, 0x2f, 0xcb, 0x33, + 0xbf, 0x67, 0xc0, 0x42, 0xa2, 0x0f, 0xe8, 0x2a, 0x00, 0x8d, 0xfe, 0xc9, 0x25, 0x88, 0x0a, 0x69, + 0x31, 0x1f, 0x56, 0xb8, 0x9e, 0xb8, 0x60, 0xd2, 0x83, 0xf3, 0x13, 0x8c, 0x93, 0xa5, 0x88, 0x6c, + 0xc5, 0xe9, 0xc0, 0xb2, 0x49, 0xf2, 0xc9, 0xfd, 0xbd, 0x90, 0x80, 0x63, 0x9e, 0xc8, 0x78, 0x72, + 0x93, 0x8c, 0xc7, 0xfc, 0x07, 0x03, 0x2e, 0x1d, 0x77, 0x99, 0xcb, 0x92, 0x7e, 0x79, 0x63, 0x1b, + 0xa5, 0x99, 0x89, 0x92, 0xfe, 0x1d, 0x9d, 0x8c, 0x93, 0xfc, 0xe8, 0x3a, 0x54, 0x94, 0x26, 0xd9, + 0x99, 0x28, 0x8e, 0x54, 0xc4, 0xb1, 0xca, 0xf7, 0x04, 0x61, 0xbc, 0xf9, 0x37, 0x06, 0x9c, 0x4d, + 0xab, 0x1c, 0xa2, 0x6e, 0xf8, 0x8d, 0x84, 0xc8, 0xdd, 0x1a, 0x27, 0xac, 0x40, 0xd6, 0xf9, 0x97, + 0x12, 0x9b, 0x6e, 0xe0, 0x1f, 0xa6, 0x7f, 0x3d, 0x71, 0xf1, 0x26, 0x40, 0xcc, 0x83, 0x16, 0x21, + 0xbf, 0x4f, 0x0e, 0xc5, 0xc4, 0x61, 0xf6, 0x13, 0x9d, 0xd5, 0x36, 0xad, 0xdc, 0xa5, 0x6f, 0xe6, + 0x6e, 0x1a, 0x6f, 0x96, 0xfe, 0xe0, 0x4f, 0x6a, 0xa7, 0xbe, 0xfb, 0xcb, 0xcb, 0xa7, 0xcc, 0x1f, + 0x1a, 0xa0, 0x46, 0xd9, 0xe8, 0x15, 0x28, 0xef, 0x05, 0xc1, 0x80, 0x37, 0xc9, 0x27, 0x59, 0xfc, + 0x4a, 0xe1, 0xed, 0x9d, 0x9d, 0x6d, 0xde, 0x88, 0x63, 0x3a, 0xaa, 0x03, 0xb0, 0x3f, 0x54, 0x70, + 0x17, 0xe2, 0x67, 0x94, 0x8c, 0xbb, 0x25, 0xd8, 0x15, 0x0e, 0x91, 0x8c, 0x0a, 0x66, 0xf1, 0xe9, + 0x9d, 0x4c, 0x46, 0x05, 0x67, 0x48, 0x33, 0xff, 0xcc, 0x80, 0x33, 0x63, 0x4f, 0x00, 0xd1, 0x76, + 0x14, 0x7e, 0x4f, 0x5b, 0x7c, 0x9c, 0x10, 0xa8, 0x3f, 0xf1, 0x2e, 0xba, 0x09, 0x67, 0x05, 0x22, + 0xd7, 0x1a, 0x6f, 0xa1, 0xc7, 0xba, 0x53, 0xf3, 0x4f, 0x0d, 0x80, 0xb8, 0x1c, 0x86, 0x76, 0x61, + 0x4e, 0x74, 0x49, 0x8b, 0x23, 0xb3, 0x0f, 0xf0, 0xac, 0x54, 0x31, 0xd7, 0x52, 0x50, 0xb0, 0x86, + 0xc9, 0xf6, 0x35, 0xaf, 0x42, 0xf3, 0xdd, 0x95, 0xd3, 0xf7, 0xf5, 0xdd, 0x90, 0x80, 0x63, 0x1e, + 0xf3, 0x17, 0x79, 0x58, 0x4a, 0x79, 0x74, 0xf2, 0x7f, 0xba, 0xa8, 0xfa, 0x32, 0xcc, 0x8a, 0xef, + 0x10, 0x68, 0x32, 0xba, 0x13, 0x9f, 0x29, 0x50, 0x1c, 0xd2, 0xd1, 0x2a, 0x54, 0x1c, 0xd7, 0x16, + 0x77, 0x2c, 0x56, 0x58, 0x4c, 0x13, 0xf7, 0xcf, 0x71, 0x33, 0x56, 0x79, 0xf4, 0xea, 0xdb, 0x4c, + 0x86, 0xea, 0xdb, 0x17, 0x58, 0x7e, 0xfa, 0x16, 0x9c, 0x19, 0x0b, 0x7d, 0xb3, 0xc5, 0x01, 0x84, + 0x7f, 0xfe, 0x9e, 0x88, 0x03, 0xc4, 0x57, 0xef, 0x82, 0x66, 0xfe, 0xc8, 0x80, 0xf9, 0x44, 0x8e, + 0x70, 0xa2, 0x52, 0xcd, 0x7d, 0xb5, 0x54, 0x73, 0xb2, 0xfc, 0x46, 0x2b, 0xda, 0x98, 0x77, 0x20, + 0xfd, 0x15, 0x7b, 0x72, 0x31, 0x8d, 0xc7, 0x2f, 0xa6, 0xf9, 0xd3, 0x1c, 0x94, 0xa3, 0xc7, 0x7f, + 0xe8, 0x35, 0x6d, 0xe6, 0x2e, 0xa8, 0x33, 0xf7, 0x68, 0x54, 0x13, 0x8c, 0xca, 0x34, 0xbe, 0x0f, + 0xe5, 0xe8, 0xf1, 0x68, 0x54, 0x8a, 0xca, 0x1e, 0xe7, 0x45, 0x56, 0x13, 0xbd, 0x48, 0xc5, 0x31, + 0x1e, 0x0b, 0x7d, 0xc3, 0xd7, 0x9d, 0x77, 0x9d, 0x5e, 0xcf, 0xa1, 0xf2, 0x82, 0x2d, 0xcf, 0x2f, + 0xd8, 0xa2, 0xd0, 0x77, 0x23, 0x85, 0x07, 0xa7, 0x4a, 0xa2, 0x6d, 0x28, 0xd2, 0x80, 0x0c, 0xa8, + 0xac, 0x39, 0xbf, 0x92, 0xe9, 0x5d, 0x24, 0x19, 0xf0, 0x94, 0x3e, 0x32, 0x11, 0xd6, 0x42, 0xb1, + 0x00, 0x32, 0xff, 0xd5, 0x80, 0x52, 0xc8, 0x82, 0x5e, 0xd5, 0x26, 0xaf, 0x9a, 0x98, 0x3c, 0xce, + 0xf7, 0xbf, 0x76, 0xee, 0xcc, 0x91, 0x01, 0xf3, 0xfa, 0x1b, 0x0f, 0xa5, 0x90, 0x64, 0x1c, 0x57, + 0x48, 0x42, 0xaf, 0x42, 0xc9, 0xea, 0xf5, 0xbc, 0x8f, 0x36, 0xdd, 0x03, 0x59, 0xbc, 0x8d, 0xee, + 0x9e, 0xd7, 0x64, 0x3b, 0x8e, 0x38, 0xd0, 0x01, 0x2c, 0x08, 0xb9, 0xf8, 0xf5, 0x6e, 0x3e, 0xf3, + 0x15, 0x68, 0xda, 0x39, 0xd6, 0x58, 0x62, 0x91, 0x57, 0x4b, 0xc7, 0xc4, 0x49, 0x25, 0x8d, 0x2b, + 0x9f, 0x7e, 0xbe, 0x7c, 0xea, 0xe7, 0x9f, 0x2f, 0x9f, 0xfa, 0xec, 0xf3, 0xe5, 0x53, 0xdf, 0x3d, + 0x5a, 0x36, 0x3e, 0x3d, 0x5a, 0x36, 0x7e, 0x7e, 0xb4, 0x6c, 0x7c, 0x76, 0xb4, 0x6c, 0xfc, 0xf3, + 0xd1, 0xb2, 0xf1, 0xfb, 0xff, 0xb2, 0x7c, 0xea, 0x5b, 0xb9, 0x83, 0xd5, 0xff, 0x0e, 0x00, 0x00, + 0xff, 0xff, 0x58, 0xc4, 0x75, 0x0c, 0x57, 0x46, 0x00, 0x00, } func (m *BinaryBuildRequestOptions) Marshal() (dAtA []byte, err error) { @@ -3437,6 +3533,138 @@ func (m *BuildTriggerPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *BuildVolume) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BuildVolume) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BuildVolume) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Mounts) > 0 { + for iNdEx := len(m.Mounts) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Mounts[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + } + { + size, err := m.Source.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *BuildVolumeMount) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BuildVolumeMount) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BuildVolumeMount) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.DestinationPath) + copy(dAtA[i:], m.DestinationPath) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.DestinationPath))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *BuildVolumeSource) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *BuildVolumeSource) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *BuildVolumeSource) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.ConfigMap != nil { + { + size, err := m.ConfigMap.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + if m.Secret != nil { + { + size, err := m.Secret.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *CommonSpec) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -3746,6 +3974,20 @@ func (m *DockerBuildStrategy) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Volumes) > 0 { + for iNdEx := len(m.Volumes) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Volumes[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x4a + } + } if m.ImageOptimizationPolicy != nil { i -= len(*m.ImageOptimizationPolicy) copy(dAtA[i:], *m.ImageOptimizationPolicy) @@ -4816,6 +5058,20 @@ func (m *SourceBuildStrategy) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Volumes) > 0 { + for iNdEx := len(m.Volumes) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Volumes[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x4a + } + } i-- if m.ForcePull { dAtA[i] = 1 @@ -5673,18 +5929,67 @@ func (m *BuildTriggerPolicy) Size() (n int) { return n } -func (m *CommonSpec) Size() (n int) { +func (m *BuildVolume) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = len(m.ServiceAccount) + l = len(m.Name) n += 1 + l + sovGenerated(uint64(l)) l = m.Source.Size() n += 1 + l + sovGenerated(uint64(l)) - if m.Revision != nil { - l = m.Revision.Size() + if len(m.Mounts) > 0 { + for _, e := range m.Mounts { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *BuildVolumeMount) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.DestinationPath) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *BuildVolumeSource) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Type) + n += 1 + l + sovGenerated(uint64(l)) + if m.Secret != nil { + l = m.Secret.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.ConfigMap != nil { + l = m.ConfigMap.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *CommonSpec) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ServiceAccount) + n += 1 + l + sovGenerated(uint64(l)) + l = m.Source.Size() + n += 1 + l + sovGenerated(uint64(l)) + if m.Revision != nil { + l = m.Revision.Size() n += 1 + l + sovGenerated(uint64(l)) } l = m.Strategy.Size() @@ -5801,6 +6106,12 @@ func (m *DockerBuildStrategy) Size() (n int) { l = len(*m.ImageOptimizationPolicy) n += 1 + l + sovGenerated(uint64(l)) } + if len(m.Volumes) > 0 { + for _, e := range m.Volumes { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -6182,6 +6493,12 @@ func (m *SourceBuildStrategy) Size() (n int) { n += 2 } n += 2 + if len(m.Volumes) > 0 { + for _, e := range m.Volumes { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -6656,6 +6973,45 @@ func (this *BuildTriggerPolicy) String() string { }, "") return s } +func (this *BuildVolume) String() string { + if this == nil { + return "nil" + } + repeatedStringForMounts := "[]BuildVolumeMount{" + for _, f := range this.Mounts { + repeatedStringForMounts += strings.Replace(strings.Replace(f.String(), "BuildVolumeMount", "BuildVolumeMount", 1), `&`, ``, 1) + "," + } + repeatedStringForMounts += "}" + s := strings.Join([]string{`&BuildVolume{`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `Source:` + strings.Replace(strings.Replace(this.Source.String(), "BuildVolumeSource", "BuildVolumeSource", 1), `&`, ``, 1) + `,`, + `Mounts:` + repeatedStringForMounts + `,`, + `}`, + }, "") + return s +} +func (this *BuildVolumeMount) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&BuildVolumeMount{`, + `DestinationPath:` + fmt.Sprintf("%v", this.DestinationPath) + `,`, + `}`, + }, "") + return s +} +func (this *BuildVolumeSource) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&BuildVolumeSource{`, + `Type:` + fmt.Sprintf("%v", this.Type) + `,`, + `Secret:` + strings.Replace(fmt.Sprintf("%v", this.Secret), "SecretVolumeSource", "v11.SecretVolumeSource", 1) + `,`, + `ConfigMap:` + strings.Replace(fmt.Sprintf("%v", this.ConfigMap), "ConfigMapVolumeSource", "v11.ConfigMapVolumeSource", 1) + `,`, + `}`, + }, "") + return s +} func (this *CommonSpec) String() string { if this == nil { return "nil" @@ -6737,6 +7093,11 @@ func (this *DockerBuildStrategy) String() string { repeatedStringForBuildArgs += fmt.Sprintf("%v", f) + "," } repeatedStringForBuildArgs += "}" + repeatedStringForVolumes := "[]BuildVolume{" + for _, f := range this.Volumes { + repeatedStringForVolumes += strings.Replace(strings.Replace(f.String(), "BuildVolume", "BuildVolume", 1), `&`, ``, 1) + "," + } + repeatedStringForVolumes += "}" s := strings.Join([]string{`&DockerBuildStrategy{`, `From:` + strings.Replace(fmt.Sprintf("%v", this.From), "ObjectReference", "v11.ObjectReference", 1) + `,`, `PullSecret:` + strings.Replace(fmt.Sprintf("%v", this.PullSecret), "LocalObjectReference", "v11.LocalObjectReference", 1) + `,`, @@ -6746,6 +7107,7 @@ func (this *DockerBuildStrategy) String() string { `DockerfilePath:` + fmt.Sprintf("%v", this.DockerfilePath) + `,`, `BuildArgs:` + repeatedStringForBuildArgs + `,`, `ImageOptimizationPolicy:` + valueToStringGenerated(this.ImageOptimizationPolicy) + `,`, + `Volumes:` + repeatedStringForVolumes + `,`, `}`, }, "") return s @@ -7025,6 +7387,11 @@ func (this *SourceBuildStrategy) String() string { repeatedStringForEnv += fmt.Sprintf("%v", f) + "," } repeatedStringForEnv += "}" + repeatedStringForVolumes := "[]BuildVolume{" + for _, f := range this.Volumes { + repeatedStringForVolumes += strings.Replace(strings.Replace(f.String(), "BuildVolume", "BuildVolume", 1), `&`, ``, 1) + "," + } + repeatedStringForVolumes += "}" s := strings.Join([]string{`&SourceBuildStrategy{`, `From:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.From), "ObjectReference", "v11.ObjectReference", 1), `&`, ``, 1) + `,`, `PullSecret:` + strings.Replace(fmt.Sprintf("%v", this.PullSecret), "LocalObjectReference", "v11.LocalObjectReference", 1) + `,`, @@ -7032,6 +7399,7 @@ func (this *SourceBuildStrategy) String() string { `Scripts:` + fmt.Sprintf("%v", this.Scripts) + `,`, `Incremental:` + valueToStringGenerated(this.Incremental) + `,`, `ForcePull:` + fmt.Sprintf("%v", this.ForcePull) + `,`, + `Volumes:` + repeatedStringForVolumes + `,`, `}`, }, "") return s @@ -11545,6 +11913,391 @@ func (m *BuildTriggerPolicy) Unmarshal(dAtA []byte) error { } return nil } +func (m *BuildVolume) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BuildVolume: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: BuildVolume: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Source.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Mounts", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Mounts = append(m.Mounts, BuildVolumeMount{}) + if err := m.Mounts[len(m.Mounts)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *BuildVolumeMount) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BuildVolumeMount: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: BuildVolumeMount: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DestinationPath", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DestinationPath = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *BuildVolumeSource) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: BuildVolumeSource: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: BuildVolumeSource: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Type = BuildVolumeSourceType(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Secret", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Secret == nil { + m.Secret = &v11.SecretVolumeSource{} + } + if err := m.Secret.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConfigMap", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ConfigMap == nil { + m.ConfigMap = &v11.ConfigMapVolumeSource{} + } + if err := m.ConfigMap.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *CommonSpec) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -12671,6 +13424,40 @@ func (m *DockerBuildStrategy) Unmarshal(dAtA []byte) error { s := ImageOptimizationPolicy(dAtA[iNdEx:postIndex]) m.ImageOptimizationPolicy = &s iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Volumes", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Volumes = append(m.Volumes, BuildVolume{}) + if err := m.Volumes[len(m.Volumes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -15819,6 +16606,40 @@ func (m *SourceBuildStrategy) Unmarshal(dAtA []byte) error { } } m.ForcePull = bool(v != 0) + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Volumes", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Volumes = append(m.Volumes, BuildVolume{}) + if err := m.Volumes[len(m.Volumes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/openshift/api/build/v1/generated.proto b/vendor/github.com/openshift/api/build/v1/generated.proto index e3e947c62..30f6a3179 100644 --- a/vendor/github.com/openshift/api/build/v1/generated.proto +++ b/vendor/github.com/openshift/api/build/v1/generated.proto @@ -13,6 +13,9 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; option go_package = "v1"; // BinaryBuildRequestOptions are the options required to fully speficy a binary build request +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BinaryBuildRequestOptions { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -58,6 +61,9 @@ message BitbucketWebHookCause { // Build encapsulates the inputs needed to produce a new deployable image, as well as // the status of the execution and a reference to the Pod which executed the build. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Build { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -93,6 +99,9 @@ message BuildCondition { // Build configurations define a build process for new container images. There are three types of builds possible - a container image build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary container images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the container image registry specified in the "output" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created. // // Each build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have "output" set can be used to test code or run a verification build. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BuildConfig { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -106,6 +115,9 @@ message BuildConfig { } // BuildConfigList is a collection of BuildConfigs. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BuildConfigList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -145,16 +157,16 @@ message BuildConfigStatus { // lastVersion is used to inform about number of last triggered build. optional int64 lastVersion = 1; - // ImageChangeTriggers is used to capture the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, - // including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There will be a single entry - // in this array for each entry in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange - // pointer is set to a non-nil value. The logical key for each entry in this array is expressed by the - // ImageStreamTagReference type. That type captures the required elements for identifying the ImageStreamTag referenced by the more - // generic ObjectReference BuildTriggerPolicy.ImageChange.From. + // ImageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, + // including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry + // in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger. repeated ImageChangeTriggerStatus imageChangeTriggers = 2; } // BuildList is a collection of Builds. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BuildList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -163,10 +175,16 @@ message BuildList { } // BuildLog is the (unused) resource associated with the build log redirector +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BuildLog { } // BuildLogOptions is the REST options for a build log +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BuildLogOptions { // cointainer for which to stream logs. Defaults to only container if there is one container in the pod. optional string container = 1; @@ -332,6 +350,9 @@ message BuildPostCommitSpec { } // BuildRequest is the resource used to pass parameters to build generator +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BuildRequest { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -597,6 +618,60 @@ message BuildTriggerPolicy { optional WebHookTrigger bitbucket = 6; } +// BuildVolume describes a volume that is made available to build pods, +// such that it can be mounted into buildah's runtime environment. +// Only a subset of Kubernetes Volume sources are supported. +message BuildVolume { + // name is a unique identifier for this BuildVolume. + // It must conform to the Kubernetes DNS label standard and be unique within the pod. + // Names that collide with those added by the build controller will result in a + // failed build with an error message detailing which name caused the error. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + // +required + optional string name = 1; + + // source represents the location and type of the mounted volume. + // +required + optional BuildVolumeSource source = 2; + + // mounts represents the location of the volume in the image build container + // +required + // +listType=map + // +listMapKey=destinationPath + // +patchMergeKey=destinationPath + // +patchStrategy=merge + repeated BuildVolumeMount mounts = 3; +} + +// BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment. +message BuildVolumeMount { + // destinationPath is the path within the buildah runtime environment at which the volume should be mounted. + // The transient mount within the build image and the backing volume will both be mounted read only. + // Must be an absolute path, must not contain '..' or ':', and must not collide with a destination path generated + // by the builder process + // Paths that collide with those added by the build controller will result in a + // failed build with an error message detailing which path caused the error. + optional string destinationPath = 1; +} + +// BuildVolumeSource represents the source of a volume to mount +// Only one of its supported types may be specified at any given time. +message BuildVolumeSource { + // type is the BuildVolumeSourceType for the volume source. + // Type must match the populated volume source. + // Valid types are: Secret, ConfigMap + optional string type = 1; + + // secret represents a Secret that should populate this volume. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + // +optional + optional k8s.io.api.core.v1.SecretVolumeSource secret = 2; + + // configMap represents a ConfigMap that should populate this volume + // +optional + optional k8s.io.api.core.v1.ConfigMapVolumeSource configMap = 3; +} + // CommonSpec encapsulates all the inputs necessary to represent a build. message CommonSpec { // serviceAccount is the name of the ServiceAccount to use to run the pod @@ -736,6 +811,8 @@ message DockerBuildStrategy { // buildArgs contains build arguments that will be resolved in the Dockerfile. See // https://docs.docker.com/engine/reference/builder/#/arg for more details. + // NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field + // are ignored. repeated k8s.io.api.core.v1.EnvVar buildArgs = 7; // imageOptimizationPolicy describes what optimizations the system can use when building images @@ -746,6 +823,15 @@ message DockerBuildStrategy { // policy. An additional experimental policy 'SkipLayersAndWarn' is the same as // 'SkipLayers' but simply warns if compatibility cannot be preserved. optional string imageOptimizationPolicy = 8; + + // volumes is a list of input volumes that can be mounted into the builds runtime environment. + // Only a subset of Kubernetes Volume sources are supported by builds. + // More info: https://kubernetes.io/docs/concepts/storage/volumes + // +listType=map + // +listMapKey=name + // +patchMergeKey=name + // +patchStrategy=merge + repeated BuildVolume volumes = 9; } // DockerStrategyOptions contains extra strategy options for container image builds @@ -882,35 +968,15 @@ message ImageChangeTrigger { // ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy // specified in the BuildConfigSpec.Triggers struct. message ImageChangeTriggerStatus { - // lastTriggeredImageID represents, at the last time a Build for this BuildConfig was instantiated, the sha/id of - // the image referenced by the the ImageStreamTag cited in the 'from' of this struct. - // The lastTriggeredImageID field will be updated by the OpenShift APIServer on all instantiations of a Build from - // the BuildConfig it processes, regardless of what is considered the cause of instantiation. - // Specifically, an instantiation of a Build could have been manually requested, or could have resulted from - // changes with any of the Triggers defined in BuildConfigSpec.Triggers. - // The reason for always updating this field across all ImageChangeTriggerStatus instances is to prevent - // multiple builds being instantiated concurrently when multiple ImageChangeTriggers fire concurrently. The system - // compares the the sha/id stored here with the associated ImageStreamTag's sha/id for the image. If they match, - // then this trigger is not a valid reason for instantiating a Build. So when ImageChangeTriggers fire concurrently, - // only one of them can "win", meaning selected as the cause for a Build instantiation request. - // Lastly, to clarify exactly what is meant by "Build instantiation", from a REST perspective, it is a HTTP POST of a - // BuildRequest object as the HTTP Body that is made to the OpenShift APIServer, where that HTTP POST also specifies - // the "buildconfigs" resource, "instantiate" subresource, as well as the namespace and name of the BuildConfig. + // lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. + // The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started. optional string lastTriggeredImageID = 1; - // from is the ImageStreamTag that is used as the source of the trigger. - // This can come from an ImageStream tag referenced in this BuildConfig's Spec ImageChange Triggers, or the "from" - // this BuildConfig's build strategy if it happens to be an ImageStreamTag (where the user has specified an - // ImageChange Trigger in the spec with a 'nil' for its 'from'. + // from is the ImageStreamTag that is the source of the trigger. optional ImageStreamTagReference from = 2; - // lastTriggerTime is the last time this particular ImageChangeTrigger fired, and that trigger firing was chosen as the cause for the Build being instantiated - // from this BuildConfig. So on each Build instantiation, while lastTriggeredImageID will be updated regardless of - // whether this ImageChangeTrigger fired and deemed the cause for the Build Instantiation, this field is only updated - // when this trigger was in fact deemed the cause. As such, it is valid that this field may not be set across all the - // ImageChangeTriggers, as they may have not yet been deemed to be the cause of a Build instantiation. It is also - // valid that the times stored in lastTriggerTime will vary across all the ImageChangeTriggers, as the system - // explicitly picks only one trigger cause for a given Build. + // lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. + // This field is only updated when this trigger specifically started a Build. optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTriggerTime = 3; } @@ -967,15 +1033,12 @@ message ImageSourcePath { optional string destinationDir = 2; } -// ImageStreamTagReference captures the required elements for identifying the ImageStreamTag referenced by the more -// generic ObjectReference BuildTriggerPolicy.ImageChange.From. It is used by ImageChangeTriggerStatus, where a -// specific instance of ImageChangeTriggerStatus in maintained in BuildConfigStatus.ImageChangeTriggers for each entry -// in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange pointer is set to a non-nil value +// ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name. message ImageStreamTagReference { - // namespace is the namespace where the ImageStreamTag used for an ImageChangeTrigger is located + // namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located optional string namespace = 1; - // name is the name of the ImageStreamTag used for an ImageChangeTrigger + // name is the name of the ImageStreamTag for an ImageChangeTrigger optional string name = 2; } @@ -1071,6 +1134,15 @@ message SourceBuildStrategy { // forcePull describes if the builder should pull the images from registry prior to building. optional bool forcePull = 6; + + // volumes is a list of input volumes that can be mounted into the builds runtime environment. + // Only a subset of Kubernetes Volume sources are supported by builds. + // More info: https://kubernetes.io/docs/concepts/storage/volumes + // +listType=map + // +listMapKey=name + // +patchMergeKey=name + // +patchStrategy=merge + repeated BuildVolume volumes = 9; } // SourceControlUser defines the identity of a user of source control diff --git a/vendor/github.com/openshift/api/build/v1/types.go b/vendor/github.com/openshift/api/build/v1/types.go index cc57d5618..6b311448b 100644 --- a/vendor/github.com/openshift/api/build/v1/types.go +++ b/vendor/github.com/openshift/api/build/v1/types.go @@ -15,6 +15,9 @@ import ( // Build encapsulates the inputs needed to produce a new deployable image, as well as // the status of the execution and a reference to the Pod which executed the build. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Build struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -730,6 +733,8 @@ type DockerBuildStrategy struct { // buildArgs contains build arguments that will be resolved in the Dockerfile. See // https://docs.docker.com/engine/reference/builder/#/arg for more details. + // NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field + // are ignored. BuildArgs []corev1.EnvVar `json:"buildArgs,omitempty" protobuf:"bytes,7,rep,name=buildArgs"` // imageOptimizationPolicy describes what optimizations the system can use when building images @@ -740,6 +745,15 @@ type DockerBuildStrategy struct { // policy. An additional experimental policy 'SkipLayersAndWarn' is the same as // 'SkipLayers' but simply warns if compatibility cannot be preserved. ImageOptimizationPolicy *ImageOptimizationPolicy `json:"imageOptimizationPolicy,omitempty" protobuf:"bytes,8,opt,name=imageOptimizationPolicy,casttype=ImageOptimizationPolicy"` + + // volumes is a list of input volumes that can be mounted into the builds runtime environment. + // Only a subset of Kubernetes Volume sources are supported by builds. + // More info: https://kubernetes.io/docs/concepts/storage/volumes + // +listType=map + // +listMapKey=name + // +patchMergeKey=name + // +patchStrategy=merge + Volumes []BuildVolume `json:"volumes,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,9,opt,name=volumes"` } // SourceBuildStrategy defines input parameters specific to an Source build. @@ -771,6 +785,14 @@ type SourceBuildStrategy struct { // deprecated json field, do not reuse: runtimeArtifacts // +k8s:protobuf-deprecated=runtimeArtifacts,8 + // volumes is a list of input volumes that can be mounted into the builds runtime environment. + // Only a subset of Kubernetes Volume sources are supported by builds. + // More info: https://kubernetes.io/docs/concepts/storage/volumes + // +listType=map + // +listMapKey=name + // +patchMergeKey=name + // +patchStrategy=merge + Volumes []BuildVolume `json:"volumes,omitempty" patchStrategy:"merge" patchMergeKey:"name" protobuf:"bytes,9,opt,name=volumes"` } // JenkinsPipelineBuildStrategy holds parameters specific to a Jenkins Pipeline build. @@ -912,6 +934,9 @@ type ImageLabel struct { // Build configurations define a build process for new container images. There are three types of builds possible - a container image build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary container images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the container image registry specified in the "output" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created. // // Each build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have "output" set can be used to test code or run a verification build. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BuildConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -976,12 +1001,9 @@ type BuildConfigStatus struct { // lastVersion is used to inform about number of last triggered build. LastVersion int64 `json:"lastVersion" protobuf:"varint,1,opt,name=lastVersion"` - // ImageChangeTriggers is used to capture the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, - // including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There will be a single entry - // in this array for each entry in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange - // pointer is set to a non-nil value. The logical key for each entry in this array is expressed by the - // ImageStreamTagReference type. That type captures the required elements for identifying the ImageStreamTag referenced by the more - // generic ObjectReference BuildTriggerPolicy.ImageChange.From. + // ImageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, + // including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry + // in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger. ImageChangeTriggers []ImageChangeTriggerStatus `json:"imageChangeTriggers,omitempty" protobuf:"bytes,2,rep,name=imageChangeTriggers"` } @@ -1026,50 +1048,27 @@ type ImageChangeTrigger struct { Paused bool `json:"paused,omitempty" protobuf:"varint,3,opt,name=paused"` } -// ImageStreamTagReference captures the required elements for identifying the ImageStreamTag referenced by the more -// generic ObjectReference BuildTriggerPolicy.ImageChange.From. It is used by ImageChangeTriggerStatus, where a -// specific instance of ImageChangeTriggerStatus in maintained in BuildConfigStatus.ImageChangeTriggers for each entry -// in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange pointer is set to a non-nil value +// ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name. type ImageStreamTagReference struct { - // namespace is the namespace where the ImageStreamTag used for an ImageChangeTrigger is located + // namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"` - // name is the name of the ImageStreamTag used for an ImageChangeTrigger + // name is the name of the ImageStreamTag for an ImageChangeTrigger Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` } // ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy // specified in the BuildConfigSpec.Triggers struct. type ImageChangeTriggerStatus struct { - // lastTriggeredImageID represents, at the last time a Build for this BuildConfig was instantiated, the sha/id of - // the image referenced by the the ImageStreamTag cited in the 'from' of this struct. - // The lastTriggeredImageID field will be updated by the OpenShift APIServer on all instantiations of a Build from - // the BuildConfig it processes, regardless of what is considered the cause of instantiation. - // Specifically, an instantiation of a Build could have been manually requested, or could have resulted from - // changes with any of the Triggers defined in BuildConfigSpec.Triggers. - // The reason for always updating this field across all ImageChangeTriggerStatus instances is to prevent - // multiple builds being instantiated concurrently when multiple ImageChangeTriggers fire concurrently. The system - // compares the the sha/id stored here with the associated ImageStreamTag's sha/id for the image. If they match, - // then this trigger is not a valid reason for instantiating a Build. So when ImageChangeTriggers fire concurrently, - // only one of them can "win", meaning selected as the cause for a Build instantiation request. - // Lastly, to clarify exactly what is meant by "Build instantiation", from a REST perspective, it is a HTTP POST of a - // BuildRequest object as the HTTP Body that is made to the OpenShift APIServer, where that HTTP POST also specifies - // the "buildconfigs" resource, "instantiate" subresource, as well as the namespace and name of the BuildConfig. + // lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. + // The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started. LastTriggeredImageID string `json:"lastTriggeredImageID,omitempty" protobuf:"bytes,1,opt,name=lastTriggeredImageID"` - // from is the ImageStreamTag that is used as the source of the trigger. - // This can come from an ImageStream tag referenced in this BuildConfig's Spec ImageChange Triggers, or the "from" - // this BuildConfig's build strategy if it happens to be an ImageStreamTag (where the user has specified an - // ImageChange Trigger in the spec with a 'nil' for its 'from'. + // from is the ImageStreamTag that is the source of the trigger. From ImageStreamTagReference `json:"from,omitempty" protobuf:"bytes,2,opt,name=from"` - // lastTriggerTime is the last time this particular ImageChangeTrigger fired, and that trigger firing was chosen as the cause for the Build being instantiated - // from this BuildConfig. So on each Build instantiation, while lastTriggeredImageID will be updated regardless of - // whether this ImageChangeTrigger fired and deemed the cause for the Build Instantiation, this field is only updated - // when this trigger was in fact deemed the cause. As such, it is valid that this field may not be set across all the - // ImageChangeTriggers, as they may have not yet been deemed to be the cause of a Build instantiation. It is also - // valid that the times stored in lastTriggerTime will vary across all the ImageChangeTriggers, as the system - // explicitly picks only one trigger cause for a given Build. + // lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. + // This field is only updated when this trigger specifically started a Build. LastTriggerTime metav1.Time `json:"lastTriggerTime,omitempty" protobuf:"bytes,3,opt,name=lastTriggerTime"` } @@ -1154,6 +1153,9 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildList is a collection of Builds. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BuildList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -1165,6 +1167,9 @@ type BuildList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildConfigList is a collection of BuildConfigs. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BuildConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -1210,6 +1215,9 @@ type GitRefInfo struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildLog is the (unused) resource associated with the build log redirector +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BuildLog struct { metav1.TypeMeta `json:",inline"` } @@ -1233,6 +1241,9 @@ type SourceStrategyOptions struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildRequest is the resource used to pass parameters to build generator +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BuildRequest struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -1271,6 +1282,9 @@ type BuildRequest struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BinaryBuildRequestOptions are the options required to fully speficy a binary build request +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BinaryBuildRequestOptions struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -1302,6 +1316,9 @@ type BinaryBuildRequestOptions struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildLogOptions is the REST options for a build log +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BuildLogOptions struct { metav1.TypeMeta `json:",inline"` @@ -1359,3 +1376,69 @@ type SecretSpec struct { // mountPath is the path at which to mount the secret MountPath string `json:"mountPath" protobuf:"bytes,2,opt,name=mountPath"` } + +// BuildVolume describes a volume that is made available to build pods, +// such that it can be mounted into buildah's runtime environment. +// Only a subset of Kubernetes Volume sources are supported. +type BuildVolume struct { + // name is a unique identifier for this BuildVolume. + // It must conform to the Kubernetes DNS label standard and be unique within the pod. + // Names that collide with those added by the build controller will result in a + // failed build with an error message detailing which name caused the error. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + // +required + Name string `json:"name" protobuf:"bytes,1,opt,name=name"` + + // source represents the location and type of the mounted volume. + // +required + Source BuildVolumeSource `json:"source" protobuf:"bytes,2,opt,name=source"` + + // mounts represents the location of the volume in the image build container + // +required + // +listType=map + // +listMapKey=destinationPath + // +patchMergeKey=destinationPath + // +patchStrategy=merge + Mounts []BuildVolumeMount `json:"mounts" patchStrategy:"merge" patchMergeKey:"destinationPath" protobuf:"bytes,3,opt,name=mounts"` +} + +// BuildVolumeSourceType represents a build volume source type +type BuildVolumeSourceType string + +const ( + // BuildVolumeSourceTypeSecret is the Secret build source volume type + BuildVolumeSourceTypeSecret BuildVolumeSourceType = "Secret" + + // BuildVolumeSourceTypeConfigmap is the ConfigMap build source volume type + BuildVolumeSourceTypeConfigMap BuildVolumeSourceType = "ConfigMap" +) + +// BuildVolumeSource represents the source of a volume to mount +// Only one of its supported types may be specified at any given time. +type BuildVolumeSource struct { + + // type is the BuildVolumeSourceType for the volume source. + // Type must match the populated volume source. + // Valid types are: Secret, ConfigMap + Type BuildVolumeSourceType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=BuildVolumeSourceType"` + + // secret represents a Secret that should populate this volume. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + // +optional + Secret *corev1.SecretVolumeSource `json:"secret,omitempty" protobuf:"bytes,2,opt,name=secret"` + + // configMap represents a ConfigMap that should populate this volume + // +optional + ConfigMap *corev1.ConfigMapVolumeSource `json:"configMap,omitempty" protobuf:"bytes,3,opt,name=configMap"` +} + +// BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment. +type BuildVolumeMount struct { + // destinationPath is the path within the buildah runtime environment at which the volume should be mounted. + // The transient mount within the build image and the backing volume will both be mounted read only. + // Must be an absolute path, must not contain '..' or ':', and must not collide with a destination path generated + // by the builder process + // Paths that collide with those added by the build controller will result in a + // failed build with an error message detailing which path caused the error. + DestinationPath string `json:"destinationPath" protobuf:"bytes,1,opt,name=destinationPath"` +} diff --git a/vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go index bacecccb7..2aa4644cd 100644 --- a/vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/build/v1/zz_generated.deepcopy.go @@ -747,6 +747,70 @@ func (in *BuildTriggerPolicy) DeepCopy() *BuildTriggerPolicy { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BuildVolume) DeepCopyInto(out *BuildVolume) { + *out = *in + in.Source.DeepCopyInto(&out.Source) + if in.Mounts != nil { + in, out := &in.Mounts, &out.Mounts + *out = make([]BuildVolumeMount, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildVolume. +func (in *BuildVolume) DeepCopy() *BuildVolume { + if in == nil { + return nil + } + out := new(BuildVolume) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BuildVolumeMount) DeepCopyInto(out *BuildVolumeMount) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildVolumeMount. +func (in *BuildVolumeMount) DeepCopy() *BuildVolumeMount { + if in == nil { + return nil + } + out := new(BuildVolumeMount) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BuildVolumeSource) DeepCopyInto(out *BuildVolumeSource) { + *out = *in + if in.Secret != nil { + in, out := &in.Secret, &out.Secret + *out = new(corev1.SecretVolumeSource) + (*in).DeepCopyInto(*out) + } + if in.ConfigMap != nil { + in, out := &in.ConfigMap, &out.ConfigMap + *out = new(corev1.ConfigMapVolumeSource) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildVolumeSource. +func (in *BuildVolumeSource) DeepCopy() *BuildVolumeSource { + if in == nil { + return nil + } + out := new(BuildVolumeSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CommonSpec) DeepCopyInto(out *CommonSpec) { *out = *in @@ -894,6 +958,13 @@ func (in *DockerBuildStrategy) DeepCopyInto(out *DockerBuildStrategy) { *out = new(ImageOptimizationPolicy) **out = **in } + if in.Volumes != nil { + in, out := &in.Volumes, &out.Volumes + *out = make([]BuildVolume, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -1392,6 +1463,13 @@ func (in *SourceBuildStrategy) DeepCopyInto(out *SourceBuildStrategy) { *out = new(bool) **out = **in } + if in.Volumes != nil { + in, out := &in.Volumes, &out.Volumes + *out = make([]BuildVolume, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } diff --git a/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go index f4410e6d3..ea492f7da 100644 --- a/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_BinaryBuildRequestOptions = map[string]string{ - "": "BinaryBuildRequestOptions are the options required to fully speficy a binary build request", + "": "BinaryBuildRequestOptions are the options required to fully speficy a binary build request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "asFile": "asFile determines if the binary should be created as a file within the source rather than extracted as an archive", "revision.commit": "revision.commit is the value identifying a specific commit", "revision.message": "revision.message is the description of a specific commit", @@ -44,7 +44,7 @@ func (BitbucketWebHookCause) SwaggerDoc() map[string]string { } var map_Build = map[string]string{ - "": "Build encapsulates the inputs needed to produce a new deployable image, as well as the status of the execution and a reference to the Pod which executed the build.", + "": "Build encapsulates the inputs needed to produce a new deployable image, as well as the status of the execution and a reference to the Pod which executed the build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is all the inputs used to execute the build.", "status": "status is the current status of the build.", } @@ -68,7 +68,7 @@ func (BuildCondition) SwaggerDoc() map[string]string { } var map_BuildConfig = map[string]string{ - "": "Build configurations define a build process for new container images. There are three types of builds possible - a container image build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary container images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the container image registry specified in the \"output\" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.\n\nEach build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have \"output\" set can be used to test code or run a verification build.", + "": "Build configurations define a build process for new container images. There are three types of builds possible - a container image build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary container images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the container image registry specified in the \"output\" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.\n\nEach build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have \"output\" set can be used to test code or run a verification build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds all the input necessary to produce a new build, and the conditions when to trigger them.", "status": "status holds any relevant information about a build config", } @@ -78,7 +78,7 @@ func (BuildConfig) SwaggerDoc() map[string]string { } var map_BuildConfigList = map[string]string{ - "": "BuildConfigList is a collection of BuildConfigs.", + "": "BuildConfigList is a collection of BuildConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "items is a list of build configs", } @@ -101,7 +101,7 @@ func (BuildConfigSpec) SwaggerDoc() map[string]string { var map_BuildConfigStatus = map[string]string{ "": "BuildConfigStatus contains current state of the build config object.", "lastVersion": "lastVersion is used to inform about number of last triggered build.", - "imageChangeTriggers": "ImageChangeTriggers is used to capture the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There will be a single entry in this array for each entry in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange pointer is set to a non-nil value. The logical key for each entry in this array is expressed by the ImageStreamTagReference type. That type captures the required elements for identifying the ImageStreamTag referenced by the more generic ObjectReference BuildTriggerPolicy.ImageChange.From.", + "imageChangeTriggers": "ImageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger.", } func (BuildConfigStatus) SwaggerDoc() map[string]string { @@ -109,7 +109,7 @@ func (BuildConfigStatus) SwaggerDoc() map[string]string { } var map_BuildList = map[string]string{ - "": "BuildList is a collection of Builds.", + "": "BuildList is a collection of Builds.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "items is a list of builds", } @@ -118,7 +118,7 @@ func (BuildList) SwaggerDoc() map[string]string { } var map_BuildLog = map[string]string{ - "": "BuildLog is the (unused) resource associated with the build log redirector", + "": "BuildLog is the (unused) resource associated with the build log redirector\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (BuildLog) SwaggerDoc() map[string]string { @@ -126,7 +126,7 @@ func (BuildLog) SwaggerDoc() map[string]string { } var map_BuildLogOptions = map[string]string{ - "": "BuildLogOptions is the REST options for a build log", + "": "BuildLogOptions is the REST options for a build log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "container": "cointainer for which to stream logs. Defaults to only container if there is one container in the pod.", "follow": "follow if true indicates that the build log should be streamed until the build terminates.", "previous": "previous returns previous build logs. Defaults to false.", @@ -167,7 +167,7 @@ func (BuildPostCommitSpec) SwaggerDoc() map[string]string { } var map_BuildRequest = map[string]string{ - "": "BuildRequest is the resource used to pass parameters to build generator", + "": "BuildRequest is the resource used to pass parameters to build generator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "revision": "revision is the information from the source for a specific repo snapshot.", "triggeredByImage": "triggeredByImage is the Image that triggered this build.", "from": "from is the reference to the ImageStreamTag that triggered the build.", @@ -289,6 +289,37 @@ func (BuildTriggerPolicy) SwaggerDoc() map[string]string { return map_BuildTriggerPolicy } +var map_BuildVolume = map[string]string{ + "": "BuildVolume describes a volume that is made available to build pods, such that it can be mounted into buildah's runtime environment. Only a subset of Kubernetes Volume sources are supported.", + "name": "name is a unique identifier for this BuildVolume. It must conform to the Kubernetes DNS label standard and be unique within the pod. Names that collide with those added by the build controller will result in a failed build with an error message detailing which name caused the error. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "source": "source represents the location and type of the mounted volume.", + "mounts": "mounts represents the location of the volume in the image build container", +} + +func (BuildVolume) SwaggerDoc() map[string]string { + return map_BuildVolume +} + +var map_BuildVolumeMount = map[string]string{ + "": "BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment.", + "destinationPath": "destinationPath is the path within the buildah runtime environment at which the volume should be mounted. The transient mount within the build image and the backing volume will both be mounted read only. Must be an absolute path, must not contain '..' or ':', and must not collide with a destination path generated by the builder process Paths that collide with those added by the build controller will result in a failed build with an error message detailing which path caused the error.", +} + +func (BuildVolumeMount) SwaggerDoc() map[string]string { + return map_BuildVolumeMount +} + +var map_BuildVolumeSource = map[string]string{ + "": "BuildVolumeSource represents the source of a volume to mount Only one of its supported types may be specified at any given time.", + "type": "type is the BuildVolumeSourceType for the volume source. Type must match the populated volume source. Valid types are: Secret, ConfigMap", + "secret": "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "configMap": "configMap represents a ConfigMap that should populate this volume", +} + +func (BuildVolumeSource) SwaggerDoc() map[string]string { + return map_BuildVolumeSource +} + var map_CommonSpec = map[string]string{ "": "CommonSpec encapsulates all the inputs necessary to represent a build.", "serviceAccount": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", @@ -350,8 +381,9 @@ var map_DockerBuildStrategy = map[string]string{ "env": "env contains additional environment variables you want to pass into a builder container.", "forcePull": "forcePull describes if the builder should pull the images from registry prior to building.", "dockerfilePath": "dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset.", - "buildArgs": "buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details.", + "buildArgs": "buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details. NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field are ignored.", "imageOptimizationPolicy": "imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.", + "volumes": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", } func (DockerBuildStrategy) SwaggerDoc() map[string]string { @@ -470,9 +502,9 @@ func (ImageChangeTrigger) SwaggerDoc() map[string]string { var map_ImageChangeTriggerStatus = map[string]string{ "": "ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy specified in the BuildConfigSpec.Triggers struct.", - "lastTriggeredImageID": "lastTriggeredImageID represents, at the last time a Build for this BuildConfig was instantiated, the sha/id of the image referenced by the the ImageStreamTag cited in the 'from' of this struct. The lastTriggeredImageID field will be updated by the OpenShift APIServer on all instantiations of a Build from the BuildConfig it processes, regardless of what is considered the cause of instantiation. Specifically, an instantiation of a Build could have been manually requested, or could have resulted from changes with any of the Triggers defined in BuildConfigSpec.Triggers. The reason for always updating this field across all ImageChangeTriggerStatus instances is to prevent multiple builds being instantiated concurrently when multiple ImageChangeTriggers fire concurrently. The system compares the the sha/id stored here with the associated ImageStreamTag's sha/id for the image. If they match, then this trigger is not a valid reason for instantiating a Build. So when ImageChangeTriggers fire concurrently, only one of them can \"win\", meaning selected as the cause for a Build instantiation request. Lastly, to clarify exactly what is meant by \"Build instantiation\", from a REST perspective, it is a HTTP POST of a BuildRequest object as the HTTP Body that is made to the OpenShift APIServer, where that HTTP POST also specifies the \"buildconfigs\" resource, \"instantiate\" subresource, as well as the namespace and name of the BuildConfig.", - "from": "from is the ImageStreamTag that is used as the source of the trigger. This can come from an ImageStream tag referenced in this BuildConfig's Spec ImageChange Triggers, or the \"from\"\n this BuildConfig's build strategy if it happens to be an ImageStreamTag (where the user has specified an\nImageChange Trigger in the spec with a 'nil' for its 'from'.", - "lastTriggerTime": "lastTriggerTime is the last time this particular ImageChangeTrigger fired, and that trigger firing was chosen as the cause for the Build being instantiated from this BuildConfig. So on each Build instantiation, while lastTriggeredImageID will be updated regardless of whether this ImageChangeTrigger fired and deemed the cause for the Build Instantiation, this field is only updated when this trigger was in fact deemed the cause. As such, it is valid that this field may not be set across all the ImageChangeTriggers, as they may have not yet been deemed to be the cause of a Build instantiation. It is also valid that the times stored in lastTriggerTime will vary across all the ImageChangeTriggers, as the system explicitly picks only one trigger cause for a given Build.", + "lastTriggeredImageID": "lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started.", + "from": "from is the ImageStreamTag that is the source of the trigger.", + "lastTriggerTime": "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build.", } func (ImageChangeTriggerStatus) SwaggerDoc() map[string]string { @@ -512,9 +544,9 @@ func (ImageSourcePath) SwaggerDoc() map[string]string { } var map_ImageStreamTagReference = map[string]string{ - "": "ImageStreamTagReference captures the required elements for identifying the ImageStreamTag referenced by the more generic ObjectReference BuildTriggerPolicy.ImageChange.From. It is used by ImageChangeTriggerStatus, where a specific instance of ImageChangeTriggerStatus in maintained in BuildConfigStatus.ImageChangeTriggers for each entry in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange pointer is set to a non-nil value", - "namespace": "namespace is the namespace where the ImageStreamTag used for an ImageChangeTrigger is located", - "name": "name is the name of the ImageStreamTag used for an ImageChangeTrigger", + "": "ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name.", + "namespace": "namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located", + "name": "name is the name of the ImageStreamTag for an ImageChangeTrigger", } func (ImageStreamTagReference) SwaggerDoc() map[string]string { @@ -580,6 +612,7 @@ var map_SourceBuildStrategy = map[string]string{ "scripts": "scripts is the location of Source scripts", "incremental": "incremental flag forces the Source build to do incremental builds if true.", "forcePull": "forcePull describes if the builder should pull the images from registry prior to building.", + "volumes": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", } func (SourceBuildStrategy) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml b/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml index 14588cba4..cccd091d9 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml @@ -1,6 +1,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/859 name: cloudprivateipconfigs.cloud.network.openshift.io spec: group: cloud.network.openshift.io @@ -14,16 +16,18 @@ spec: - name: v1 schema: openAPIV3Schema: - description: 'CloudPrivateIPConfig performs an assignment of a private IP + description: "CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, - and the status side represents the current state that this CRD''s controller + and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the - next time the network plugin reconciles the object. Note: the CR''s name - must specify the requested private IP address (can be IPv4 or IPv6).' + next time the network plugin reconciles the object. Note: the CR's name + must specify the requested private IP address (can be IPv4 or IPv6). \n + Compatibility level 1: Stable within a major release for a minimum of 12 + months or 3 minor releases (whichever is longer)." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto b/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto index 3b675bac8..7bd4c1e1b 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto @@ -22,6 +22,8 @@ option go_package = "v1"; // decides to edit it for some reason, their changes will be overwritten the // next time the network plugin reconciles the object. Note: the CR's name // must specify the requested private IP address (can be IPv4 or IPv6). +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -29,6 +31,7 @@ option go_package = "v1"; // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=cloudprivateipconfigs,scope=Cluster +// +openshift:compatibility-gen:level=1 message CloudPrivateIPConfig { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -43,9 +46,11 @@ message CloudPrivateIPConfig { optional CloudPrivateIPConfigStatus status = 3; } +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +resource:path=cloudprivateipconfig // CloudPrivateIPConfigList is the list of CloudPrivateIPConfigList. +// +openshift:compatibility-gen:level=1 message CloudPrivateIPConfigList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/types.go b/vendor/github.com/openshift/api/cloudnetwork/v1/types.go index ae98ff6e1..ad905a720 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/types.go +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/types.go @@ -14,6 +14,8 @@ import ( // decides to edit it for some reason, their changes will be overwritten the // next time the network plugin reconciles the object. Note: the CR's name // must specify the requested private IP address (can be IPv4 or IPv6). +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -21,6 +23,7 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=cloudprivateipconfigs,scope=Cluster +// +openshift:compatibility-gen:level=1 type CloudPrivateIPConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -68,9 +71,11 @@ const ( Assigned CloudPrivateIPConfigConditionType = "Assigned" ) +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +resource:path=cloudprivateipconfig // CloudPrivateIPConfigList is the list of CloudPrivateIPConfigList. +// +openshift:compatibility-gen:level=1 type CloudPrivateIPConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.swagger_doc_generated.go index 849e579ef..70941b378 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_CloudPrivateIPConfig = map[string]string{ - "": "CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6).", + "": "CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the definition of the desired private IP request.", "status": "status is the observed status of the desired private IP request. Read-only.", } @@ -22,7 +22,7 @@ func (CloudPrivateIPConfig) SwaggerDoc() map[string]string { } var map_CloudPrivateIPConfigList = map[string]string{ - "": "CloudPrivateIPConfigList is the list of CloudPrivateIPConfigList.", + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). CloudPrivateIPConfigList is the list of CloudPrivateIPConfigList.", "items": "List of CloudPrivateIPConfig.", } diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml index 2bf271283..f2e2cc365 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml @@ -1,169 +1,137 @@ +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 metadata: - name: clusteroperators.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/497 include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: clusteroperators.config.openshift.io spec: - additionalPrinterColumns: - - JSONPath: .status.versions[?(@.name=="operator")].version - description: The version the operator is at. - name: Version - type: string - - JSONPath: .status.conditions[?(@.type=="Available")].status - description: Whether the operator is running and stable. - name: Available - type: string - - JSONPath: .status.conditions[?(@.type=="Progressing")].status - description: Whether the operator is processing changes. - name: Progressing - type: string - - JSONPath: .status.conditions[?(@.type=="Degraded")].status - description: Whether the operator is degraded. - name: Degraded - type: string - - JSONPath: .status.conditions[?(@.type=="Available")].lastTransitionTime - description: The time the operator's Available status last changed. - name: Since - type: date group: config.openshift.io names: kind: ClusterOperator listKind: ClusterOperatorList plural: clusteroperators - singular: clusteroperator shortNames: - - co - preserveUnknownFields: false + - co + singular: clusteroperator scope: Cluster - subresources: - status: {} - version: v1 versions: - - name: v1 - served: true - storage: true - validation: - openAPIV3Schema: - description: ClusterOperator is the Custom Resource object which holds the current - state of an operator. This object is used by operators to convey their state - to the rest of the cluster. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + - additionalPrinterColumns: + - description: The version the operator is at. + jsonPath: .status.versions[?(@.name=="operator")].version + name: Version type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + - description: Whether the operator is running and stable. + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available type: string - metadata: - type: object - spec: - description: spec holds configuration that could apply to any operator. - type: object - status: - description: status holds the information about the state of an operator. It - is consistent with status information across the Kubernetes ecosystem. + - description: Whether the operator is processing changes. + jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - description: Whether the operator is degraded. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: The time the operator's Available status last changed. + jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime + name: Since + type: date + name: v1 + schema: + openAPIV3Schema: + description: "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." type: object + required: + - spec properties: - conditions: - description: conditions describes the state of the operator's managed - and monitored components. - type: array - items: - description: ClusterOperatorStatusCondition represents the state of - the operator's managed and monitored components. - type: object - required: - - lastTransitionTime - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - type: string - format: date-time - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be rendered - as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - extension: - description: extension contains any additional status information specific - to the operator which owns this status object. + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - relatedObjects: - description: 'relatedObjects is a list of objects that are "interesting" - or related to this operator. Common uses are: 1. the detailed resource - driving the operator 2. operator namespaces 3. operand namespaces' - type: array - items: - description: ObjectReference contains enough information to let you - inspect or modify the referred object. - type: object - required: - - group - - name - - resource - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - versions: - description: versions is a slice of operator and operand version tuples. Operators - which manage multiple operands will have multiple operand entries - in the array. Available operators must report the version of the - operator itself with the name "operator". An operator reports a new - "operator" version when it has rolled out the new version to all of - its operands. - type: array - items: - type: object - required: - - name - - version - properties: - name: - description: name is the name of the particular operand this version - is for. It usually matches container images, not operators. - type: string - version: - description: version indicates which version of a particular operand - is currently being managed. It must always match the Available - operand. If 1.0.0 is Available, then this must indicate 1.0.0 - even if the operator is trying to rollout 1.1.0 - type: string - versions: - - name: v1 - served: true - storage: true + spec: + description: spec holds configuration that could apply to any operator. + type: object + status: + description: status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem. + type: object + properties: + conditions: + description: conditions describes the state of the operator's managed and monitored components. + type: array + items: + description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + type: string + format: date-time + message: + description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + extension: + description: extension contains any additional status information specific to the operator which owns this status object. + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + relatedObjects: + description: 'relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces' + type: array + items: + description: ObjectReference contains enough information to let you inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + versions: + description: versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name "operator". An operator reports a new "operator" version when it has rolled out the new version to all of its operands. + type: array + items: + type: object + required: + - name + - version + properties: + name: + description: name is the name of the particular operand this version is for. It usually matches container images, not operators. + type: string + version: + description: version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0 + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 628538d0e..e27fa52f7 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -1,335 +1,225 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: clusterversions.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/495 include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: clusterversions.config.openshift.io spec: group: config.openshift.io - versions: - - name: v1 - served: true - storage: true - scope: Cluster - subresources: - status: {} names: + kind: ClusterVersion plural: clusterversions singular: clusterversion - kind: ClusterVersion - preserveUnknownFields: false - additionalPrinterColumns: - - name: Version - type: string - JSONPath: .status.history[?(@.state=="Completed")].version - - name: Available - type: string - JSONPath: .status.conditions[?(@.type=="Available")].status - - name: Progressing - type: string - JSONPath: .status.conditions[?(@.type=="Progressing")].status - - name: Since - type: date - JSONPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - - name: Status - type: string - JSONPath: .status.conditions[?(@.type=="Progressing")].message - validation: - openAPIV3Schema: - description: ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.history[?(@.state=="Completed")].version + name: Version type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + - jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. + - jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime + name: Since + type: date + - jsonPath: .status.conditions[?(@.type=="Progressing")].message + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." type: object required: - - clusterID + - spec properties: - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for production - clusters. + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. You may specify the version field without setting - image if an update exists with that version in the availableUpdates - or history. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." + metadata: + type: object + spec: + description: spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster. type: object + required: + - clusterID properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on update. - This option should only be used when the authenticity of the provided - image has been verified out of band because the provided image - will run with full administrative access to the cluster. Do not - use this flag with images that comes from unknown or potentially - malicious sources. \n This flag does not override other forms - of consistency checking that are required before a new update - is deployed." - type: boolean - image: - description: image is a container image location that contains the - update. When this field is part of spec, image is optional if - version is specified and the availableUpdates field contains a - matching version. + channel: + description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters. type: string - version: - description: version is a semantic versioning identifying the update - version. When this field is part of spec, version is optional - if image is specified. + clusterID: + description: clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field. type: string - overrides: - description: overrides is list of overides for components that are managed - by cluster version operator. Marking a component unmanaged will prevent - the operator from creating or updating the object. - type: array - items: - description: ComponentOverride allows overriding cluster version operator's - behavior for a component. - type: object - required: - - group - - kind - - name - - namespace - - unmanaged - properties: - group: - description: group identifies the API group that the kind is in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the resource - is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator should - stop managing the resources in this cluster. Default: false' - type: boolean - upstream: - description: upstream may be used to specify the preferred update server. - By default it will use the appropriate update server for the cluster - and region. - type: string - status: - description: status contains information about the available updates and - any in-progress updates. - type: object - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - properties: - availableUpdates: - description: availableUpdates contains the list of updates that are - appropriate for this cluster. This list may be empty if no updates - are recommended, if the update service is unavailable, or if an invalid - channel has been specified. - type: array - items: - description: Release represents an OpenShift release image and associated - metadata. - type: object - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - type: array - items: + desiredUpdate: + description: "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail. You may specify the version field without setting image if an update exists with that version in the availableUpdates or history. \n If an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed." + type: object + properties: + force: + description: force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources. + type: boolean + image: + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. type: string - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or the - metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set for - test or nightly releases. - type: string - version: - description: version is a semantic versioning identifying the - update version. When this field is part of spec, version is - optional if image is specified. - type: string - nullable: true - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an update - is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - type: array - items: - description: ClusterOperatorStatusCondition represents the state of - the operator's managed and monitored components. - type: object - required: - - lastTransitionTime - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - type: string - format: date-time - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be rendered - as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or a - tag. + version: + description: version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified. + type: string + overrides: + description: overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object. + type: array + items: + description: ComponentOverride allows overriding cluster version operator's behavior for a component. + type: object + required: + - group + - kind + - name + - namespace + - unmanaged + properties: + group: + description: group identifies the API group that the kind is in. + type: string + kind: + description: kind indentifies which object to override. + type: string + name: + description: name is the component's name. + type: string + namespace: + description: namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty. + type: string + unmanaged: + description: 'unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false' + type: boolean + upstream: + description: upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region. + type: string + status: + description: status contains information about the available updates and any in-progress updates. type: object + required: + - availableUpdates + - desired + - observedGeneration + - versionHash properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. + availableUpdates: + description: availableUpdates contains the list of updates that are appropriate for this cluster. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified. type: array items: - type: string - image: - description: image is a container image location that contains the - update. When this field is part of spec, image is optional if - version is specified and the availableUpdates field contains a - matching version. - type: string - url: - description: url contains information about this release. This URL - is set by the 'url' metadata property on a release or the metadata - returned by the update API and should be displayed as a link in - user interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: version is a semantic versioning identifying the update - version. When this field is part of spec, version is optional - if image is specified. + description: Release represents an OpenShift release image and associated metadata. + type: object + properties: + channels: + description: channels is the set of Cincinnati channels to which the release currently belongs. + type: array + items: + type: string + image: + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. + type: string + url: + description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. + type: string + version: + description: version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified. + type: string + nullable: true + conditions: + description: conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation. + type: array + items: + description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + type: string + format: date-time + message: + description: message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + desired: + description: desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag. + type: object + properties: + channels: + description: channels is the set of Cincinnati channels to which the release currently belongs. + type: array + items: + type: string + image: + description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. + type: string + url: + description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases. + type: string + version: + description: version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified. + type: string + history: + description: history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved. + type: array + items: + description: UpdateHistory is a single attempted update to the cluster. + type: object + required: + - completionTime + - image + - startedTime + - state + - verified + properties: + completionTime: + description: completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update). + type: string + format: date-time + nullable: true + image: + description: image is a container image location that contains the update. This value is always populated. + type: string + startedTime: + description: startedTime is the time at which the update was started. + type: string + format: date-time + state: + description: state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied). + type: string + verified: + description: verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted. + type: boolean + version: + description: version is a semantic versioning identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty. + type: string + observedGeneration: + description: observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version. + type: integer + format: int64 + versionHash: + description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only. type: string - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, and - then will be updated when a new update is being applied. The newest - update is first in the list and it is ordered by recency. Updates - in the history have state Completed if the rollout completed - if - an update was failing or halfway applied the state will be Partial. - Only a limited amount of update history is preserved. - type: array - items: - description: UpdateHistory is a single attempted update to the cluster. - type: object - required: - - completionTime - - image - - startedTime - - state - - verified - properties: - completionTime: - description: completionTime, if set, is when the update was fully - applied. The update that is currently being applied will have - a null completion time. Completion time will always be set for - entries that are not the current update (usually to the started - time of the next update). - type: string - format: date-time - nullable: true - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was started. - type: string - format: date-time - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update was - properly verified before it was installed. If this is false - the cluster may not be trusted. - type: boolean - version: - description: version is a semantic versioning identifying the - update version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - observedGeneration: - description: observedGeneration reports which version of the spec is - being synced. If this value is not equal to metadata.generation, then - the desired and conditions fields may represent a previous version. - type: integer - format: int64 - versionHash: - description: versionHash is a fingerprint of the content that the cluster - will be updated with. It is used by the operator to avoid unnecessary - work and is for internal use only. - type: string - versions: - - name: v1 - served: true - storage: true + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml index 8ea625945..4ba6c01cf 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml @@ -1,11 +1,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: operatorhubs.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: operatorhubs.config.openshift.io spec: group: config.openshift.io names: @@ -15,91 +16,68 @@ spec: singular: operatorhub scope: Cluster versions: - - name: v1 - subresources: - status: {} - served: true - storage: true - "schema": - "openAPIV3Schema": - description: OperatorHub is the Schema for the operatorhubs API. It can be - used to change the state of the default hub sources for OperatorHub on the - cluster from enabled to disabled and vice versa. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorHubSpec defines the desired state of OperatorHub - type: object - properties: - disableAllDefaultSources: - description: disableAllDefaultSources allows you to disable all the - default hub sources. If this is true, a specific entry in sources - can be used to enable a default source. If this is false, a specific - entry in sources can be used to disable or enable a default source. - type: boolean - sources: - description: sources is the list of default hub sources and their - configuration. If the list is empty, it implies that the default - hub sources are enabled on the cluster unless disableAllDefaultSources - is true. If disableAllDefaultSources is true and sources is not - empty, the configuration present in sources will take precedence. - The list of default hub sources and their current state will always - be reflected in the status block. - type: array - items: - description: HubSource is used to specify the hub source and its - configuration - type: object - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - name: - description: name is the name of one of the default hub sources - type: string - maxLength: 253 - minLength: 1 - status: - description: OperatorHubStatus defines the observed state of OperatorHub. - The current state of the default hub sources will always be reflected - here. - type: object - properties: - sources: - description: sources encapsulates the result of applying the configuration - for each hub source - type: array - items: - description: HubSourceStatus is used to reflect the current state - of applying the configuration to a default source - type: object - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - message: - description: message provides more information regarding failures - type: string - name: - description: name is the name of one of the default hub sources - type: string - maxLength: 253 - minLength: 1 - status: - description: status indicates success or failure in applying - the configuration - type: string + - name: v1 + schema: + openAPIV3Schema: + description: "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OperatorHubSpec defines the desired state of OperatorHub + type: object + properties: + disableAllDefaultSources: + description: disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source. + type: boolean + sources: + description: sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block. + type: array + items: + description: HubSource is used to specify the hub source and its configuration + type: object + properties: + disabled: + description: disabled is used to disable a default hub source on cluster + type: boolean + name: + description: name is the name of one of the default hub sources + type: string + maxLength: 253 + minLength: 1 + status: + description: OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here. + type: object + properties: + sources: + description: sources encapsulates the result of applying the configuration for each hub source + type: array + items: + description: HubSourceStatus is used to reflect the current state of applying the configuration to a default source + type: object + properties: + disabled: + description: disabled is used to disable a default hub source on cluster + type: boolean + message: + description: message provides more information regarding failures + type: string + name: + description: name is the name of one of the default hub sources + type: string + maxLength: 253 + minLength: 1 + status: + description: status indicates success or failure in applying the configuration + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml index ddd5d700d..8b6f46eea 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml @@ -1,103 +1,78 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: proxies.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: proxies.config.openshift.io spec: group: config.openshift.io - scope: Cluster names: kind: Proxy listKind: ProxyList plural: proxies singular: proxy + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Proxy holds cluster-wide information on how to configure default - proxies for the cluster. The canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the proxy configuration - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. Empty - means unset and will not result in an env var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. Empty means unset - and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used to verify - readiness of the proxy. - type: array - items: + - name: v1 + schema: + openAPIV3Schema: + description: "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the proxy configuration + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. type: string - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a - CA certificate bundle. The trustedCA field should only be consumed - by a proxy validator. The validator is responsible for reading the - certificate bundle from the required key \"ca-bundle.crt\", merging - it with the system default trust bundle, and writing the merged - trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections must use - the trusted-ca-bundle for all HTTPS requests to the proxy, and may - use the trusted-ca-bundle for non-proxy HTTPS requests as well. - \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". - Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - \ data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in an env var. + type: string + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml index bd730570c..609ee1987 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -1,260 +1,177 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: apiservers.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: apiservers.config.openshift.io spec: group: config.openshift.io - scope: Cluster names: kind: APIServer - singular: apiserver - plural: apiservers listKind: APIServerList + plural: apiservers + singular: apiserver + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - "openAPIV3Schema": - description: APIServer holds configuration (like serving certificates, client - CA and CORS domains) shared by all API servers in the system, among them - especially kube-apiserver and openshift-apiserver. The canonical name of - an instance is 'cluster'. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - additionalCORSAllowedOrigins: - description: additionalCORSAllowedOrigins lists additional, user-defined - regular expressions describing hosts for which the API server allows - access using the CORS headers. This may be needed to access the - API and the integrated OAuth server from JavaScript applications. - The values are regular expressions that correspond to the Golang - regular expression language. - type: array - items: - type: string - audit: - description: audit specifies the settings for audit configuration - to be applied to all OpenShift-provided API servers in the cluster. - type: object - default: - profile: Default - properties: - profile: - description: "profile specifies the name of the desired audit - policy configuration to be deployed to all OpenShift-provided - API servers in the cluster. \n The following profiles are provided: - - Default: the existing default policy. - WriteRequestBodies: - like 'Default', but logs request and response HTTP payloads - for write requests (create, update, patch). - AllRequestBodies: - like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). \n If unset, the - 'Default' profile is used as the default." - type: string - default: Default - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - clientCA: - description: 'clientCA references a ConfigMap containing a certificate - bundle for the signers that will be recognized for incoming client - certificates in addition to the operator managed signers. If this - is empty, then only operator managed signers are valid. You usually - only have to set this if you have your own PKI you wish to honor - client certificates from. The ConfigMap must exist in the openshift-config - namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - - CA bundle.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map + - name: v1 + schema: + openAPIV3Schema: + description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalCORSAllowedOrigins: + description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language. + type: array + items: type: string - encryption: - description: encryption allows the configuration of encryption of - resources at the datastore layer. - type: object - properties: - type: - description: "type defines what encryption type should be used - to encrypt resources at the datastore layer. When this field - is unset (i.e. when it is set to the empty string), identity - is implied. The behavior of unset can and will change over time. - \ Even if encryption is enabled by default, the meaning of unset - may change to a different encryption type based on changes in - best practices. \n When encryption is enabled, all sensitive - resources shipped with the platform are encrypted. This list - of sensitive resources can and will change over time. The current - authoritative list is: \n 1. secrets 2. configmaps 3. - routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io - \ 5. oauthauthorizetokens.oauth.openshift.io" - type: string - enum: - - "" - - identity - - aescbc - servingCerts: - description: servingCert is the TLS cert info for serving secure traffic. - If not specified, operator managed certificates will be used for - serving secure traffic. - type: object - properties: - namedCertificates: - description: namedCertificates references secrets containing the - TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates - match the server name as understood by a client, the defaultServingCertificate - will be used. - type: array - items: - description: APIServerNamedServingCert maps a server DNS name, - as understood by a client, to a certificate. + audit: + description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster. + type: object + default: + profile: Default + properties: + customRules: + description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies. + type: array + items: + description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile. + type: object + required: + - group + - profile + properties: + group: + description: group is a name of group a request user must be member of in order to this profile to apply. + type: string + minLength: 1 + profile: + description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default." + type: string + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + x-kubernetes-list-map-keys: + - group + x-kubernetes-list-type: map + profile: + description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: to raise a Red Hat support request, it is required to set this to Default, WriteRequestBodies, or AllRequestBodies to generate audit log events that can be analyzed by support. \n If unset, the 'Default' profile is used as the default." + type: string + default: Default + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + clientCA: + description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + encryption: + description: encryption allows the configuration of encryption of resources at the datastore layer. + type: object + properties: + type: + description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" + type: string + enum: + - "" + - identity + - aescbc + servingCerts: + description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic. + type: object + properties: + namedCertificates: + description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used. + type: array + items: + description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate. + type: object + properties: + names: + description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. + type: array + items: + type: string + servingCertificate: + description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsSecurityProfile: + description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12." + type: object + properties: + custom: + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" type: object properties: - names: - description: names is a optional list of explicit DNS names - (leading wildcards allowed) that should use this certificate - to serve secure traffic. If no names are provided, the - implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names - defined here trump over extracted implicit names. + ciphers: + description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" type: array items: type: string - servingCertificate: - description: 'servingCertificate references a kubernetes.io/tls - type secret containing the TLS cert info for serving secure - traffic. The secret must exist in the openshift-config - namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - - TLS certificate.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for externally exposed servers. \n If unset, a default (which may - change between releases) is chosen. Note that only Old and Intermediate - profiles are currently supported, and the maximum available MinTLSVersions - is VersionTLS12." - type: object - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - \ minTLSVersion: TLSv1.1" - type: object - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - type: array - items: + minTLSVersion: + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently - the highest minTLSVersion allowed is VersionTLS12" - type: string - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - nullable: true - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ minTLSVersion: TLSv1.2" - type: object - nullable: true - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." - type: object - nullable: true - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - \ - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - \ - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - \ - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - \ - AES128-SHA256 - AES256-SHA256 - AES128-SHA - - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" - type: object - nullable: true - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - type: string - enum: - - Old - - Intermediate - - Modern - - Custom - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + nullable: true + intermediate: + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + type: object + nullable: true + modern: + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + type: object + nullable: true + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + type: object + nullable: true + type: + description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries." + type: string + enum: + - Old + - Intermediate + - Modern + - Custom + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml index b90d578f3..bb695bac7 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -1,161 +1,101 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: authentications.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: authentications.config.openshift.io spec: group: config.openshift.io - scope: Cluster names: kind: Authentication listKind: AuthenticationList plural: authentications singular: authentication + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will result in the invalidation of - all bound tokens with the previous issuer value. Unless the holder - of a bound token has explicit support for a change in issuer, they - will not request a new bound token until pod restart or until their - existing token exceeds 80% of its duration.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - type: string - webhookTokenAuthenticator: - description: webhookTokenAuthenticator configures a remote token reviewer. - These remote authentication webhooks can be used to verify bearer - tokens via the tokenreviews.authentication.k8s.io REST API. This - is required to honor bearer tokens that are provisioned by an external - authentication service. - type: object - required: - - kubeConfig - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - type: object - required: + - name: v1 + schema: + openAPIV3Schema: + description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.' + type: object + required: - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - type: array - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + serviceAccountIssuer: + description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will result in the invalidation of all bound tokens with the previous issuer value. Unless the holder of a bound token has explicit support for a change in issuer, they will not request a new bound token until pod restart or until their existing token exceeds 80% of its duration.' + type: string + type: + description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth. + type: string + webhookTokenAuthenticator: + description: webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. type: object + required: + - kubeConfig properties: kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' + description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored." type: object required: - - name + - name properties: name: - description: name is the metadata.name of the referenced - secret + description: name is the metadata.name of the referenced secret type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string + webhookTokenAuthenticators: + description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect. + type: array + items: + description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. + type: object + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml index fd0eea93c..d4fdb9dcd 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml @@ -1,400 +1,271 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: builds.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: builds.config.openshift.io spec: group: config.openshift.io - scope: Cluster - preserveUnknownFields: false names: kind: Build - singular: build - plural: builds listKind: BuildList + plural: builds + singular: build + preserveUnknownFields: false + scope: Cluster versions: - - name: v1 - subresources: - status: {} - served: true - storage: true - "schema": - "openAPIV3Schema": - description: "Build configures the behavior of OpenShift builds for the entire - cluster. This includes default settings that can be overridden in BuildConfig - objects, and overrides which are applied to all builds. \n The canonical - name is \"cluster\"" - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the build controller - configuration - type: object - properties: - additionalTrustedCA: - description: "AdditionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted for image pushes and pulls - during builds. The namespace for this config map is openshift-config. - \n DEPRECATED: Additional CAs for image pull and push should be - set on image.config.openshift.io/cluster instead." - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - buildDefaults: - description: BuildDefaults controls the default information for Builds - type: object - properties: - defaultProxy: - description: "DefaultProxy contains the default proxy settings - for all build operations, including image pull/push and source - download. \n Values can be overrode by setting the `HTTP_PROXY`, - `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build - config's strategy." - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs for which the proxy should not be used. Empty - means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - type: array - items: + - name: v1 + schema: + openAPIV3Schema: + description: "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. \n The canonical name is \"cluster\" \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the build controller configuration + type: object + properties: + additionalTrustedCA: + description: "AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config. \n DEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead." + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + buildDefaults: + description: BuildDefaults controls the default information for Builds + type: object + properties: + defaultProxy: + description: "DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download. \n Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy." + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in an env var. type: string - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only - be consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key - \"ca-bundle.crt\", merging it with the system default trust - bundle, and writing the merged trust bundle to a ConfigMap - named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections - must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy - HTTPS requests as well. \n The namespace for the ConfigMap - referenced by trustedCA is \"openshift-config\". Here is - an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - \ data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- - \ Custom CA certificate bundle. -----END CERTIFICATE-----" + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + env: + description: Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build + type: array + items: + description: EnvVar represents an environment variable present in a Container. type: object required: - - name + - name properties: name: - description: name is the metadata.name of the referenced - config map + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string - env: - description: Env is a set of default environment variables that - will be applied to the build if the specified variables do not - exist on the build - type: array - items: - description: EnvVar represents an environment variable present - in a Container. + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + gitProxy: + description: "GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. \n Values that are not set here will be inherited from DefaultProxy." type: object - required: - - name properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' + noProxy: + description: noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in an env var. type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + type: array + items: + type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" type: object + required: + - name properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - gitProxy: - description: "GitProxy contains the proxy settings for git operations - only. If set, this will override any Proxy settings for all - git commands, such as git clone. \n Values that are not set - here will be inherited from DefaultProxy." - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs for which the proxy should not be used. Empty - means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - type: array - items: - type: string - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only - be consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key - \"ca-bundle.crt\", merging it with the system default trust - bundle, and writing the merged trust bundle to a ConfigMap - named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections - must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy - HTTPS requests as well. \n The namespace for the ConfigMap - referenced by trustedCA is \"openshift-config\". Here is - an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - \ data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- - \ Custom CA certificate bundle. -----END CERTIFICATE-----" + name: + description: name is the metadata.name of the referenced config map + type: string + imageLabels: + description: ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig. + type: array + items: type: object - required: - - name properties: name: - description: name is the metadata.name of the referenced - config map + description: Name defines the name of the label. It must have non-zero length. + type: string + value: + description: Value defines the literal value of the label. type: string - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. User can override a default label by - providing a label with the same name in their Build/BuildConfig. - type: array - items: + resources: + description: Resources defines resource requirements to execute the build. type: object properties: - name: - description: Name defines the name of the label. It must - have non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string - resources: - description: Resources defines resource requirements to execute - the build. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + buildOverrides: + description: BuildOverrides controls override settings for builds + type: object + properties: + forcePull: + description: ForcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself + type: boolean + imageLabels: + description: ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten. + type: array + items: type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - buildOverrides: - description: BuildOverrides controls override settings for builds - type: object - properties: - forcePull: - description: ForcePull overrides, if set, the equivalent value - in the builds, i.e. false disables force pull for all builds, - true enables force pull for all builds, independently of what - each build specifies itself - type: boolean - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. If user provided a label in their Build/BuildConfig - with the same name as one in this list, the user's label will - be overwritten. - type: array - items: - type: object - properties: - name: - description: Name defines the name of the label. It must - have non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string - nodeSelector: - description: NodeSelector is a selector which must be true for - the build pod to fit on a node - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations is a list of Tolerations that will override - any existing tolerations set on a build pod. - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + properties: + name: + description: Name defines the name of the label. It must have non-zero length. + type: string + value: + description: Value defines the literal value of the label. + type: string + nodeSelector: + description: NodeSelector is a selector which must be true for the build pod to fit on a node type: object - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string + additionalProperties: + type: string + tolerations: + description: Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod. + type: array + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml index d7084ba8f..188b45e01 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml @@ -1,73 +1,57 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: consoles.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: consoles.config.openshift.io spec: - scope: Cluster group: config.openshift.io names: kind: Console listKind: ConsoleList plural: consoles singular: console + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Console holds cluster-wide configuration for the web console, - including the logout URL, and reports the public URL of the console. The - canonical name is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - authentication: - description: ConsoleAuthentication defines a list of optional configuration - for console authentication. - type: object - properties: - logoutRedirect: - description: 'An optional, absolute URL to redirect web browsers - to after logging out of the console. If not specified, it will - redirect to the default login page. This is required when using - an identity provider that supports single sign-on (SSO) such - as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, - SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console - will destroy the user''s token. The logoutRedirect provides - the user the option to perform single logout (SLO) through the - identity provider to destroy their single sign-on session.' - type: string - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - consoleURL: - description: The URL for the console. This will be derived from the - host for the route that is created for the console. - type: string + - name: v1 + schema: + openAPIV3Schema: + description: "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + authentication: + description: ConsoleAuthentication defines a list of optional configuration for console authentication. + type: object + properties: + logoutRedirect: + description: 'An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user''s token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.' + type: string + pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + consoleURL: + description: The URL for the console. This will be derived from the host for the route that is created for the console. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml index c05562e64..e4fa56eee 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml @@ -1,11 +1,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: dnses.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: dnses.config.openshift.io spec: group: config.openshift.io names: @@ -15,89 +16,57 @@ spec: singular: dns scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "schema": - "openAPIV3Schema": - description: DNS holds cluster-wide information about DNS. The canonical name - is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. All managed - DNS records will be sub-domains of this base. \n For example, given - the base domain `openshift.example.com`, an API server DNS record - may be created for `cluster-api.openshift.example.com`. \n Once - set, this field cannot be changed." - type: string - privateZone: - description: "privateZone is the location where all the DNS records - that are only available internally to the cluster exist. \n If this - field is nil, no private records should be created. \n Once set, - this field cannot be changed." - type: object - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - additionalProperties: + - name: v1 + schema: + openAPIV3Schema: + description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + baseDomain: + description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed." + type: string + privateZone: + description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" type: string - publicZone: - description: "publicZone is the location where all the DNS records - that are publicly accessible to the internet exist. \n If this field - is nil, no public records should be created. \n Once set, this field - cannot be changed." - type: object - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - additionalProperties: + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + publicZone: + description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml index 8bba554b4..5254d0ce2 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml @@ -1,78 +1,63 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: featuregates.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: featuregates.config.openshift.io spec: group: config.openshift.io - scope: Cluster names: kind: FeatureGate listKind: FeatureGateList plural: featuregates singular: featuregate + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Feature holds cluster-wide information about feature gates. The - canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - customNoUpgrade: - description: customNoUpgrade allows the enabling or disabling of any - feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE - UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting - cannot be validated. If you have any typos or accidentally apply - invalid combinations your cluster may fail in an unrecoverable way. featureSet - must equal "CustomNoUpgrade" must be set to use this field. - type: object - properties: - disabled: - description: disabled is a list of all feature gates that you - want to force off - type: array - items: - type: string - enabled: - description: enabled is a list of all feature gates that you want - to force on - type: array - items: - type: string - nullable: true - featureSet: - description: featureSet changes the list of features in the cluster. The - default is empty. Be very careful adjusting this setting. Turning - on or off features may cause irreversible changes in your cluster - which cannot be undone. - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + - name: v1 + schema: + openAPIV3Schema: + description: "Feature holds cluster-wide information about feature gates. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + customNoUpgrade: + description: customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. + type: object + properties: + disabled: + description: disabled is a list of all feature gates that you want to force off + type: array + items: + type: string + enabled: + description: enabled is a list of all feature gates that you want to force on + type: array + items: + type: string + nullable: true + featureSet: + description: featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone. + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml index 35ed9bf17..a160fef40 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml @@ -1,161 +1,108 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: images.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: images.config.openshift.io spec: group: config.openshift.io - scope: Cluster - preserveUnknownFields: false names: kind: Image - singular: image - plural: images listKind: ImageList + plural: images + singular: image + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Image governs policies related to imagestream imports and runtime - configuration for external registries. It allows cluster admins to configure - which registries OpenShift is allowed to import images from, extra CA trust - bundles for external registries, and policies to block or allow registry hostnames. - When exposing OpenShift's image registry to the public, this also lets cluster - admins specify the external hostname. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration + - name: v1 + schema: + openAPIV3Schema: + description: "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." type: object + required: + - spec properties: - additionalTrustedCA: - description: additionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted during imagestream import, pod - image pull, build image pull, and imageregistry pullthrough. The namespace - for this config map is openshift-config. + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - allowedRegistriesForImport: - description: allowedRegistriesForImport limits the container image registries - that normal users may import images from. Set this list to the registries - that you trust to contain valid Docker images and that you want applications - to be able to import from. Users with permission to create Images - or ImageStreamMappings via the API are not affected by this policy - - typically only administrators or system integrations will have those - permissions. - type: array - items: - description: RegistryLocation contains a location of the registry - specified by the registry domain name. The domain name might include - wildcards, like '*' or '??'. - type: object - properties: - domainName: - description: domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the - port should be included in the domain name as well. - type: string - insecure: - description: insecure indicates whether the registry is secure - (https) or insecure (http) By default (if not specified) the - registry is assumed as secure. - type: boolean - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for the - default external image registry. The external hostname should be set - only when the image registry is exposed externally. The first value - is used in 'publicDockerImageRepository' field in ImageStreams. The - value must be in "hostname[:port]" format. - type: array - items: - type: string - registrySources: - description: registrySources contains configuration that determines - how the container runtime should treat individual registries when - accessing images for builds+pods. (e.g. whether or not to allow insecure - access). It does not contain configuration for the internal cluster - registry. + spec: + description: spec holds user settable values for configuration type: object properties: - allowedRegistries: - description: "allowedRegistries are the only registries permitted - for image pull and push actions. All other registries are denied. - \n Only one of BlockedRegistries or AllowedRegistries may be set." - type: array - items: - type: string - blockedRegistries: - description: "blockedRegistries cannot be used for image pull and - push actions. All other registries are permitted. \n Only one - of BlockedRegistries or AllowedRegistries may be set." + additionalTrustedCA: + description: additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + allowedRegistriesForImport: + description: allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions. type: array items: - type: string - containerRuntimeSearchRegistries: - description: 'containerRuntimeSearchRegistries are registries that - will be searched when pulling images that do not have fully qualified - domains in their pull specs. Registries will be searched in the - order provided in the list. Note: this search list only works - with the container runtime, i.e CRI-O. Will NOT work with builds - or imagestream imports.' + description: RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'. + type: object + properties: + domainName: + description: domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well. + type: string + insecure: + description: insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure. + type: boolean + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format. type: array - format: hostname - minItems: 1 items: type: string - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do not have - a valid TLS certificates or only support HTTP connections. + registrySources: + description: registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry. + type: object + properties: + allowedRegistries: + description: "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. \n Only one of BlockedRegistries or AllowedRegistries may be set." + type: array + items: + type: string + blockedRegistries: + description: "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. \n Only one of BlockedRegistries or AllowedRegistries may be set." + type: array + items: + type: string + containerRuntimeSearchRegistries: + description: 'containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.' + type: array + format: hostname + minItems: 1 + items: + type: string + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. + type: array + items: + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in "hostname[:port]" format. type: array items: type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for the - default external image registry. The external hostname should be set - only when the image registry is exposed externally. The first value - is used in 'publicDockerImageRepository' field in ImageStreams. The - value must be in "hostname[:port]" format. - type: array - items: - type: string - internalRegistryHostname: - description: internalRegistryHostname sets the hostname for the default - internal image registry. The value must be in "hostname[:port]" format. - This value is set by the image registry operator which controls the - internal registry hostname. For backward compatibility, users can - still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this - setting overrides the environment variable. - type: string + internalRegistryHostname: + description: internalRegistryHostname sets the hostname for the default internal image registry. The value must be in "hostname[:port]" format. This value is set by the image registry operator which controls the internal registry hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this setting overrides the environment variable. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml index d8623cd85..63eefa341 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -1,11 +1,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: infrastructures.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: infrastructures.config.openshift.io spec: group: config.openshift.io names: @@ -15,488 +16,137 @@ spec: singular: infrastructure scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Infrastructure holds cluster-wide information about Infrastructure. The - canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration file is - used to configure the Kubernetes cloud provider integration when - using the built-in cloud provider integration or the external cloud - controller manager. The namespace for this config map is openshift-config. - \n cloudConfig should only be consumed by the kube_cloud_config - controller. The controller is responsible for using the user configuration - in the spec for various platforms and combining that with the user - provided ConfigMap in this field to create a stitched kube cloud - config. The controller generates a ConfigMap `kube-cloud-config` - in `openshift-config-managed` namespace with the kube cloud config - is stored in `cloud.conf` key. All the clients are expected to use - the generated ConfigMap only." - type: object - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - type: object - properties: - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - type: object - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - type: array - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - type: object - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - type: string - pattern: ^[a-z0-9-]+$ - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - type: string - pattern: ^https:// - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", "KubeVirt", "EquinixMetal", and "None". - Individual components may not support all platforms, and must - handle unrecognized platforms as None if they do not support - that platform. - type: string - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be - used by components like the web console to tell users where to find - the Kubernetes API. - type: string - controlPlaneTopology: - description: controlPlaneTopology expresses the expectations for operands - that normally run on control nodes. The default is 'HighlyAvailable', - which represents the behavior operators have in a "normal" cluster. - The 'SingleReplica' mode will be used in single-node deployments - and the operators should not configure the operand for highly-available - operation - type: string - default: HighlyAvailable - enum: - - HighlyAvailable - - SingleReplica - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the - SRV records for discovering etcd servers and clients. For more info: - https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with - a human friendly name. Once set it should not be changed. Must be - of max length 27 and must have only alphanumeric or hyphen characters. - type: string - infrastructureTopology: - description: infrastructureTopology expresses the expectations for - infrastructure services that do not run on control plane nodes, - usually indicated by a node selector for a `role` value other than - `master`. The default is 'HighlyAvailable', which represents the - behavior operators have in a "normal" cluster. The 'SingleReplica' - mode will be used in single-node deployments and the operators should - not configure the operand for highly-available operation - type: string - default: HighlyAvailable - enum: - - HighlyAvailable - - SingleReplica - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - type: string - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - type: object - properties: - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - type: object - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports a - maximum of 50 tags per resource. OpenShift reserves 25 tags - for its use, leaving 25 tags available for the user. - type: array - maxItems: 25 - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - type: object - required: - - key - - value - properties: - key: - description: key is the key of the tag - type: string - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - value: - description: value is the value of the tag. Some AWS - service do not support empty values. Since tags are - added to resources in many services, the length of - the tag value must meet the requirements of all services. - type: string - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - type: array - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - type: object - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - type: string - pattern: ^[a-z0-9-]+$ - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - type: string - pattern: ^https:// - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - properties: - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - type: string - enum: + - name: v1 + schema: + openAPIV3Schema: + description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only." + type: object + properties: + key: + description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. + type: string + name: + type: string + platformSpec: + description: platformSpec holds desired information specific to the underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + type: object + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + type: + description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. + type: string + enum: - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for BareMetal deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - properties: - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - properties: - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for OpenStack deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", - \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", and - \"None\". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they do not - support that platform. \n This value will be synced with to - the `status.platform` and `status.platformStatus.type`. Currently - this value cannot be changed once set." - type: string - enum: + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + type: object + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API. + type: string + controlPlaneTopology: + description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + type: string + default: HighlyAvailable + enum: + - HighlyAvailable + - SingleReplica + - External + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.' + type: string + default: HighlyAvailable + enum: + - HighlyAvailable + - SingleReplica + platform: + description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead." + type: string + enum: - "" - AWS - Azure @@ -510,32 +160,197 @@ spec: - IBMCloud - KubeVirt - EquinixMetal - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for vSphere deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string + platformStatus: + description: platformStatus holds status information specific to the underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + type: object + properties: + region: + description: region holds the default AWS region for new AWS resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user. + type: array + maxItems: 25 + items: + description: AWSResourceTag is a tag to apply to AWS resources created for the cluster. + type: object + required: + - key + - value + properties: + key: + description: key is the key of the tag + type: string + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + value: + description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. + type: string + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + type: string + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. + type: string + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + properties: + projectID: + description: resourceGroupName is the Project ID for new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources created for the cluster. + type: string + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. + type: string + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + cloudName: + description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.' + type: string + type: + description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml index 7c1b4f6d7..8c60875d8 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml @@ -1,11 +1,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: ingresses.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: ingresses.config.openshift.io spec: group: config.openshift.io names: @@ -15,285 +16,252 @@ spec: singular: ingress scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "schema": - "openAPIV3Schema": - description: Ingress holds cluster-wide information about ingress, including - the default ingress domain used for routes. The canonical name is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - appsDomain: - description: appsDomain is an optional domain to use instead of the - one specified in the domain field when a Route is created without - specifying an explicit host. If appsDomain is nonempty, this value - is used to generate default host values for Route. Unlike domain, - appsDomain may be modified after installation. This assumes a new - ingresscontroller has been setup with a wildcard certificate. - type: string - componentRoutes: - description: "componentRoutes is an optional list of routes that are - managed by OpenShift components that a cluster-admin is able to - configure the hostname and serving certificate for. The namespace - and name of each route in this list should match an existing entry - in the status.componentRoutes list. \n To determine the set of configurable - Routes, look at namespace and name of entries in the .status.componentRoutes - list, where participating operators write the status of configurable - routes." - type: array - items: - description: ComponentRouteSpec allows for configuration of a route's - hostname and serving certificate. - type: object - required: - - hostname - - name - - namespace - properties: - hostname: - description: hostname is the hostname that should be used by - the route. - type: string - format: hostname - name: - description: "name is the logical name of the route to customize. - \n The namespace and name of this componentRoute must match - a corresponding entry in the list of status.componentRoutes - if the route is to be customized." - type: string - maxLength: 256 - minLength: 1 - namespace: - description: "namespace is the namespace of the route to customize. - \n The namespace and name of this componentRoute must match - a corresponding entry in the list of status.componentRoutes - if the route is to be customized." - type: string - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - servingCertKeyPairSecret: - description: servingCertKeyPairSecret is a reference to a secret - of type `kubernetes.io/tls` in the openshift-config namespace. - The serving cert/key pair must match and will be used by the - operator to fulfill the intent of serving with this name. - If the custom hostname uses the default routing suffix of - the cluster, the Secret specification for a serving certificate - will not be needed. - type: object - required: + - name: v1 + schema: + openAPIV3Schema: + description: "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + appsDomain: + description: appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate. + type: string + componentRoutes: + description: "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list. \n To determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes." + type: array + items: + description: ComponentRouteSpec allows for configuration of a route's hostname and serving certificate. + type: object + required: + - hostname - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - domain: - description: "domain is used to generate a default host name for a - route when the route's host name is empty. The generated host name - will follow this pattern: \"..\". - \n It is also used as the default wildcard domain suffix for ingress. - The default ingresscontroller domain will follow this pattern: \"*.\". - \n Once set, changing domain is not currently supported." - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - componentRoutes: - description: componentRoutes is where participating operators place - the current route status for routes whose hostnames and serving - certificates can be customized by the cluster-admin. - type: array - items: - description: ComponentRouteStatus contains information allowing - configuration of a route's hostname and serving certificate. - type: object - required: - - defaultHostname - - name - - namespace - - relatedObjects - properties: - conditions: - description: "conditions are used to communicate the state of - the componentRoutes entry. \n Supported conditions include - Available, Degraded and Progressing. \n If available is true, - the content served by the route can be accessed by users. - This includes cases where a default may continue to serve - content while the customized route specified by the cluster-admin - is being configured. \n If Degraded is true, that means something - has gone wrong trying to handle the componentRoutes entry. - The currentHostnames field may or may not be in effect. \n - If Progressing is true, that means the component is taking - some action related to the componentRoutes entry." - type: array - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, type FooStatus struct{ - \ // Represents the observations of a foo's current state. - \ // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // - +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, - Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - consumingUsers: - description: consumingUsers is a slice of ServiceAccounts that - need to have read permission on the servingCertKeyPairSecret - secret. - type: array - maxItems: 5 - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. + - namespace + properties: + hostname: + description: hostname is the hostname that should be used by the route. type: string - maxLength: 512 + format: hostname + name: + description: "name is the logical name of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized." + type: string + maxLength: 256 minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - currentHostnames: - description: currentHostnames is the list of current names used - by the route. Typically, this list should consist of a single - hostname, but if multiple hostnames are supported by the route - the operator may write multiple entries to this list. - type: array - minItems: 1 - items: - description: Hostname is an alias for hostname string validation. + namespace: + description: "namespace is the namespace of the route to customize. \n The namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized." type: string - format: hostname - defaultHostname: - description: defaultHostname is the hostname of this route prior - to customization. - type: string - format: hostname - name: - description: "name is the logical name of the route to customize. - It does not have to be the actual name of a route resource - but it cannot be renamed. \n The namespace and name of this - componentRoute must match a corresponding entry in the list - of spec.componentRoutes if the route is to be customized." - type: string - maxLength: 256 - minLength: 1 - namespace: - description: "namespace is the namespace of the route to customize. - It must be a real namespace. Using an actual namespace ensures - that no two components will conflict and the same component - can be installed multiple times. \n The namespace and name - of this componentRoute must match a corresponding entry in - the list of spec.componentRoutes if the route is to be customized." - type: string - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - relatedObjects: - description: relatedObjects is a list of resources which are - useful when debugging or inspecting how spec.componentRoutes - is applied. - type: array - minItems: 1 - items: - description: ObjectReference contains enough information to - let you inspect or modify the referred object. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + servingCertKeyPairSecret: + description: servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. type: object required: - - group - - name - - resource + - name properties: - group: - description: group of the referent. - type: string name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. + description: name is the metadata.name of the referenced secret type: string + domain: + description: "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\". \n It is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\". \n Once set, changing domain is not currently supported." + type: string + requiredHSTSPolicies: + description: "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission. \n A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains \n - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation. \n The HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. \n Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid." + type: array + items: + type: object + properties: + domainPatterns: + description: "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. \n The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. kubebuilder:validation:MinLength=1" + type: array + items: + type: string + includeSubDomainsPolicy: + description: 'includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host''s domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com' + type: string + enum: + - RequireIncludeSubDomains + - RequireNoIncludeSubDomains + - NoOpinion + maxAge: + description: maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client. + type: object + properties: + largestMaxAge: + description: The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced. kubebuilder:validation:minimum=0:maximum=2147483647 + type: integer + format: int32 + smallestMaxAge: + description: The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced. kubebuilder:validation:minimum=0:maximum=2147483647 + type: integer + format: int32 + namespaceSelector: + description: namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + preloadPolicy: + description: preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent). + type: string + enum: + - RequirePreload + - RequireNoPreload + - NoOpinion + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + componentRoutes: + description: componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin. + type: array + items: + description: ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate. + type: object + required: + - defaultHostname + - name + - namespace + - relatedObjects + properties: + conditions: + description: "conditions are used to communicate the state of the componentRoutes entry. \n Supported conditions include Available, Degraded and Progressing. \n If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. \n If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. \n If Progressing is true, that means the component is taking some action related to the componentRoutes entry." + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + consumingUsers: + description: consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret. + type: array + maxItems: 5 + items: + description: ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported. + type: string + maxLength: 512 + minLength: 1 + pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + currentHostnames: + description: currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list. + type: array + minItems: 1 + items: + description: Hostname is an alias for hostname string validation. + type: string + format: hostname + defaultHostname: + description: defaultHostname is the hostname of this route prior to customization. + type: string + format: hostname + name: + description: "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized." + type: string + maxLength: 256 + minLength: 1 + namespace: + description: "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times. \n The namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized." + type: string + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + relatedObjects: + description: relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied. + type: array + minItems: 1 + items: + description: ObjectReference contains enough information to let you inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml index 10eb476ed..0056dc60f 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml @@ -1,11 +1,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: networks.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: networks.config.openshift.io spec: group: config.openshift.io names: @@ -13,160 +14,118 @@ spec: listKind: NetworkList plural: networks singular: network - scope: Cluster preserveUnknownFields: false + scope: Cluster versions: - - name: v1 - served: true - storage: true - "schema": - "openAPIV3Schema": - description: 'Network holds cluster-wide information about Network. The canonical - name is `cluster`. It is used to configure the desired network configuration, - such as: IP address pools for services/pod IPs, network plugin, etc. Please - view network.spec for an explanation on what applies when configuring this - resource.' - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration. As a general - rule, this SHOULD NOT be read directly. Instead, you should consume - the NetworkStatus, as it indicates the currently deployed configuration. - Currently, most spec fields are immutable after installation. Please - view the individual ones for further details on each. - type: object - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. This field is immutable - after installation. - type: array - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. + - name: v1 + schema: + openAPIV3Schema: + description: "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. + type: object + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. This field is immutable after installation. + type: array + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated. + type: object + properties: + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset. + type: integer + format: int32 + minimum: 0 + externalIP: + description: externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set. type: object properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - type: integer - format: int32 - minimum: 0 - externalIP: - description: externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is not allowed - to be set. - type: object - properties: - autoAssignCIDRs: - description: autoAssignCIDRs is a list of CIDRs from which to - automatically assign Service.ExternalIP. These are assigned - when the service is of type LoadBalancer. In general, this is - only useful for bare-metal clusters. In Openshift 3.x, this - was misleadingly called "IngressIPs". Automatically assigned - External IPs are not affected by any ExternalIPPolicy rules. - Currently, only one entry may be provided. - type: array - items: - type: string - policy: - description: policy is a set of restrictions applied to the ExternalIP - field. If nil or empty, then ExternalIP is not allowed to be - set. + autoAssignCIDRs: + description: autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called "IngressIPs". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided. + type: array + items: + type: string + policy: + description: policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set. + type: object + properties: + allowedCIDRs: + description: allowedCIDRs is the list of allowed CIDRs. + type: array + items: + type: string + rejectedCIDRs: + description: rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs. + type: array + items: + type: string + networkType: + description: 'NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.' + type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation. + type: array + items: + type: string + serviceNodePortRange: + description: The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed. + type: string + pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + clusterNetwork: + description: IP address pool to use for pod IPs. + type: array + items: + description: ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated. type: object properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - type: array - items: - type: string - rejectedCIDRs: - description: rejectedCIDRs is the list of disallowed CIDRs. - These take precedence over allowedCIDRs. - type: array - items: - type: string - networkType: - description: 'NetworkType is the plugin that is to be deployed (e.g. - OpenShiftSDN). This should match a value that the cluster-network-operator - understands, or else no networking will be installed. Currently - supported values are: - OpenShiftSDN This field is immutable after - installation.' - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. This field is immutable after installation. - type: array - items: - type: string - serviceNodePortRange: - description: The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. Such - Services without a NodePort specified will have one automatically - allocated from this range. This parameter can be updated after the - cluster is installed. - type: string - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. - type: array - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. + cidr: + description: The complete block for pod IPs. + type: string + hostPrefix: + description: The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset. + type: integer + format: int32 + minimum: 0 + clusterNetworkMTU: + description: ClusterNetworkMTU is the MTU for inter-pod networking. + type: integer + migration: + description: Migration contains the cluster network migration configuration. type: object properties: - cidr: - description: The complete block for pod IPs. + networkType: + description: 'NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes' type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - type: integer - format: int32 - minimum: 0 - clusterNetworkMTU: - description: ClusterNetworkMTU is the MTU for inter-pod networking. - type: integer - migration: - description: Migration contains the cluster network migration configuration. - type: object - properties: - networkType: - description: 'NetworkType is the target plugin that is to be deployed. - Currently supported values are: OpenShiftSDN, OVNKubernetes' - type: string - enum: - - OpenShiftSDN - - OVNKubernetes - networkType: - description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. - type: array - items: + enum: + - OpenShiftSDN + - OVNKubernetes + networkType: + description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). type: string + serviceNetwork: + description: IP address pool for services. Currently, we only support a single entry here. + type: array + items: + type: string + served: true + storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml index d3097b874..1f75769db 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml @@ -1,676 +1,432 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: oauths.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: oauths.config.openshift.io spec: group: config.openshift.io - scope: Cluster names: kind: OAuth listKind: OAuthList plural: oauths singular: oauth + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: OAuth holds cluster-wide information about OAuth. The canonical - name is `cluster`. It is used to configure the integrated OAuth server. - This configuration is only honored when the top level Authentication config - has type set to IntegratedOAuth. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - identityProviders: - description: identityProviders is an ordered list of ways for a user - to identify themselves. When this list is empty, no identities are - provisioned for users. - type: array - items: - description: IdentityProvider provides identities for users authenticating - using credentials - type: object - properties: - basicAuth: - description: basicAuth contains configuration options for the - BasicAuth IdP - type: object - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a - secret by name that contains the PEM-encoded TLS client - certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a - secret by name that contains the PEM-encoded TLS private - key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - url: - description: url is the remote URL to connect to - type: string - github: - description: github enables user authentication using GitHub - credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. This can only be configured when hostname is set - to a non-empty value. The namespace for this config map - is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map + - name: v1 + schema: + openAPIV3Schema: + description: "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + identityProviders: + description: identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users. + type: array + items: + description: IdentityProvider provides identities for users authenticating using credentials + type: object + properties: + basicAuth: + description: basicAuth contains configuration options for the BasicAuth IdP + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: url is the remote URL to connect to + type: string + github: + description: github enables user authentication using GitHub credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations are allowed to log in + type: array + items: type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + teams: + description: teams optionally restricts which teams are allowed to log in. Format is /. + type: array + items: type: string - hostname: - description: hostname is the optional domain (e.g. "mycompany.com") - for use with a hosted instance of GitHub Enterprise. It - must match the GitHub Enterprise settings value configured - at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts which organizations - are allowed to log in - type: array - items: + gitlab: + description: gitlab enables user authentication using GitLab credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + clientID: + description: clientID is the oauth client ID type: string - teams: - description: teams optionally restricts which teams are - allowed to log in. Format is /. - type: array - items: + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: url is the oauth server base URL type: string - gitlab: - description: gitlab enables user authentication using GitLab - credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map + google: + description: google enables user authentication using Google credentials + type: object + properties: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + hostedDomain: + description: hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to + type: string + htpasswd: + description: htpasswd enables user authentication using an HTPasswd file to validate credentials + type: object + properties: + fileData: + description: fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key "htpasswd" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + keystone: + description: keystone enables user authentication using keystone password credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key "tls.crt" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key "tls.key" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: url is the remote URL to connect to + type: string + ldap: + description: ldap enables user authentication using LDAP credentials + type: object + properties: + attributes: + description: attributes maps LDAP attributes to identities + type: object + properties: + email: + description: email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity + type: array + items: + type: string + id: + description: id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is "dn" + type: array + items: + type: string + name: + description: name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is "cn" + type: array + items: + type: string + preferredUsername: + description: preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is "uid" + type: array + items: + type: string + bindDN: + description: bindDN is an optional DN to bind with during the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key "bindPassword" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + insecure: + description: 'insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always attempt to connect using TLS, even when `insecure` is set to `true` When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter' + type: string + mappingMethod: + description: mappingMethod determines how identities from this provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca.crt" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + claims: + description: claims mappings + type: object + properties: + email: + description: email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity + type: array + items: + type: string + name: + description: name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity + type: array + items: + type: string + preferredUsername: + description: preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim + type: array + items: + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the secret by name containing the oauth client secret. The key "clientSecret" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + extraAuthorizeParameters: + description: extraAuthorizeParameters are any custom parameters to add to the authorize request. + type: object + additionalProperties: type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + extraScopes: + description: extraScopes are any scopes to request in addition to the standard "openid" scope. + type: array + items: type: string - url: - description: url is the oauth server base URL - type: string - google: - description: google enables user authentication using Google - credentials - type: object - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + issuer: + description: issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component. + type: string + requestHeader: + description: requestHeader enables user authentication using request header credentials + type: object + properties: + ca: + description: ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key "ca.crt" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + challengeURL: + description: challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when challenge is set to true. + type: string + clientCommonNames: + description: clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative. + type: array + items: type: string - hostedDomain: - description: hostedDomain is the optional Google App domain - (e.g. "mycompany.com") to restrict logins to - type: string - htpasswd: - description: htpasswd enables user authentication using an HTPasswd - file to validate credentials - type: object - properties: - fileData: - description: fileData is a required reference to a secret - by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. If the specified htpasswd data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + emailHeaders: + description: emailHeaders is the set of headers to check for the email address + type: array + items: type: string - keystone: - description: keystone enables user authentication using keystone - password credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map + headers: + description: headers is the set of headers to check for identity information + type: array + items: type: string - domainName: - description: domainName is required for keystone v3 - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a - secret by name that contains the PEM-encoded TLS client - certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + loginURL: + description: loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when login is set to true. + type: string + nameHeaders: + description: nameHeaders is the set of headers to check for the display name + type: array + items: type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a - secret by name that contains the PEM-encoded TLS private - key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers to check for the preferred username + type: array + items: type: string - url: - description: url is the remote URL to connect to - type: string - ldap: - description: ldap enables user authentication using LDAP credentials + type: + description: type identifies the identity provider type for this entry. + type: string + templates: + description: templates allow you to customize pages like the login page. + type: object + properties: + error: + description: error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key "errors.html" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config. type: object + required: + - name properties: - attributes: - description: attributes maps LDAP attributes to identities - type: object - properties: - email: - description: email is the list of attributes whose values - should be used as the email address. Optional. If - unspecified, no email is set for the identity - type: array - items: - type: string - id: - description: id is the list of attributes whose values - should be used as the user ID. Required. First non-empty - attribute is used. At least one attribute is required. - If none of the listed attribute have a value, authentication - fails. LDAP standard identity attribute is "dn" - type: array - items: - type: string - name: - description: name is the list of attributes whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity LDAP standard - display name attribute is "cn" - type: array - items: - type: string - preferredUsername: - description: preferredUsername is the list of attributes - whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - type: array - items: - type: string - bindDN: - description: bindDN is an optional DN to bind with during - the search phase. + name: + description: name is the metadata.name of the referenced secret type: string - bindPassword: - description: bindPassword is an optional reference to a - secret by name containing a password to bind with during - the search phase. The key "bindPassword" is used to locate - the data. If specified and the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - insecure: - description: 'insecure, if true, indicates the connection - should not use TLS WARNING: Should not be set to `true` - with the URL scheme "ldaps://" as "ldaps://" URLs always attempt - to connect using TLS, even when `insecure` is set to `true` - When `true`, "ldap://" URLS connect insecurely. When `false`, - "ldap://" URLs are upgraded to a TLS connection using - StartTLS as specified in https://tools.ietf.org/html/rfc2830.' - type: boolean - url: - description: 'url is an RFC 2255 URL which specifies the - LDAP search parameters to use. The syntax of the URL is: - ldap://host:port/basedn?attribute?scope?filter' - type: string - mappingMethod: - description: mappingMethod determines how identities from this - provider are mapped to users Defaults to "claim" - type: string - name: - description: 'name is used to qualify the identities returned - by this provider. - It MUST be unique and not shared by any - other identity provider used - It MUST be a valid path segment: - name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: - https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' - type: string - openID: - description: openID enables user authentication using OpenID - credentials + login: + description: login is the name of a secret that specifies a go template to use to render the login page. The key "login.html" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config. type: object + required: + - name properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - claims: - description: claims mappings - type: object - properties: - email: - description: email is the list of claims whose values - should be used as the email address. Optional. If - unspecified, no email is set for the identity - type: array - items: - type: string - name: - description: name is the list of claims whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity - type: array - items: - type: string - preferredUsername: - description: preferredUsername is the list of claims - whose values should be used as the preferred username. - If unspecified, the preferred username is determined - from the value of the sub claim - type: array - items: - type: string - clientID: - description: clientID is the oauth client ID + name: + description: name is the metadata.name of the referenced secret type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - extraAuthorizeParameters: - description: extraAuthorizeParameters are any custom parameters - to add to the authorize request. - type: object - additionalProperties: - type: string - extraScopes: - description: extraScopes are any scopes to request in addition - to the standard "openid" scope. - type: array - items: - type: string - issuer: - description: issuer is the URL that the OpenID Provider - asserts as its Issuer Identifier. It must use the https - scheme with no query or fragment component. - type: string - requestHeader: - description: requestHeader enables user authentication using - request header credentials + providerSelection: + description: providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key "providers.html" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config. type: object + required: + - name properties: - ca: - description: ca is a required reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. Specifically, it allows verification - of incoming requests to prevent header spoofing. The key - "ca.crt" is used to locate the data. If the config map - or expected key is not found, the identity provider is - not honored. If the specified ca data is not valid, the - identity provider is not honored. The namespace for this - config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - challengeURL: - description: challengeURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect WWW-Authenticate challenges will - be redirected here. ${url} is replaced with the current - URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. + name: + description: name is the metadata.name of the referenced secret type: string - clientCommonNames: - description: clientCommonNames is an optional list of common - names to require a match from. If empty, any client certificate - validated against the clientCA bundle is considered authoritative. - type: array - items: - type: string - emailHeaders: - description: emailHeaders is the set of headers to check - for the email address - type: array - items: - type: string - headers: - description: headers is the set of headers to check for - identity information - type: array - items: - type: string - loginURL: - description: loginURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect interactive logins will be redirected - here ${url} is replaced with the current URL, escaped - to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to check - for the display name - type: array - items: - type: string - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set of headers - to check for the preferred username - type: array - items: - type: string - type: - description: type identifies the identity provider type for - this entry. + tokenConfig: + description: tokenConfig contains options for authorization and access tokens + type: object + properties: + accessTokenInactivityTimeout: + description: accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as "5m", "1.5h" or "2h45m". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime. type: string - templates: - description: templates allow you to customize pages like the login - page. - type: object - properties: - error: - description: error is the name of a secret that specifies a go - template to use to render error pages during the authentication - or grant flow. The key "errors.html" is used to locate the template - data. If specified and the secret or expected key is not found, - the default error page is used. If the specified template is - not valid, the default error page is used. If unspecified, the - default error page is used. The namespace for this secret is - openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - login: - description: login is the name of a secret that specifies a go - template to use to render the login page. The key "login.html" - is used to locate the template data. If specified and the secret - or expected key is not found, the default login page is used. - If the specified template is not valid, the default login page - is used. If unspecified, the default login page is used. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - providerSelection: - description: providerSelection is the name of a secret that specifies - a go template to use to render the provider selection page. - The key "providers.html" is used to locate the template data. - If specified and the secret or expected key is not found, the - default provider selection page is used. If the specified template - is not valid, the default provider selection page is used. If - unspecified, the default provider selection page is used. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - tokenConfig: - description: tokenConfig contains options for authorization and access - tokens - type: object - properties: - accessTokenInactivityTimeout: - description: accessTokenInactivityTimeout defines the token inactivity - timeout for tokens granted by any client. The value represents - the maximum amount of time that can occur between consecutive - uses of the token. Tokens become invalid if they are not used - within this temporal window. The user will need to acquire a - new token to regain access once a token times out. Takes valid - time duration string such as "5m", "1.5h" or "2h45m". The minimum - allowed value for duration is 300s (5 minutes). If the timeout - is configured per client, then that value takes precedence. - If the timeout value is not specified and the client does not - override the value, then tokens are valid until their lifetime. - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - type: integer - format: int32 - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum age - of access tokens - type: integer - format: int32 - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + accessTokenInactivityTimeoutSeconds: + description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.' + type: integer + format: int32 + accessTokenMaxAgeSeconds: + description: accessTokenMaxAgeSeconds defines the maximum age of access tokens + type: integer + format: int32 + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml index 6de304072..42f745c67 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml @@ -1,66 +1,55 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: projects.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: projects.config.openshift.io spec: group: config.openshift.io - scope: Cluster names: kind: Project listKind: ProjectList plural: projects singular: project + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Project holds cluster-wide information about Project. The canonical - name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - projectRequestMessage: - description: projectRequestMessage is the string presented to a user - if they are unable to request a project via the projectrequest api - endpoint - type: string - projectRequestTemplate: - description: projectRequestTemplate is the template to use for creating - projects in response to projectrequest. This must point to a template - in 'openshift-config' namespace. It is optional. If it is not specified, - a default template is used. - type: object - properties: - name: - description: name is the metadata.name of the referenced project - request template - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + - name: v1 + schema: + openAPIV3Schema: + description: "Project holds cluster-wide information about Project. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + projectRequestMessage: + description: projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint + type: string + projectRequestTemplate: + description: projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used. + type: object + properties: + name: + description: name is the metadata.name of the referenced project request template + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml index c66ec6ad9..f161bc432 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml @@ -1,106 +1,68 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: schedulers.config.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: schedulers.config.openshift.io spec: group: config.openshift.io - scope: Cluster names: kind: Scheduler - singular: scheduler - plural: schedulers listKind: SchedulerList + plural: schedulers + singular: scheduler + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Scheduler holds cluster-wide config information to run the Kubernetes - Scheduler and influence its placement decisions. The canonical name for - this config is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - defaultNodeSelector: - description: 'defaultNodeSelector helps set the cluster-wide default - node selector to restrict pod placement to specific nodes. This - is applied to the pods created in all namespaces and creates an - intersection with any existing nodeSelectors already set on a pod, - additionally constraining that pod''s selector. For example, defaultNodeSelector: - "type=user-node,region=east" would set nodeSelector field in pod - spec to "type=user-node,region=east" to all pods created in all - namespaces. Namespaces having project-wide node selectors won''t - be impacted even if this field is set. This adds an annotation section - to the namespace. For example, if a new namespace is created with - node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: - type=user-node,region=east gets added to the project. When the openshift.io/node-selector - annotation is set on the project the value is used in preference - to the value we are setting for defaultNodeSelector field. For instance, - openshift.io/node-selector: "type=user-node,region=west" means that - the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied.' - type: string - mastersSchedulable: - description: 'MastersSchedulable allows masters nodes to be schedulable. - When this flag is turned on, all the master nodes in the cluster - will be made schedulable, so that workload pods can run on them. - The default value for this field is false, meaning none of the master - nodes are schedulable. Important Note: Once the workload pods start - running on the master nodes, extreme care must be taken to ensure - that cluster-critical control plane components are not impacted. - Please turn on this field after doing due diligence.' - type: boolean - policy: - description: 'DEPRECATED: the scheduler Policy API has been deprecated - and will be removed in a future release. policy is a reference to - a ConfigMap containing scheduler policy which has user specified - predicates and priorities. If this ConfigMap is not available scheduler - will default to use DefaultAlgorithmProvider. The namespace for - this configmap is openshift-config.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - profile: - description: "profile sets which scheduling profile should be set - in order to configure scheduling decisions for new pods. \n Valid - values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" - Defaults to \"LowNodeUtilization\"" - type: string - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + - name: v1 + schema: + openAPIV3Schema: + description: "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + defaultNodeSelector: + description: 'defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod''s selector. For example, defaultNodeSelector: "type=user-node,region=east" would set nodeSelector field in pod spec to "type=user-node,region=east" to all pods created in all namespaces. Namespaces having project-wide node selectors won''t be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: "type=user-node,region=west" means that the default of "type=user-node,region=east" set in defaultNodeSelector would not be applied.' + type: string + mastersSchedulable: + description: 'MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.' + type: boolean + policy: + description: 'DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + profile: + description: "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods. \n Valid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"" + type: string + enum: + - "" + - LowNodeUtilization + - HighNodeUtilization + - NoScoring + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/types.go b/vendor/github.com/openshift/api/config/v1/types.go index 142748423..4986c44ee 100644 --- a/vendor/github.com/openshift/api/config/v1/types.go +++ b/vendor/github.com/openshift/api/config/v1/types.go @@ -310,3 +310,89 @@ type DelegatedAuthorization struct { // disabled indicates that authorization should be disabled. By default it will use delegated authorization. Disabled bool `json:"disabled,omitempty"` } +type RequiredHSTSPolicy struct { + // namespaceSelector specifies a label selector such that the policy applies only to those routes that + // are in namespaces with labels that match the selector, and are in one of the DomainPatterns. + // Defaults to the empty LabelSelector, which matches everything. + // +optional + NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` + + // domainPatterns is a list of domains for which the desired HSTS annotations are required. + // If domainPatterns is specified and a route is created with a spec.host matching one of the domains, + // the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. + // + // The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. + // foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. + // kubebuilder:validation:MinLength=1 + // +required + DomainPatterns []string `json:"domainPatterns"` + + // maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. + // If set to 0, it negates the effect, and hosts are removed as HSTS hosts. + // If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. + // maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS + // policy will eventually expire on that client. + // +required + MaxAge MaxAgePolicy `json:"maxAge"` + + // preloadPolicy directs the client to include hosts in its host preload list so that + // it never needs to do an initial load to get the HSTS header (note that this is not defined + // in RFC 6797 and is therefore client implementation-dependent). + // +optional + PreloadPolicy PreloadPolicy `json:"preloadPolicy,omitempty"` + + // includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's + // domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: + // - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com + // - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com + // - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com + // - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com + // +optional + IncludeSubDomainsPolicy IncludeSubDomainsPolicy `json:"includeSubDomainsPolicy,omitempty"` +} + +// MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy +type MaxAgePolicy struct { + // The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age + // This value can be left unspecified, in which case no upper limit is enforced. + // kubebuilder:validation:minimum=0:maximum=2147483647 + LargestMaxAge *int32 `json:"largestMaxAge,omitempty"` + + // The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age + // Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary + // tool for administrators to quickly correct mistakes. + // This value can be left unspecified, in which case no lower limit is enforced. + // kubebuilder:validation:minimum=0:maximum=2147483647 + SmallestMaxAge *int32 `json:"smallestMaxAge,omitempty"` +} + +// PreloadPolicy contains a value for specifying a compliant HSTS preload policy for the enclosing RequiredHSTSPolicy +// +kubebuilder:validation:Enum=RequirePreload;RequireNoPreload;NoOpinion +type PreloadPolicy string + +const ( + // RequirePreloadPolicy means HSTS "preload" is required by the RequiredHSTSPolicy + RequirePreloadPolicy PreloadPolicy = "RequirePreload" + + // RequireNoPreloadPolicy means HSTS "preload" is forbidden by the RequiredHSTSPolicy + RequireNoPreloadPolicy PreloadPolicy = "RequireNoPreload" + + // NoOpinionPreloadPolicy means HSTS "preload" doesn't matter to the RequiredHSTSPolicy + NoOpinionPreloadPolicy PreloadPolicy = "NoOpinion" +) + +// IncludeSubDomainsPolicy contains a value for specifying a compliant HSTS includeSubdomains policy +// for the enclosing RequiredHSTSPolicy +// +kubebuilder:validation:Enum=RequireIncludeSubDomains;RequireNoIncludeSubDomains;NoOpinion +type IncludeSubDomainsPolicy string + +const ( + // RequireIncludeSubDomains means HSTS "includeSubDomains" is required by the RequiredHSTSPolicy + RequireIncludeSubDomains IncludeSubDomainsPolicy = "RequireIncludeSubDomains" + + // RequireNoIncludeSubDomains means HSTS "includeSubDomains" is forbidden by the RequiredHSTSPolicy + RequireNoIncludeSubDomains IncludeSubDomainsPolicy = "RequireNoIncludeSubDomains" + + // NoOpinionIncludeSubDomains means HSTS "includeSubDomains" doesn't matter to the RequiredHSTSPolicy + NoOpinionIncludeSubDomains IncludeSubDomainsPolicy = "NoOpinion" +) diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 42268db39..12c009069 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -11,6 +11,9 @@ import ( // APIServer holds configuration (like serving certificates, client CA and CORS domains) // shared by all API servers in the system, among them especially kube-apiserver // and openshift-apiserver. The canonical name of an instance is 'cluster'. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type APIServer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -46,9 +49,9 @@ type APIServerSpec struct { Encryption APIServerEncryption `json:"encryption"` // tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. // - // If unset, a default (which may change between releases) is chosen. Note that only Old and - // Intermediate profiles are currently supported, and the maximum available MinTLSVersions - // is VersionTLS12. + // If unset, a default (which may change between releases) is chosen. Note that only Old, + // Intermediate and Custom profiles are currently supported, and the maximum available + // MinTLSVersions is VersionTLS12. // +optional TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` // audit specifies the settings for audit configuration to be applied to all OpenShift-provided @@ -59,12 +62,15 @@ type APIServerSpec struct { } // AuditProfileType defines the audit policy profile type. -// +kubebuilder:validation:Enum=Default;WriteRequestBodies;AllRequestBodies +// +kubebuilder:validation:Enum=Default;WriteRequestBodies;AllRequestBodies;None type AuditProfileType string const ( + // "None" disables audit logs. + NoneAuditProfileType AuditProfileType = "None" + // "Default" is the existing default audit configuration policy. - AuditProfileDefaultType AuditProfileType = "Default" + DefaultAuditProfileType AuditProfileType = "Default" // "WriteRequestBodies" is similar to Default but it logs request and response // HTTP payloads for write requests (create, update, patch) @@ -76,6 +82,47 @@ const ( ) type Audit struct { + // profile specifies the name of the desired top-level audit profile to be applied to all requests + // sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, + // openshift-apiserver and oauth-apiserver), with the exception of those requests that match + // one or more of the customRules. + // + // The following profiles are provided: + // - Default: default policy which means MetaData level logging with the exception of events + // (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody + // level). + // - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for + // write requests (create, update, patch). + // - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response + // HTTP payloads for read requests (get, list). + // - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. + // + // Warning: to raise a Red Hat support request, it is required to set this to Default, + // WriteRequestBodies, or AllRequestBodies to generate audit log events that can be + // analyzed by support. + // + // If unset, the 'Default' profile is used as the default. + // + // +kubebuilder:default=Default + Profile AuditProfileType `json:"profile,omitempty"` + // customRules specify profiles per group. These profile take precedence over the + // top-level profile field if they apply. They are evaluation from top to bottom and + // the first one that matches, applies. + // +listType=map + // +listMapKey=group + // +optional + CustomRules []AuditCustomRule `json:"customRules,omitempty"` +} + +// AuditCustomRule describes a custom rule for an audit profile that takes precedence over +// the top-level profile. +type AuditCustomRule struct { + // group is a name of group a request user must be member of in order to this profile to apply. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Group string `json:"group"` // profile specifies the name of the desired audit policy configuration to be deployed to // all OpenShift-provided API servers in the cluster. // @@ -85,9 +132,12 @@ type Audit struct { // write requests (create, update, patch). // - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response // HTTP payloads for read requests (get, list). + // - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. // // If unset, the 'Default' profile is used as the default. - // +kubebuilder:default=Default + // + // +kubebuilder:validation:Required + // +required Profile AuditProfileType `json:"profile,omitempty"` } @@ -151,6 +201,8 @@ type APIServerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type APIServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 0d1041bd5..7f346069e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Authentication specifies cluster-wide settings for authentication (like OAuth and // webhook token authenticators). The canonical name of an instance is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Authentication struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -88,6 +91,8 @@ type AuthenticationStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type AuthenticationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_build.go b/vendor/github.com/openshift/api/config/v1/types_build.go index 16882e1ca..34f46a1f9 100644 --- a/vendor/github.com/openshift/api/config/v1/types_build.go +++ b/vendor/github.com/openshift/api/config/v1/types_build.go @@ -13,6 +13,9 @@ import ( // This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. // // The canonical name is "cluster" +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Build struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -108,6 +111,8 @@ type BuildOverrides struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BuildList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 299adb1c9..ba681e658 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -12,6 +12,9 @@ import ( // ClusterOperator is the Custom Resource object which holds the current state // of an operator. This object is used by operators to convey their state to // the rest of the cluster. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterOperator struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -142,12 +145,17 @@ type ClusterStatusConditionType string const ( // Available indicates that the operand (eg: openshift-apiserver for the // openshift-apiserver-operator), is functional and available in the cluster. + // Available=False means at least part of the component is non-functional, + // and that the condition requires immediate administrator intervention. OperatorAvailable ClusterStatusConditionType = "Available" // Progressing indicates that the operator is actively rolling out new code, // propagating config changes, or otherwise moving from one steady state to // another. Operators should not report progressing when they are reconciling - // a previously known state. + // (without action) a previously known state. If the observed cluster state + // has changed and the operator/operand is reacting to it (scaling up for instance), + // Progressing should become true since it is moving from one steady state to + // another. OperatorProgressing ClusterStatusConditionType = "Progressing" // Degraded indicates that the operator's current state does not match its @@ -162,13 +170,13 @@ const ( // persist over a long enough period to report Degraded. A service should not // report Degraded during the course of a normal upgrade. A service may report // Degraded in response to a persistent infrastructure failure that requires - // administrator intervention. For example, if a control plane host is unhealthy - // and must be replaced. An operator should report Degraded if unexpected - // errors occur over a period, but the expectation is that all unexpected errors - // are handled as operators mature. + // eventual administrator intervention. For example, if a control plane host + // is unhealthy and must be replaced. An operator should report Degraded if + // unexpected errors occur over a period, but the expectation is that all + // unexpected errors are handled as operators mature. OperatorDegraded ClusterStatusConditionType = "Degraded" - // Upgradeable indicates whether the operator is in a state that is safe to upgrade. When status is `False` + // Upgradeable indicates whether the operator safe to upgrade based on the current cluster state. When status is `False` // administrators should not upgrade their cluster and the message field should contain a human readable description // of what the administrator should do to allow the operator to successfully update. A missing condition, True, // and Unknown are all treated by the CVO as allowing an upgrade. @@ -176,7 +184,10 @@ const ( ) // ClusterOperatorList is a list of OperatorStatus resources. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 type ClusterOperatorList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 58a65228d..634efaa3e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -10,6 +10,9 @@ import ( // ClusterVersion is the configuration for the ClusterVersionOperator. This is where // parameters related to automatic updates can be set. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterVersion struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -157,6 +160,7 @@ type UpdateHistory struct { // +kubebuilder:validation:Required // +required StartedTime metav1.Time `json:"startedTime"` + // completionTime, if set, is when the update was fully applied. The update // that is currently being applied will have a null completion time. // Completion time will always be set for entries that are not the current @@ -172,13 +176,17 @@ type UpdateHistory struct { // // +optional Version string `json:"version"` + // image is a container image location that contains the update. This value // is always populated. // +kubebuilder:validation:Required // +required Image string `json:"image"` + // verified indicates whether the provided update was properly verified // before it was installed. If this is false the cluster may not be trusted. + // Verified does not cover upgradeable checks that depend on the cluster + // state at the time when the update target was accepted. // +kubebuilder:validation:Required // +required Verified bool `json:"verified"` @@ -229,23 +237,21 @@ type Update struct { // // +optional Version string `json:"version"` + // image is a container image location that contains the update. When this // field is part of spec, image is optional if version is specified and the // availableUpdates field contains a matching version. // // +optional Image string `json:"image"` + // force allows an administrator to update to an image that has failed - // verification, does not appear in the availableUpdates list, or otherwise - // would be blocked by normal protections on update. This option should only + // verification or upgradeable checks. This option should only // be used when the authenticity of the provided image has been verified out // of band because the provided image will run with full administrative access // to the cluster. Do not use this flag with images that comes from unknown // or potentially malicious sources. // - // This flag does not override other forms of consistency checking that are - // required before a new update is deployed. - // // +optional Force bool `json:"force"` } @@ -285,7 +291,10 @@ type Release struct { const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates" // ClusterVersionList is a list of ClusterVersion resources. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 type ClusterVersionList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go index d64219300..e1a128827 100644 --- a/vendor/github.com/openshift/api/config/v1/types_console.go +++ b/vendor/github.com/openshift/api/config/v1/types_console.go @@ -11,6 +11,9 @@ import ( // Console holds cluster-wide configuration for the web console, including the // logout URL, and reports the public URL of the console. The canonical name is // `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Console struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -39,6 +42,8 @@ type ConsoleStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ConsoleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go index 989ef99c3..c223f828e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -7,6 +7,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DNS holds cluster-wide information about DNS. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DNS struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -79,6 +82,8 @@ type DNSStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DNSList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index b083e6d1f..2f0dce3b5 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -7,6 +7,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Feature holds cluster-wide information about feature gates. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type FeatureGate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -76,6 +79,8 @@ type FeatureGateStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type FeatureGateList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` @@ -110,6 +115,9 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ with("CSIDriverVSphere"). // sig-storage, jsafrane, OCP specific with("CSIMigrationAWS"). // sig-storage, jsafrane, Kubernetes feature gate with("CSIMigrationOpenStack"). // sig-storage, jsafrane, Kubernetes feature gate + with("CSIMigrationGCE"). // sig-storage, fbertina, Kubernetes feature gate + with("CSIMigrationAzureDisk"). // sig-storage, fbertina, Kubernetes feature gate + with("ExternalCloudProvider"). // sig-cloud-provider, jspeed, OCP specific toFeatures(), LatencySensitive: newDefaultFeatures(). with( diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 8b762a5a6..08a31072d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -12,6 +12,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // registries, and policies to block or allow registry hostnames. // When exposing OpenShift's image registry to the public, this also lets cluster // admins specify the external hostname. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Image struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -77,6 +80,8 @@ type ImageStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 6e78d5ea6..131e26ba7 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:subresource:status // Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Infrastructure struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -82,7 +85,10 @@ type InfrastructureStatus struct { // The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. // The 'SingleReplica' mode will be used in single-node deployments // and the operators should not configure the operand for highly-available operation + // The 'External' mode indicates that the control plane is hosted externally to the cluster and that + // its components are not visible within the cluster. // +kubebuilder:default=HighlyAvailable + // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica;External ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` // infrastructureTopology expresses the expectations for infrastructure services that do not run on control @@ -91,12 +97,16 @@ type InfrastructureStatus struct { // The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. // The 'SingleReplica' mode will be used in single-node deployments // and the operators should not configure the operand for highly-available operation + // NOTE: External topology mode is not applicable for this field. // +kubebuilder:default=HighlyAvailable + // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica InfrastructureTopology TopologyMode `json:"infrastructureTopology"` } // TopologyMode defines the topology mode of the control/infra nodes. -// +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica +// NOTE: Enum validation is specified in each field that uses this type, +// given that External value is not applicable to the InfrastructureTopology +// field. type TopologyMode string const ( @@ -105,6 +115,12 @@ const ( // "SingleReplica" is for operators to avoid spending resources for high-availability purpose. SingleReplicaTopologyMode TopologyMode = "SingleReplica" + + // "External" indicates that the component is running externally to the cluster. When specified + // as the control plane topology, operators should avoid scheduling workloads to masters or assume + // that any of the control plane components such as kubernetes API server or etcd are visible within + // the cluster. + ExternalTopologyMode TopologyMode = "External" ) // PlatformType is a specific supported infrastructure provider. @@ -362,10 +378,14 @@ type AzurePlatformStatus struct { // If empty, the value is equal to `AzurePublicCloud`. // +optional CloudName AzureCloudEnvironment `json:"cloudName,omitempty"` + + // armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + // +optional + ARMEndpoint string `json:"armEndpoint,omitempty"` } // AzureCloudEnvironment is the name of the Azure cloud environment -// +kubebuilder:validation:Enum="";AzurePublicCloud;AzureUSGovernmentCloud;AzureChinaCloud;AzureGermanCloud +// +kubebuilder:validation:Enum="";AzurePublicCloud;AzureUSGovernmentCloud;AzureChinaCloud;AzureGermanCloud;AzureStackCloud type AzureCloudEnvironment string const ( @@ -380,6 +400,9 @@ const ( // AzureGermanCloud is the Azure cloud environment used in Germany. AzureGermanCloud AzureCloudEnvironment = "AzureGermanCloud" + + // AzureStackCloud is the Azure cloud environment used at the edge and on premises. + AzureStackCloud AzureCloudEnvironment = "AzureStackCloud" ) // GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. @@ -510,6 +533,10 @@ type IBMCloudPlatformStatus struct { // ProviderType indicates the type of cluster that was created ProviderType IBMCloudProviderType `json:"providerType,omitempty"` + + // CISInstanceCRN is the CRN of the Cloud Internet Services instance managing + // the DNS zone for the cluster's base domain + CISInstanceCRN string `json:"cisInstanceCRN,omitempty"` } // KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. @@ -549,6 +576,9 @@ type EquinixMetalPlatformStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // InfrastructureList is +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type InfrastructureList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go index 9451adc27..2c6bed3cb 100644 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -10,6 +10,9 @@ import ( // Ingress holds cluster-wide information about ingress, including the default ingress domain // used for routes. The canonical name is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Ingress struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -54,6 +57,31 @@ type IngressSpec struct { // configurable routes. // +optional ComponentRoutes []ComponentRouteSpec `json:"componentRoutes,omitempty"` + + // requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes + // matching the domainPattern/s and namespaceSelector/s that are specified in the policy. + // Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route + // annotation, and affect route admission. + // + // A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: + // "haproxy.router.openshift.io/hsts_header" + // E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains + // + // - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, + // then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route + // is rejected. + // - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies + // determines the route's admission status. + // - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, + // then it may use any HSTS Policy annotation. + // + // The HSTS policy configuration may be changed after routes have already been created. An update to a previously + // admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. + // However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. + // + // Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid. + // +optional + RequiredHSTSPolicies []RequiredHSTSPolicy `json:"requiredHSTSPolicies,omitempty"` } // ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported. @@ -172,7 +200,9 @@ type ComponentRouteStatus struct { RelatedObjects []ObjectReference `json:"relatedObjects"` } +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 type IngressList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index ebfdf0162..322f062e4 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. // Please view network.spec for an explanation on what applies when configuring this resource. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Network struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -128,6 +131,8 @@ type ExternalIPPolicy struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type NetworkList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_oauth.go b/vendor/github.com/openshift/api/config/v1/types_oauth.go index fcbd191aa..5b5849b65 100644 --- a/vendor/github.com/openshift/api/config/v1/types_oauth.go +++ b/vendor/github.com/openshift/api/config/v1/types_oauth.go @@ -11,6 +11,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. // It is used to configure the integrated OAuth server. // This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuth struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -554,6 +557,8 @@ type OpenIDClaims struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go index 1b2b7f82e..67a029529 100644 --- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go +++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go @@ -36,9 +36,12 @@ type OperatorHubStatus struct { // OperatorHub is the Schema for the operatorhubs API. It can be used to change // the state of the default hub sources for OperatorHub on the cluster from // enabled to disabled and vice versa. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:subresource:status // +genclient // +genclient:nonNamespaced +// +openshift:compatibility-gen:level=1 type OperatorHub struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -50,6 +53,9 @@ type OperatorHub struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OperatorHubList contains a list of OperatorHub +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OperatorHubList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_project.go b/vendor/github.com/openshift/api/config/v1/types_project.go index 244ce3ef8..add6abf66 100644 --- a/vendor/github.com/openshift/api/config/v1/types_project.go +++ b/vendor/github.com/openshift/api/config/v1/types_project.go @@ -7,6 +7,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Project holds cluster-wide information about Project. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Project struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -46,6 +49,8 @@ type ProjectStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ProjectList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_proxy.go b/vendor/github.com/openshift/api/config/v1/types_proxy.go index 211e501e0..35e78bb69 100644 --- a/vendor/github.com/openshift/api/config/v1/types_proxy.go +++ b/vendor/github.com/openshift/api/config/v1/types_proxy.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Proxy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -86,6 +89,8 @@ type ProxyStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ProxyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/vendor/github.com/openshift/api/config/v1/types_scheduling.go index 570f8affc..a69d2a35c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go +++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Scheduler holds cluster-wide config information to run the Kubernetes Scheduler // and influence its placement decisions. The canonical name for this config is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Scheduler struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -92,6 +95,8 @@ type SchedulerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type SchedulerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index cb933dac0..9926aa1f5 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -148,7 +148,7 @@ func (in *APIServerSpec) DeepCopyInto(out *APIServerSpec) { *out = new(TLSSecurityProfile) (*in).DeepCopyInto(*out) } - out.Audit = in.Audit + in.Audit.DeepCopyInto(&out.Audit) return } @@ -310,6 +310,11 @@ func (in *AdmissionPluginConfig) DeepCopy() *AdmissionPluginConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Audit) DeepCopyInto(out *Audit) { *out = *in + if in.CustomRules != nil { + in, out := &in.CustomRules, &out.CustomRules + *out = make([]AuditCustomRule, len(*in)) + copy(*out, *in) + } return } @@ -340,6 +345,22 @@ func (in *AuditConfig) DeepCopy() *AuditConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuditCustomRule) DeepCopyInto(out *AuditCustomRule) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditCustomRule. +func (in *AuditCustomRule) DeepCopy() *AuditCustomRule { + if in == nil { + return nil + } + out := new(AuditCustomRule) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Authentication) DeepCopyInto(out *Authentication) { *out = *in @@ -2293,6 +2314,13 @@ func (in *IngressSpec) DeepCopyInto(out *IngressSpec) { *out = make([]ComponentRouteSpec, len(*in)) copy(*out, *in) } + if in.RequiredHSTSPolicies != nil { + in, out := &in.RequiredHSTSPolicies, &out.RequiredHSTSPolicies + *out = make([]RequiredHSTSPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -2485,6 +2513,32 @@ func (in *LeaderElection) DeepCopy() *LeaderElection { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaxAgePolicy) DeepCopyInto(out *MaxAgePolicy) { + *out = *in + if in.LargestMaxAge != nil { + in, out := &in.LargestMaxAge, &out.LargestMaxAge + *out = new(int32) + **out = **in + } + if in.SmallestMaxAge != nil { + in, out := &in.SmallestMaxAge, &out.SmallestMaxAge + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaxAgePolicy. +func (in *MaxAgePolicy) DeepCopy() *MaxAgePolicy { + if in == nil { + return nil + } + out := new(MaxAgePolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ModernTLSProfile) DeepCopyInto(out *ModernTLSProfile) { *out = *in @@ -3536,6 +3590,33 @@ func (in *RequestHeaderIdentityProvider) DeepCopy() *RequestHeaderIdentityProvid return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequiredHSTSPolicy) DeepCopyInto(out *RequiredHSTSPolicy) { + *out = *in + if in.NamespaceSelector != nil { + in, out := &in.NamespaceSelector, &out.NamespaceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.DomainPatterns != nil { + in, out := &in.DomainPatterns, &out.DomainPatterns + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.MaxAge.DeepCopyInto(&out.MaxAge) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequiredHSTSPolicy. +func (in *RequiredHSTSPolicy) DeepCopy() *RequiredHSTSPolicy { + if in == nil { + return nil + } + out := new(RequiredHSTSPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Scheduler) DeepCopyInto(out *Scheduler) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 22de664b2..4cb45be7f 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -181,6 +181,16 @@ func (LeaderElection) SwaggerDoc() map[string]string { return map_LeaderElection } +var map_MaxAgePolicy = map[string]string{ + "": "MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy", + "largestMaxAge": "The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced. kubebuilder:validation:minimum=0:maximum=2147483647", + "smallestMaxAge": "The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced. kubebuilder:validation:minimum=0:maximum=2147483647", +} + +func (MaxAgePolicy) SwaggerDoc() map[string]string { + return map_MaxAgePolicy +} + var map_NamedCertificate = map[string]string{ "": "NamedCertificate specifies a certificate/key, and the names it should be served for", "names": "Names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", @@ -200,6 +210,18 @@ func (RemoteConnectionInfo) SwaggerDoc() map[string]string { return map_RemoteConnectionInfo } +var map_RequiredHSTSPolicy = map[string]string{ + "namespaceSelector": "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", + "domainPatterns": "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.\n\nThe use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. kubebuilder:validation:MinLength=1", + "maxAge": "maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.", + "preloadPolicy": "preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).", + "includeSubDomainsPolicy": "includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com", +} + +func (RequiredHSTSPolicy) SwaggerDoc() map[string]string { + return map_RequiredHSTSPolicy +} + var map_SecretNameReference = map[string]string{ "": "SecretNameReference references a secret in a specific namespace. The namespace must be specified at the point of use.", "name": "name is the metadata.name of the referenced secret", @@ -244,7 +266,7 @@ func (StringSourceSpec) SwaggerDoc() map[string]string { } var map_APIServer = map[string]string{ - "": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.", + "": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -261,6 +283,14 @@ func (APIServerEncryption) SwaggerDoc() map[string]string { return map_APIServerEncryption } +var map_APIServerList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (APIServerList) SwaggerDoc() map[string]string { + return map_APIServerList +} + var map_APIServerNamedServingCert = map[string]string{ "": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", "names": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", @@ -284,7 +314,7 @@ var map_APIServerSpec = map[string]string{ "clientCA": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", "additionalCORSAllowedOrigins": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", "encryption": "encryption allows the configuration of encryption of resources at the datastore layer.", - "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old and Intermediate profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.", + "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.", "audit": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", } @@ -293,15 +323,26 @@ func (APIServerSpec) SwaggerDoc() map[string]string { } var map_Audit = map[string]string{ - "profile": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list).\n\nIf unset, the 'Default' profile is used as the default.", + "profile": "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules.\n\nThe following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: to raise a Red Hat support request, it is required to set this to Default, WriteRequestBodies, or AllRequestBodies to generate audit log events that can be analyzed by support.\n\nIf unset, the 'Default' profile is used as the default.", + "customRules": "customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.", } func (Audit) SwaggerDoc() map[string]string { return map_Audit } +var map_AuditCustomRule = map[string]string{ + "": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.", + "group": "group is a name of group a request user must be member of in order to this profile to apply.", + "profile": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", +} + +func (AuditCustomRule) SwaggerDoc() map[string]string { + return map_AuditCustomRule +} + var map_Authentication = map[string]string{ - "": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.", + "": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -310,6 +351,14 @@ func (Authentication) SwaggerDoc() map[string]string { return map_Authentication } +var map_AuthenticationList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (AuthenticationList) SwaggerDoc() map[string]string { + return map_AuthenticationList +} + var map_AuthenticationSpec = map[string]string{ "type": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", @@ -349,7 +398,7 @@ func (WebhookTokenAuthenticator) SwaggerDoc() map[string]string { } var map_Build = map[string]string{ - "": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"", + "": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec holds user-settable values for the build controller configuration", } @@ -369,6 +418,14 @@ func (BuildDefaults) SwaggerDoc() map[string]string { return map_BuildDefaults } +var map_BuildList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (BuildList) SwaggerDoc() map[string]string { + return map_BuildList +} + var map_BuildOverrides = map[string]string{ "imageLabels": "ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "nodeSelector": "NodeSelector is a selector which must be true for the build pod to fit on a node", @@ -400,7 +457,7 @@ func (ImageLabel) SwaggerDoc() map[string]string { } var map_ClusterOperator = map[string]string{ - "": "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster.", + "": "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds configuration that could apply to any operator.", "status": "status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.", } @@ -410,7 +467,7 @@ func (ClusterOperator) SwaggerDoc() map[string]string { } var map_ClusterOperatorList = map[string]string{ - "": "ClusterOperatorList is a list of OperatorStatus resources.", + "": "ClusterOperatorList is a list of OperatorStatus resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ClusterOperatorList) SwaggerDoc() map[string]string { @@ -472,7 +529,7 @@ func (OperandVersion) SwaggerDoc() map[string]string { } var map_ClusterVersion = map[string]string{ - "": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.", + "": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.", "status": "status contains information about the available updates and any in-progress updates.", } @@ -482,7 +539,7 @@ func (ClusterVersion) SwaggerDoc() map[string]string { } var map_ClusterVersionList = map[string]string{ - "": "ClusterVersionList is a list of ClusterVersion resources.", + "": "ClusterVersionList is a list of ClusterVersion resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ClusterVersionList) SwaggerDoc() map[string]string { @@ -545,7 +602,7 @@ var map_Update = map[string]string{ "": "Update represents an administrator update request.", "version": "version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.", "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", - "force": "force allows an administrator to update to an image that has failed verification, does not appear in the availableUpdates list, or otherwise would be blocked by normal protections on update. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.\n\nThis flag does not override other forms of consistency checking that are required before a new update is deployed.", + "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", } func (Update) SwaggerDoc() map[string]string { @@ -559,7 +616,7 @@ var map_UpdateHistory = map[string]string{ "completionTime": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", "version": "version is a semantic versioning identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", "image": "image is a container image location that contains the update. This value is always populated.", - "verified": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted.", + "verified": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", } func (UpdateHistory) SwaggerDoc() map[string]string { @@ -567,7 +624,7 @@ func (UpdateHistory) SwaggerDoc() map[string]string { } var map_Console = map[string]string{ - "": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.", + "": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -585,6 +642,14 @@ func (ConsoleAuthentication) SwaggerDoc() map[string]string { return map_ConsoleAuthentication } +var map_ConsoleList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ConsoleList) SwaggerDoc() map[string]string { + return map_ConsoleList +} + var map_ConsoleSpec = map[string]string{ "": "ConsoleSpec is the specification of the desired behavior of the Console.", } @@ -603,7 +668,7 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { } var map_DNS = map[string]string{ - "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`", + "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -612,6 +677,14 @@ func (DNS) SwaggerDoc() map[string]string { return map_DNS } +var map_DNSList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (DNSList) SwaggerDoc() map[string]string { + return map_DNSList +} + var map_DNSSpec = map[string]string{ "baseDomain": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", "publicZone": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", @@ -642,7 +715,7 @@ func (CustomFeatureGates) SwaggerDoc() map[string]string { } var map_FeatureGate = map[string]string{ - "": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`", + "": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -651,6 +724,14 @@ func (FeatureGate) SwaggerDoc() map[string]string { return map_FeatureGate } +var map_FeatureGateList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (FeatureGateList) SwaggerDoc() map[string]string { + return map_FeatureGateList +} + var map_FeatureGateSelection = map[string]string{ "featureSet": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", "customNoUpgrade": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", @@ -661,7 +742,7 @@ func (FeatureGateSelection) SwaggerDoc() map[string]string { } var map_Image = map[string]string{ - "": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.", + "": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -670,6 +751,14 @@ func (Image) SwaggerDoc() map[string]string { return map_Image } +var map_ImageList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ImageList) SwaggerDoc() map[string]string { + return map_ImageList +} + var map_ImageSpec = map[string]string{ "allowedRegistriesForImport": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", @@ -765,6 +854,7 @@ var map_AzurePlatformStatus = map[string]string{ "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", "networkResourceGroupName": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", "cloudName": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", + "armEndpoint": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", } func (AzurePlatformStatus) SwaggerDoc() map[string]string { @@ -839,6 +929,7 @@ var map_IBMCloudPlatformStatus = map[string]string{ "location": "Location is where the cluster has been deployed", "resourceGroupName": "ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", "providerType": "ProviderType indicates the type of cluster that was created", + "cisInstanceCRN": "CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", } func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { @@ -846,7 +937,7 @@ func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { } var map_Infrastructure = map[string]string{ - "": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`", + "": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -856,7 +947,7 @@ func (Infrastructure) SwaggerDoc() map[string]string { } var map_InfrastructureList = map[string]string{ - "": "InfrastructureList is", + "": "InfrastructureList is\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (InfrastructureList) SwaggerDoc() map[string]string { @@ -881,8 +972,8 @@ var map_InfrastructureStatus = map[string]string{ "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", "apiServerURL": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", - "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation", - "infrastructureTopology": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation", + "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.", + "infrastructureTopology": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", } func (InfrastructureStatus) SwaggerDoc() map[string]string { @@ -1031,7 +1122,7 @@ func (ComponentRouteStatus) SwaggerDoc() map[string]string { } var map_Ingress = map[string]string{ - "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.", + "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1040,10 +1131,19 @@ func (Ingress) SwaggerDoc() map[string]string { return map_Ingress } +var map_IngressList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (IngressList) SwaggerDoc() map[string]string { + return map_IngressList +} + var map_IngressSpec = map[string]string{ - "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", - "appsDomain": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", - "componentRoutes": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", + "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", + "appsDomain": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", + "componentRoutes": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", + "requiredHSTSPolicies": "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission.\n\nA candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains\n\n- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation.\n\nThe HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.\n\nNote that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.", } func (IngressSpec) SwaggerDoc() map[string]string { @@ -1089,7 +1189,7 @@ func (ExternalIPPolicy) SwaggerDoc() map[string]string { } var map_Network = map[string]string{ - "": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.", + "": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1098,6 +1198,14 @@ func (Network) SwaggerDoc() map[string]string { return map_Network } +var map_NetworkList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (NetworkList) SwaggerDoc() map[string]string { + return map_NetworkList +} + var map_NetworkMigration = map[string]string{ "": "NetworkMigration represents the cluster network configuration.", "networkType": "NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes", @@ -1251,7 +1359,7 @@ func (LDAPIdentityProvider) SwaggerDoc() map[string]string { } var map_OAuth = map[string]string{ - "": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.", + "": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1260,6 +1368,14 @@ func (OAuth) SwaggerDoc() map[string]string { return map_OAuth } +var map_OAuthList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (OAuthList) SwaggerDoc() map[string]string { + return map_OAuthList +} + var map_OAuthRemoteConnectionInfo = map[string]string{ "": "OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection", "url": "url is the remote URL to connect to", @@ -1376,7 +1492,7 @@ func (HubSourceStatus) SwaggerDoc() map[string]string { } var map_OperatorHub = map[string]string{ - "": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.", + "": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (OperatorHub) SwaggerDoc() map[string]string { @@ -1384,7 +1500,7 @@ func (OperatorHub) SwaggerDoc() map[string]string { } var map_OperatorHubList = map[string]string{ - "": "OperatorHubList contains a list of OperatorHub", + "": "OperatorHubList contains a list of OperatorHub\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (OperatorHubList) SwaggerDoc() map[string]string { @@ -1411,7 +1527,7 @@ func (OperatorHubStatus) SwaggerDoc() map[string]string { } var map_Project = map[string]string{ - "": "Project holds cluster-wide information about Project. The canonical name is `cluster`", + "": "Project holds cluster-wide information about Project. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1420,6 +1536,14 @@ func (Project) SwaggerDoc() map[string]string { return map_Project } +var map_ProjectList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ProjectList) SwaggerDoc() map[string]string { + return map_ProjectList +} + var map_ProjectSpec = map[string]string{ "": "ProjectSpec holds the project creation configuration.", "projectRequestMessage": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", @@ -1440,7 +1564,7 @@ func (TemplateReference) SwaggerDoc() map[string]string { } var map_Proxy = map[string]string{ - "": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`", + "": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec holds user-settable values for the proxy configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1449,6 +1573,14 @@ func (Proxy) SwaggerDoc() map[string]string { return map_Proxy } +var map_ProxyList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ProxyList) SwaggerDoc() map[string]string { + return map_ProxyList +} + var map_ProxySpec = map[string]string{ "": "ProxySpec contains cluster proxy creation configuration.", "httpProxy": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", @@ -1474,7 +1606,7 @@ func (ProxyStatus) SwaggerDoc() map[string]string { } var map_Scheduler = map[string]string{ - "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.", + "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1483,6 +1615,14 @@ func (Scheduler) SwaggerDoc() map[string]string { return map_Scheduler } +var map_SchedulerList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (SchedulerList) SwaggerDoc() map[string]string { + return map_SchedulerList +} + var map_SchedulerSpec = map[string]string{ "policy": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", "profile": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", diff --git a/vendor/github.com/openshift/api/go.mod b/vendor/github.com/openshift/api/go.mod index 8cfba0f9f..9bd7ad486 100644 --- a/vendor/github.com/openshift/api/go.mod +++ b/vendor/github.com/openshift/api/go.mod @@ -1,14 +1,17 @@ module github.com/openshift/api -go 1.15 +go 1.16 require ( + github.com/dave/dst v0.26.2 github.com/gogo/protobuf v1.3.2 - github.com/openshift/build-machinery-go v0.0.0-20210209125900-0da259a2c359 + github.com/google/go-cmp v0.5.2 + github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3 github.com/spf13/pflag v1.0.5 golang.org/x/tools v0.1.0 - k8s.io/api v0.21.0-rc.0 - k8s.io/apimachinery v0.21.0-rc.0 - k8s.io/code-generator v0.21.0-rc.0 + k8s.io/api v0.21.1 + k8s.io/apimachinery v0.21.1 + k8s.io/code-generator v0.21.1 + k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 k8s.io/klog/v2 v2.8.0 ) diff --git a/vendor/github.com/openshift/api/go.sum b/vendor/github.com/openshift/api/go.sum index 0d3268d5f..ae454be47 100644 --- a/vendor/github.com/openshift/api/go.sum +++ b/vendor/github.com/openshift/api/go.sum @@ -9,6 +9,12 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/dave/dst v0.26.2 h1:lnxLAKI3tx7MgLNVDirFCsDTlTG9nKTk7GcptKcWSwY= +github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU= +github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ= +github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= +github.com/dave/kerr v0.0.0-20170318121727-bc25dd6abe8e/go.mod h1:qZqlPyPvfsDJt+3wHJ1EvSXDuVjFTK0j2p/ca+gtsb8= +github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWEmXBA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -63,12 +69,14 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20181127221834-b4f47329b966/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -102,12 +110,14 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/openshift/build-machinery-go v0.0.0-20210209125900-0da259a2c359 h1:ehSDsWQiUVzJZrSEXMC7ceV9JIPEyTYqrpqu3m4Wa08= -github.com/openshift/build-machinery-go v0.0.0-20210209125900-0da259a2c359/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3 h1:hYMLjavR8LrcCva788SxDqYjRc1k2w0LNGi7eX9vY5Y= +github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= +github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -118,6 +128,7 @@ github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -151,6 +162,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -175,6 +187,7 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= @@ -210,6 +223,7 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -221,12 +235,12 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.21.0-rc.0 h1:t/kW96KdNJNamYNqxaxRirahK+FaWJQ6BJPbXm5Jb+o= -k8s.io/api v0.21.0-rc.0/go.mod h1:Dkc/ZauWJrgZhjOjeBgW89xZQiTBJA2RaBKYHXPsi2Y= -k8s.io/apimachinery v0.21.0-rc.0 h1:m9dyzHb8QZAHOZKIz2SiabSif1oLsfgrnwiago/9xJA= -k8s.io/apimachinery v0.21.0-rc.0/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= -k8s.io/code-generator v0.21.0-rc.0 h1:5XqZwy0dHr3LssJ9ImpO8dCjdTvZ8Bw84b90dZ46kPk= -k8s.io/code-generator v0.21.0-rc.0/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= +k8s.io/api v0.21.1 h1:94bbZ5NTjdINJEdzOkpS4vdPhkb1VFpTYC9zh43f75c= +k8s.io/api v0.21.1/go.mod h1:FstGROTmsSHBarKc8bylzXih8BLNYTiS3TZcsoEDg2s= +k8s.io/apimachinery v0.21.1 h1:Q6XuHGlj2xc+hlMCvqyYfbv3H7SRGn2c8NycxJquDVs= +k8s.io/apimachinery v0.21.1/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= +k8s.io/code-generator v0.21.1 h1:jvcxHpVu5dm/LMXr3GOj/jroiP8+v2YnJE9i2OVRenk= +k8s.io/code-generator v0.21.1/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 h1:Uusb3oh8XcdzDF/ndlI4ToKTYVlkCSJP39SRY2mfRAw= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= diff --git a/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml b/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml index ac9d2823c..328063783 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml +++ b/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml @@ -1,173 +1,130 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: helmchartrepositories.helm.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/598 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: helmchartrepositories.helm.openshift.io spec: - scope: Cluster group: helm.openshift.io names: kind: HelmChartRepository listKind: HelmChartRepositoryList plural: helmchartrepositories singular: helmchartrepository + scope: Cluster versions: - - name: v1beta1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: HelmChartRepository holds cluster-wide configuration for proxied - Helm chart repository - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - connectionConfig: - description: Required configuration for connecting to the chart repo - type: object - properties: - ca: - description: ca is an optional reference to a config map by name - containing the PEM-encoded CA bundle. It is used as a trust - anchor to validate the TLS certificate presented by the remote - server. The key "ca-bundle.crt" is used to locate the data. - If empty, the default system roots are used. The namespace for - this config map is openshift-config. + - name: v1beta1 + schema: + openAPIV3Schema: + description: "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository \n Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + connectionConfig: + description: Required configuration for connecting to the chart repo + type: object + properties: + ca: + description: ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key "ca-bundle.crt" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + tlsClientConfig: + description: tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key "tls.crt" is used to locate the client certificate. The key "tls.key" is used to locate the private key. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: Chart repository URL + type: string + maxLength: 2048 + pattern: ^https?:\/\/ + description: + description: Optional human readable repository description, it can be used by UI for displaying purposes + type: string + maxLength: 2048 + minLength: 1 + disabled: + description: If set to true, disable the repo usage in the cluster + type: boolean + name: + description: Optional associated human readable repository name, it can be used by UI for displaying purposes + type: string + maxLength: 100 + minLength: 1 + status: + description: Observed status of the repository within the cluster.. + type: object + properties: + conditions: + description: conditions is a list of conditions and their statuses + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - - name + - lastTransitionTime + - message + - reason + - status + - type properties: - name: - description: name is the metadata.name of the referenced config - map + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. type: string - tlsClientConfig: - description: tlsClientConfig is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - and private key to present when connecting to the server. The - key "tls.crt" is used to locate the client certificate. The - key "tls.key" is used to locate the private key. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. type: string - url: - description: Chart repository URL - type: string - maxLength: 2048 - pattern: ^https?:\/\/ - description: - description: Optional human readable repository description, it can - be used by UI for displaying purposes - type: string - maxLength: 2048 - minLength: 1 - disabled: - description: If set to true, disable the repo usage in the cluster - type: boolean - name: - description: Optional associated human readable repository name, it - can be used by UI for displaying purposes - type: string - maxLength: 100 - minLength: 1 - status: - description: Observed status of the repository within the cluster.. - type: object - properties: - conditions: - description: conditions is a list of conditions and their statuses - type: array - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go b/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go index 6b22476e4..1b4e69dee 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go +++ b/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go @@ -11,6 +11,9 @@ import ( // +kubebuilder:plural=helmchartrepositories // HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository +// +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=2 type HelmChartRepository struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -25,7 +28,9 @@ type HelmChartRepository struct { Status HelmChartRepositoryStatus `json:"status"` } +// Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=2 type HelmChartRepositoryList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/image/docker10/dockertypes.go b/vendor/github.com/openshift/api/image/docker10/dockertypes.go index a985553db..03f0f67fc 100644 --- a/vendor/github.com/openshift/api/image/docker10/dockertypes.go +++ b/vendor/github.com/openshift/api/image/docker10/dockertypes.go @@ -8,6 +8,10 @@ import ( // DockerImage is the type representing a container image and its various properties when // retrieved from the Docker client API. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type DockerImage struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/image/dockerpre012/dockertypes.go b/vendor/github.com/openshift/api/image/dockerpre012/dockertypes.go index 685e0b68c..1111892a9 100644 --- a/vendor/github.com/openshift/api/image/dockerpre012/dockertypes.go +++ b/vendor/github.com/openshift/api/image/dockerpre012/dockertypes.go @@ -10,6 +10,10 @@ import ( // DockerImage is for earlier versions of the Docker API (pre-012 to be specific). It is also the // version of metadata that the container image registry uses to persist metadata. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type DockerImage struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/image/v1/generated.proto b/vendor/github.com/openshift/api/image/v1/generated.proto index 8f606b04f..be7160159 100644 --- a/vendor/github.com/openshift/api/image/v1/generated.proto +++ b/vendor/github.com/openshift/api/image/v1/generated.proto @@ -39,6 +39,9 @@ message DockerImageReference { // image metadata is stored in the API, any integration that implements the container image // registry API must provide its own storage for the raw manifest data, image config, and // layer contents. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Image { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -148,6 +151,9 @@ message ImageLayerData { } // ImageList is a list of Image objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -171,6 +177,9 @@ message ImageLookupPolicy { // to those matching cluster-wide policy. // Mandatory fields should be parsed by clients doing image verification. The others are parsed from // signature's content by the server. They serve just an informative purpose. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageSignature { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -218,6 +227,9 @@ message ImageSignature { // administrator runs the prune operation, which removes references that are no longer in // use. To preserve a historical image, ensure there is a tag in spec pointing to that image // by its digest. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageStream { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -242,6 +254,9 @@ message ImageStream { // ImageStreamImages as the from.kind of an image stream spec tag to reference an image // exactly. The only operations supported on the imagestreamimage endpoint are retrieving // the image. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageStreamImage { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -257,6 +272,9 @@ message ImageStreamImage { // This API is intended for end-user tools that need to see the metadata of the image prior to import // (for instance, to generate an application from it). Clients that know the desired image can continue // to create spec.tags directly into their image streams. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageStreamImport { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -295,6 +313,9 @@ message ImageStreamImportStatus { // ImageStreamLayers describes information about the layers referenced by images in this // image stream. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageStreamLayers { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -307,6 +328,9 @@ message ImageStreamLayers { } // ImageStreamList is a list of ImageStream objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageStreamList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -322,6 +346,9 @@ message ImageStreamList { // mappings where the user has proven they have access to the image contents directly. // The only operation supported for this resource is create and the metadata name and // namespace should be set to the image stream containing the tag that should be updated. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageStreamMapping { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -374,6 +401,9 @@ message ImageStreamStatus { // failed the previous image will be shown. Deleting an image stream tag clears both the // status and spec fields of an image stream. If no image can be retrieved for a given tag, // a not found error will be returned. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageStreamTag { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -399,6 +429,9 @@ message ImageStreamTag { } // ImageStreamTagList is a list of ImageStreamTag objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageStreamTagList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -414,6 +447,9 @@ message ImageStreamTagList { // A create operation will succeed if no spec tag has already been defined and the // spec field is set. Delete will remove both spec and status elements from the // image stream. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageTag { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -436,6 +472,9 @@ message ImageTag { // ImageTagList is a list of ImageTag objects. When listing image tags, the image // field is not populated. Tags are returned in alphabetical order by image stream // and then tag. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ImageTagList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -484,6 +523,7 @@ message RepositoryImportStatus { } // SecretList is a list of Secret. +// +openshift:compatibility-gen:level=1 message SecretList { // Standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds diff --git a/vendor/github.com/openshift/api/image/v1/types.go b/vendor/github.com/openshift/api/image/v1/types.go index 8319921e9..781b0c72b 100644 --- a/vendor/github.com/openshift/api/image/v1/types.go +++ b/vendor/github.com/openshift/api/image/v1/types.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ImageList is a list of Image objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -29,6 +32,9 @@ type ImageList struct { // image metadata is stored in the API, any integration that implements the container image // registry API must provide its own storage for the raw manifest data, image config, and // layer contents. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Image struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -77,6 +83,9 @@ type ImageLayer struct { // to those matching cluster-wide policy. // Mandatory fields should be parsed by clients doing image verification. The others are parsed from // signature's content by the server. They serve just an informative purpose. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageSignature struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -153,6 +162,9 @@ type SignatureSubject struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ImageStreamList is a list of ImageStream objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageStreamList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -180,6 +192,9 @@ type ImageStreamList struct { // administrator runs the prune operation, which removes references that are no longer in // use. To preserve a historical image, ensure there is a tag in spec pointing to that image // by its digest. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageStream struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -358,6 +373,9 @@ type TagEventCondition struct { // mappings where the user has proven they have access to the image contents directly. // The only operation supported for this resource is create and the metadata name and // namespace should be set to the image stream containing the tag that should be updated. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageStreamMapping struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -380,6 +398,9 @@ type ImageStreamMapping struct { // failed the previous image will be shown. Deleting an image stream tag clears both the // status and spec fields of an image stream. If no image can be retrieved for a given tag, // a not found error will be returned. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageStreamTag struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -408,6 +429,9 @@ type ImageStreamTag struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ImageStreamTagList is a list of ImageStreamTag objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageStreamTagList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -428,6 +452,9 @@ type ImageStreamTagList struct { // A create operation will succeed if no spec tag has already been defined and the // spec field is set. Delete will remove both spec and status elements from the // image stream. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageTag struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -451,6 +478,9 @@ type ImageTag struct { // ImageTagList is a list of ImageTag objects. When listing image tags, the image // field is not populated. Tags are returned in alphabetical order by image stream // and then tag. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageTagList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -475,6 +505,9 @@ type ImageTagList struct { // ImageStreamImages as the from.kind of an image stream spec tag to reference an image // exactly. The only operations supported on the imagestreamimage endpoint are retrieving // the image. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageStreamImage struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -501,6 +534,9 @@ type DockerImageReference struct { // ImageStreamLayers describes information about the layers referenced by images in this // image stream. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageStreamLayers struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -552,6 +588,9 @@ type ImageLayerData struct { // This API is intended for end-user tools that need to see the metadata of the image prior to import // (for instance, to generate an application from it). Clients that know the desired image can continue // to create spec.tags directly into their image streams. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImageStreamImport struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -636,4 +675,5 @@ type ImageImportStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SecretList is a list of Secret. +// +openshift:compatibility-gen:level=1 type SecretList corev1.SecretList diff --git a/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go index a50ffbbc5..24c3abb02 100644 --- a/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/image/v1/zz_generated.swagger_doc_generated.go @@ -25,7 +25,7 @@ func (DockerImageReference) SwaggerDoc() map[string]string { } var map_Image = map[string]string{ - "": "Image is an immutable representation of a container image and metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users instead access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.", + "": "Image is an immutable representation of a container image and metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users instead access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "dockerImageReference": "DockerImageReference is the string that can be used to pull this image.", "dockerImageMetadata": "DockerImageMetadata contains metadata about this image", "dockerImageMetadataVersion": "DockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", @@ -98,7 +98,7 @@ func (ImageLayerData) SwaggerDoc() map[string]string { } var map_ImageList = map[string]string{ - "": "ImageList is a list of Image objects.", + "": "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of images", } @@ -116,7 +116,7 @@ func (ImageLookupPolicy) SwaggerDoc() map[string]string { } var map_ImageSignature = map[string]string{ - "": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.", + "": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "Required: Describes a type of stored blob.", "content": "Required: An opaque binary string which is an image's signature.", "conditions": "Conditions represent the latest available observations of a signature's current state.", @@ -132,7 +132,7 @@ func (ImageSignature) SwaggerDoc() map[string]string { } var map_ImageStream = map[string]string{ - "": "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.", + "": "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec describes the desired state of this stream", "status": "Status describes the current state of this stream", } @@ -142,7 +142,7 @@ func (ImageStream) SwaggerDoc() map[string]string { } var map_ImageStreamImage = map[string]string{ - "": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.", + "": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "image": "Image associated with the ImageStream and image name.", } @@ -151,7 +151,7 @@ func (ImageStreamImage) SwaggerDoc() map[string]string { } var map_ImageStreamImport = map[string]string{ - "": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.", + "": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec is a description of the images that the user wishes to import", "status": "Status is the the result of importing the image", } @@ -183,7 +183,7 @@ func (ImageStreamImportStatus) SwaggerDoc() map[string]string { } var map_ImageStreamLayers = map[string]string{ - "": "ImageStreamLayers describes information about the layers referenced by images in this image stream.", + "": "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "blobs": "blobs is a map of blob name to metadata about the blob.", "images": "images is a map between an image name and the names of the blobs and config that comprise the image.", } @@ -193,7 +193,7 @@ func (ImageStreamLayers) SwaggerDoc() map[string]string { } var map_ImageStreamList = map[string]string{ - "": "ImageStreamList is a list of ImageStream objects.", + "": "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of imageStreams", } @@ -202,7 +202,7 @@ func (ImageStreamList) SwaggerDoc() map[string]string { } var map_ImageStreamMapping = map[string]string{ - "": "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.", + "": "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "image": "Image is a container image.", "tag": "Tag is a string value this image can be located with inside the stream.", } @@ -234,7 +234,7 @@ func (ImageStreamStatus) SwaggerDoc() map[string]string { } var map_ImageStreamTag = map[string]string{ - "": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.", + "": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "tag": "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", "generation": "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", "lookupPolicy": "lookupPolicy indicates whether this tag will handle image references in this namespace.", @@ -247,7 +247,7 @@ func (ImageStreamTag) SwaggerDoc() map[string]string { } var map_ImageStreamTagList = map[string]string{ - "": "ImageStreamTagList is a list of ImageStreamTag objects.", + "": "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of image stream tags", } @@ -256,7 +256,7 @@ func (ImageStreamTagList) SwaggerDoc() map[string]string { } var map_ImageTag = map[string]string{ - "": "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.", + "": "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", "status": "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed.", "image": "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags.", @@ -267,7 +267,7 @@ func (ImageTag) SwaggerDoc() map[string]string { } var map_ImageTagList = map[string]string{ - "": "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.", + "": "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of image stream tags", } diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml index 191ca961f..d6618c189 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml @@ -1,1542 +1,1051 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: configs.imageregistry.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/519 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: configs.imageregistry.operator.openshift.io spec: group: imageregistry.operator.openshift.io + names: + kind: Config + listKind: ConfigList + plural: configs + singular: config scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "schema": - "openAPIV3Schema": - description: Config is the configuration object for a registry instance managed - by the registry operator - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRegistrySpec defines the specs for the running registry. - type: object - required: - - managementState - - replicas - properties: - affinity: - description: affinity is a group of node affinity scheduling rules - for the image registry pod(s). - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - type: array - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - type: array - items: + - name: v1 + schema: + openAPIV3Schema: + description: "Config is the configuration object for a registry instance managed by the registry operator \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageRegistrySpec defines the specs for the running registry. + type: object + required: + - managementState + - replicas + properties: + affinity: + description: affinity is a group of node affinity scheduling rules for the image registry pod(s). + type: object + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + type: array + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + type: object + required: + - preference + - weight + properties: + preference: + description: A node selector term, associated with the corresponding weight. + type: object + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector applies to. type: string - matchFields: - description: A list of node selector requirements - by node's fields. - type: array - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - type: array - items: + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - type: array - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - type: array - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - type: array - items: + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchFields: + description: A list of node selector requirements by node's fields. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector applies to. type: string - matchFields: - description: A list of node selector requirements - by node's fields. - type: array - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - type: array - items: + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: + type: string + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. type: object required: - - podAffinityTerm - - weight + - nodeSelectorTerms properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + type: array + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + type: object + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: - key - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + matchFields: + description: A list of node selector requirements by node's fields. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is alpha-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: + required: - key - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - This field is alpha-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - additionalProperties: + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - type: object - required: + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + type: object + required: - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: - key - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is alpha-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: + required: - key - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + type: array + items: type: string - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - This field is alpha-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - additionalProperties: + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - defaultRoute: - description: defaultRoute indicates whether an external facing route - for the registry should be created using the default generated hostname. - type: boolean - disableRedirect: - description: disableRedirect controls whether to route all data through - the Registry, rather than redirecting to the backend. - type: boolean - httpSecret: - description: httpSecret is the value needed by the registry to secure - uploads, generated by default. - type: string - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - logging: - description: logging is deprecated, use logLevel instead. - type: integer - format: int64 - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - nodeSelector: - description: nodeSelector defines the node selection constraints for - the registry pod. - type: object - additionalProperties: - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - proxy: - description: proxy defines the proxy to be used when calling master - api, upstream registries, etc. - type: object - properties: - http: - description: http defines the proxy to be used by the image registry - when accessing HTTP endpoints. - type: string - https: - description: https defines the proxy to be used by the image registry - when accessing HTTPS endpoints. - type: string - noProxy: - description: noProxy defines a comma-separated list of host names - that shouldn't go through any proxy. - type: string - readOnly: - description: readOnly indicates whether the registry instance should - reject attempts to push new images or delete existing ones. - type: boolean - replicas: - description: replicas determines the number of registry instances - to run. - type: integer - format: int32 - requests: - description: requests controls how many parallel requests a given - registry instance will handle before queuing additional requests. - type: object - properties: - read: - description: read defines limits for image registry's reads. - type: object - properties: - maxInQueue: - description: maxInQueue sets the maximum queued api requests - to the registry. - type: integer - maxRunning: - description: maxRunning sets the maximum in flight api requests - to the registry. - type: integer - maxWaitInQueue: - description: maxWaitInQueue sets the maximum time a request - can wait in the queue before being rejected. - type: string - format: duration - write: - description: write defines limits for image registry's writes. - type: object - properties: - maxInQueue: - description: maxInQueue sets the maximum queued api requests - to the registry. - type: integer - maxRunning: - description: maxRunning sets the maximum in flight api requests - to the registry. - type: integer - maxWaitInQueue: - description: maxWaitInQueue sets the maximum time a request - can wait in the queue before being rejected. - type: string - format: duration - resources: - description: resources defines the resource requests+limits for the - registry pod. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - rolloutStrategy: - description: rolloutStrategy defines rollout strategy for the image - registry deployment. - type: string - pattern: ^(RollingUpdate|Recreate)$ - routes: - description: routes defines additional external facing routes which - should be created for the registry. - type: array - items: - description: ImageRegistryConfigRoute holds information on external - route access to image registry. - type: object - required: - - name - properties: - hostname: - description: hostname for the route. - type: string - name: - description: name of the route to be created. - type: string - secretName: - description: secretName points to secret containing the certificates - to be used by the route. - type: string - storage: - description: storage details for configuring registry storage, e.g. - S3 bucket coordinates. - type: object - properties: - azure: - description: azure represents configuration that uses Azure Blob - Storage. - type: object - properties: - accountName: - description: accountName defines the account to be used by - the registry. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - to be used by the registry. If empty, the operator will - set it based on the infrastructure object. - type: string - container: - description: container defines Azure's container to be used - by registry. - type: string - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - emptyDir: - description: 'emptyDir represents ephemeral storage on the pod''s - host node. WARNING: this storage cannot be used with more than - 1 replica and is not suitable for production use. When the pod - is removed from a node for any reason, the data in the emptyDir - is deleted forever.' - type: object - gcs: - description: gcs represents configuration that uses Google Cloud - Storage. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, buckets are encrypted by default on GCP. This - allows for the use of a custom encryption key. - type: string - projectID: - description: projectID is the Project ID of the GCP project - that this bucket should be associated with. - type: string - region: - description: region is the GCS location in which your bucket - exists. Optional, will be set based on the installed GCS - Region. - type: string - managementState: - description: managementState indicates if the operator manages - the underlying storage unit. If Managed the operator will remove - the storage when this operator gets Removed. - type: string - pattern: ^(Managed|Unmanaged)$ - pvc: - description: pvc represents configuration that uses a PersistentVolumeClaim. - type: object - properties: - claim: - description: claim defines the Persisent Volume Claim's name - to be used. - type: string - s3: - description: s3 represents configuration that uses Amazon Simple - Storage Service. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - cloudFront: - description: cloudFront configures Amazon Cloudfront as the - storage middleware in a registry. - type: object - required: - - baseURL - - keypairID - - privateKey - properties: - baseURL: - description: baseURL contains the SCHEME://HOST[/PATH] - at which Cloudfront is served. - type: string - duration: - description: duration is the duration of the Cloudfront - session. - type: string - format: duration - keypairID: - description: keypairID is key pair ID provided by AWS. - type: string - privateKey: - description: privateKey points to secret containing the - private key, provided by AWS. + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running type: object required: - - key + - topologyKey properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + labelSelector: + description: A label query over a set of resources, in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - encrypt: - description: encrypt specifies whether the registry stores - the image in encrypted format or not. Optional, defaults - to false. - type: boolean - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, Encrypt must be true, or this parameter is ignored. - type: string - region: - description: region is the AWS region in which your bucket - exists. Optional, will be set based on the installed AWS - Region. - type: string - regionEndpoint: - description: regionEndpoint is the endpoint for S3 compatible - storage services. Optional, defaults based on the Region - that is provided. - type: string - virtualHostedStyle: - description: virtualHostedStyle enables using S3 virtual hosted - style bucket paths with a custom RegionEndpoint Optional, - defaults to false. - type: boolean - swift: - description: swift represents configuration that uses OpenStack - Object Storage. - type: object - properties: - authURL: - description: authURL defines the URL for obtaining an authentication - token. - type: string - authVersion: - description: authVersion specifies the OpenStack Auth's version. - type: string - container: - description: container defines the name of Swift container - where to store the registry's data. - type: string - domain: - description: domain specifies Openstack's domain name for - Identity v3 API. - type: string - domainID: - description: domainID specifies Openstack's domain id for - Identity v3 API. - type: string - regionName: - description: regionName defines Openstack's region in which - container exists. - type: string - tenant: - description: tenant defines Openstack tenant name to be used - by registry. - type: string - tenantID: - description: tenant defines Openstack tenant id to be used - by registry. - type: string - tolerations: - description: tolerations defines the tolerations for the registry - pod. - type: array - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + defaultRoute: + description: defaultRoute indicates whether an external facing route for the registry should be created using the default generated hostname. + type: boolean + disableRedirect: + description: disableRedirect controls whether to route all data through the Registry, rather than redirecting to the backend. + type: boolean + httpSecret: + description: httpSecret is the value needed by the registry to secure uploads, generated by default. + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + logging: + description: logging is deprecated, use logLevel instead. + type: integer + format: int64 + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + nodeSelector: + description: nodeSelector defines the node selection constraints for the registry pod. + type: object + additionalProperties: + type: string + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + proxy: + description: proxy defines the proxy to be used when calling master api, upstream registries, etc. type: object properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. + http: + description: http defines the proxy to be used by the image registry when accessing HTTP endpoints. type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. + https: + description: https defines the proxy to be used by the image registry when accessing HTTPS endpoints. type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. + noProxy: + description: noProxy defines a comma-separated list of host names that shouldn't go through any proxy. type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: ImageRegistryStatus reports image registry operational status. - type: object - required: - - storage - - storageManaged - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + readOnly: + description: readOnly indicates whether the registry instance should reject attempts to push new images or delete existing ones. + type: boolean + replicas: + description: replicas determines the number of registry instances to run. + type: integer + format: int32 + requests: + description: requests controls how many parallel requests a given registry instance will handle before queuing additional requests. type: object properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + read: + description: read defines limits for image registry's reads. + type: object + properties: + maxInQueue: + description: maxInQueue sets the maximum queued api requests to the registry. + type: integer + maxRunning: + description: maxRunning sets the maximum in flight api requests to the registry. + type: integer + maxWaitInQueue: + description: maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected. + type: string + format: duration + write: + description: write defines limits for image registry's writes. + type: object + properties: + maxInQueue: + description: maxInQueue sets the maximum queued api requests to the registry. + type: integer + maxRunning: + description: maxRunning sets the maximum in flight api requests to the registry. + type: integer + maxWaitInQueue: + description: maxWaitInQueue sets the maximum time a request can wait in the queue before being rejected. + type: string + format: duration + resources: + description: resources defines the resource requests+limits for the registry pod. type: object properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - storage: - description: storage indicates the current applied storage configuration - of the registry. - type: object - properties: - azure: - description: azure represents configuration that uses Azure Blob - Storage. + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + rolloutStrategy: + description: rolloutStrategy defines rollout strategy for the image registry deployment. + type: string + pattern: ^(RollingUpdate|Recreate)$ + routes: + description: routes defines additional external facing routes which should be created for the registry. + type: array + items: + description: ImageRegistryConfigRoute holds information on external route access to image registry. type: object + required: + - name properties: - accountName: - description: accountName defines the account to be used by - the registry. + hostname: + description: hostname for the route. type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - to be used by the registry. If empty, the operator will - set it based on the infrastructure object. + name: + description: name of the route to be created. type: string - container: - description: container defines Azure's container to be used - by registry. + secretName: + description: secretName points to secret containing the certificates to be used by the route. type: string - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - emptyDir: - description: 'emptyDir represents ephemeral storage on the pod''s - host node. WARNING: this storage cannot be used with more than - 1 replica and is not suitable for production use. When the pod - is removed from a node for any reason, the data in the emptyDir - is deleted forever.' - type: object - gcs: - description: gcs represents configuration that uses Google Cloud - Storage. + storage: + description: storage details for configuring registry storage, e.g. S3 bucket coordinates. + type: object + properties: + azure: + description: azure represents configuration that uses Azure Blob Storage. + type: object + properties: + accountName: + description: accountName defines the account to be used by the registry. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object. + type: string + container: + description: container defines Azure's container to be used by registry. + type: string + maxLength: 63 + minLength: 3 + pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ + emptyDir: + description: 'emptyDir represents ephemeral storage on the pod''s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.' + type: object + gcs: + description: gcs represents configuration that uses Google Cloud Storage. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. + type: string + keyID: + description: keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key. + type: string + projectID: + description: projectID is the Project ID of the GCP project that this bucket should be associated with. + type: string + region: + description: region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region. + type: string + ibmcos: + description: ibmcos represents configuration that uses IBM Cloud Object Storage. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. + type: string + location: + description: location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location. + type: string + resourceGroupName: + description: resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group. + type: string + resourceKeyCRN: + description: resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided. + type: string + pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$ + serviceInstanceCRN: + description: serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided. + type: string + pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$ + managementState: + description: managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed. + type: string + pattern: ^(Managed|Unmanaged)$ + pvc: + description: pvc represents configuration that uses a PersistentVolumeClaim. + type: object + properties: + claim: + description: claim defines the Persisent Volume Claim's name to be used. + type: string + s3: + description: s3 represents configuration that uses Amazon Simple Storage Service. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. + type: string + cloudFront: + description: cloudFront configures Amazon Cloudfront as the storage middleware in a registry. + type: object + required: + - baseURL + - keypairID + - privateKey + properties: + baseURL: + description: baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served. + type: string + duration: + description: duration is the duration of the Cloudfront session. + type: string + format: duration + keypairID: + description: keypairID is key pair ID provided by AWS. + type: string + privateKey: + description: privateKey points to secret containing the private key, provided by AWS. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + encrypt: + description: encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false. + type: boolean + keyID: + description: keyID is the KMS key ID to use for encryption. Optional, Encrypt must be true, or this parameter is ignored. + type: string + region: + description: region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region. + type: string + regionEndpoint: + description: regionEndpoint is the endpoint for S3 compatible storage services. Optional, defaults based on the Region that is provided. + type: string + virtualHostedStyle: + description: virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom RegionEndpoint Optional, defaults to false. + type: boolean + swift: + description: swift represents configuration that uses OpenStack Object Storage. + type: object + properties: + authURL: + description: authURL defines the URL for obtaining an authentication token. + type: string + authVersion: + description: authVersion specifies the OpenStack Auth's version. + type: string + container: + description: container defines the name of Swift container where to store the registry's data. + type: string + domain: + description: domain specifies Openstack's domain name for Identity v3 API. + type: string + domainID: + description: domainID specifies Openstack's domain id for Identity v3 API. + type: string + regionName: + description: regionName defines Openstack's region in which container exists. + type: string + tenant: + description: tenant defines Openstack tenant name to be used by registry. + type: string + tenantID: + description: tenant defines Openstack tenant id to be used by registry. + type: string + tolerations: + description: tolerations defines the tolerations for the registry pod. + type: array + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . type: object properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, buckets are encrypted by default on GCP. This - allows for the use of a custom encryption key. + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string - projectID: - description: projectID is the Project ID of the GCP project - that this bucket should be associated with. + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. type: string - region: - description: region is the GCS location in which your bucket - exists. Optional, will be set based on the installed GCS - Region. + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string - managementState: - description: managementState indicates if the operator manages - the underlying storage unit. If Managed the operator will remove - the storage when this operator gets Removed. - type: string - pattern: ^(Managed|Unmanaged)$ - pvc: - description: pvc represents configuration that uses a PersistentVolumeClaim. + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: ImageRegistryStatus reports image registry operational status. + type: object + required: + - storage + - storageManaged + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. type: object properties: - claim: - description: claim defines the Persisent Volume Claim's name - to be used. + lastTransitionTime: type: string - s3: - description: s3 represents configuration that uses Amazon Simple - Storage Service. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. + format: date-time + message: type: string - cloudFront: - description: cloudFront configures Amazon Cloudfront as the - storage middleware in a registry. - type: object - required: - - baseURL - - keypairID - - privateKey - properties: - baseURL: - description: baseURL contains the SCHEME://HOST[/PATH] - at which Cloudfront is served. - type: string - duration: - description: duration is the duration of the Cloudfront - session. - type: string - format: duration - keypairID: - description: keypairID is key pair ID provided by AWS. - type: string - privateKey: - description: privateKey points to secret containing the - private key, provided by AWS. - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - encrypt: - description: encrypt specifies whether the registry stores - the image in encrypted format or not. Optional, defaults - to false. - type: boolean - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, Encrypt must be true, or this parameter is ignored. + reason: type: string - region: - description: region is the AWS region in which your bucket - exists. Optional, will be set based on the installed AWS - Region. + status: type: string - regionEndpoint: - description: regionEndpoint is the endpoint for S3 compatible - storage services. Optional, defaults based on the Region - that is provided. + type: type: string - virtualHostedStyle: - description: virtualHostedStyle enables using S3 virtual hosted - style bucket paths with a custom RegionEndpoint Optional, - defaults to false. - type: boolean - swift: - description: swift represents configuration that uses OpenStack - Object Storage. + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. type: object properties: - authURL: - description: authURL defines the URL for obtaining an authentication - token. - type: string - authVersion: - description: authVersion specifies the OpenStack Auth's version. - type: string - container: - description: container defines the name of Swift container - where to store the registry's data. - type: string - domain: - description: domain specifies Openstack's domain name for - Identity v3 API. + group: + description: group is the group of the thing you're tracking type: string - domainID: - description: domainID specifies Openstack's domain id for - Identity v3 API. + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps type: string - regionName: - description: regionName defines Openstack's region in which - container exists. + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking type: string - tenant: - description: tenant defines Openstack tenant name to be used - by registry. + namespace: + description: namespace is where the thing you're tracking is type: string - tenantID: - description: tenant defines Openstack tenant id to be used - by registry. + resource: + description: resource is the resource type of the thing you're tracking type: string - storageManaged: - description: storageManaged is deprecated, please refer to Storage.managementState - type: boolean - version: - description: version is the level this availability applies to - type: string - names: - kind: Config - listKind: ConfigList - plural: configs - singular: config + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + storage: + description: storage indicates the current applied storage configuration of the registry. + type: object + properties: + azure: + description: azure represents configuration that uses Azure Blob Storage. + type: object + properties: + accountName: + description: accountName defines the account to be used by the registry. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object. + type: string + container: + description: container defines Azure's container to be used by registry. + type: string + maxLength: 63 + minLength: 3 + pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ + emptyDir: + description: 'emptyDir represents ephemeral storage on the pod''s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.' + type: object + gcs: + description: gcs represents configuration that uses Google Cloud Storage. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. + type: string + keyID: + description: keyID is the KMS key ID to use for encryption. Optional, buckets are encrypted by default on GCP. This allows for the use of a custom encryption key. + type: string + projectID: + description: projectID is the Project ID of the GCP project that this bucket should be associated with. + type: string + region: + description: region is the GCS location in which your bucket exists. Optional, will be set based on the installed GCS Region. + type: string + ibmcos: + description: ibmcos represents configuration that uses IBM Cloud Object Storage. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. + type: string + location: + description: location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location. + type: string + resourceGroupName: + description: resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group. + type: string + resourceKeyCRN: + description: resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided. + type: string + pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$ + serviceInstanceCRN: + description: serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided. + type: string + pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$ + managementState: + description: managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed. + type: string + pattern: ^(Managed|Unmanaged)$ + pvc: + description: pvc represents configuration that uses a PersistentVolumeClaim. + type: object + properties: + claim: + description: claim defines the Persisent Volume Claim's name to be used. + type: string + s3: + description: s3 represents configuration that uses Amazon Simple Storage Service. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided. + type: string + cloudFront: + description: cloudFront configures Amazon Cloudfront as the storage middleware in a registry. + type: object + required: + - baseURL + - keypairID + - privateKey + properties: + baseURL: + description: baseURL contains the SCHEME://HOST[/PATH] at which Cloudfront is served. + type: string + duration: + description: duration is the duration of the Cloudfront session. + type: string + format: duration + keypairID: + description: keypairID is key pair ID provided by AWS. + type: string + privateKey: + description: privateKey points to secret containing the private key, provided by AWS. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + encrypt: + description: encrypt specifies whether the registry stores the image in encrypted format or not. Optional, defaults to false. + type: boolean + keyID: + description: keyID is the KMS key ID to use for encryption. Optional, Encrypt must be true, or this parameter is ignored. + type: string + region: + description: region is the AWS region in which your bucket exists. Optional, will be set based on the installed AWS Region. + type: string + regionEndpoint: + description: regionEndpoint is the endpoint for S3 compatible storage services. Optional, defaults based on the Region that is provided. + type: string + virtualHostedStyle: + description: virtualHostedStyle enables using S3 virtual hosted style bucket paths with a custom RegionEndpoint Optional, defaults to false. + type: boolean + swift: + description: swift represents configuration that uses OpenStack Object Storage. + type: object + properties: + authURL: + description: authURL defines the URL for obtaining an authentication token. + type: string + authVersion: + description: authVersion specifies the OpenStack Auth's version. + type: string + container: + description: container defines the name of Swift container where to store the registry's data. + type: string + domain: + description: domain specifies Openstack's domain name for Identity v3 API. + type: string + domainID: + description: domainID specifies Openstack's domain id for Identity v3 API. + type: string + regionName: + description: regionName defines Openstack's region in which container exists. + type: string + tenant: + description: tenant defines Openstack tenant name to be used by registry. + type: string + tenantID: + description: tenant defines Openstack tenant id to be used by registry. + type: string + storageManaged: + description: storageManaged is deprecated, please refer to Storage.managementState + type: boolean + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml index 8cbe097f6..b261e79de 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml @@ -1,1028 +1,618 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: imagepruners.imageregistry.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/555 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: imagepruners.imageregistry.operator.openshift.io spec: group: imageregistry.operator.openshift.io + names: + kind: ImagePruner + listKind: ImagePrunerList + plural: imagepruners + singular: imagepruner scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - "schema": - "openAPIV3Schema": - description: ImagePruner is the configuration object for an image registry - pruner managed by the registry operator. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePrunerSpec defines the specs for the running image pruner. - type: object - properties: - affinity: - description: affinity is a group of node affinity scheduling rules - for the image pruner pod. - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - type: array - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - type: array - items: + - name: v1 + schema: + openAPIV3Schema: + description: "ImagePruner is the configuration object for an image registry pruner managed by the registry operator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImagePrunerSpec defines the specs for the running image pruner. + type: object + properties: + affinity: + description: affinity is a group of node affinity scheduling rules for the image pruner pod. + type: object + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + type: array + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + type: object + required: + - preference + - weight + properties: + preference: + description: A node selector term, associated with the corresponding weight. + type: object + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector applies to. type: string - matchFields: - description: A list of node selector requirements - by node's fields. - type: array - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - type: array - items: + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - type: array - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - type: array - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - type: array - items: + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchFields: + description: A list of node selector requirements by node's fields. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector applies to. type: string - matchFields: - description: A list of node selector requirements - by node's fields. - type: array - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - type: array - items: + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: + type: string + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. type: object required: - - podAffinityTerm - - weight + - nodeSelectorTerms properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + type: array + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + type: object + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: - key - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + matchFields: + description: A list of node selector requirements by node's fields. + type: array + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is alpha-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: + required: - key - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - This field is alpha-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - additionalProperties: + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - type: object - required: + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + type: object + required: - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: - key - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. This field is alpha-level - and is only honored when PodAffinityNamespaceSelector - feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: + required: - key - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + type: array + items: type: string - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - additionalProperties: - type: string - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - This field is alpha-level and is only honored when - PodAffinityNamespaceSelector feature is enabled. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - additionalProperties: + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace" - type: array - items: + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - failedJobsHistoryLimit: - description: failedJobsHistoryLimit specifies how many failed image - pruner jobs to retain. Defaults to 3 if not set. - type: integer - format: int32 - ignoreInvalidImageReferences: - description: ignoreInvalidImageReferences indicates whether the pruner - can ignore errors while parsing image references. - type: boolean - keepTagRevisions: - description: keepTagRevisions specifies the number of image revisions - for a tag in an image stream that will be preserved. Defaults to - 3. - type: integer - keepYoungerThan: - description: 'keepYoungerThan specifies the minimum age in nanoseconds - of an image and its referrers for it to be considered a candidate - for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. - If both are set, this field is ignored and keepYoungerThanDuration - takes precedence.' - type: integer - format: int64 - keepYoungerThanDuration: - description: keepYoungerThanDuration specifies the minimum age of - an image and its referrers for it to be considered a candidate for - pruning. Defaults to 60m (60 minutes). - type: string - format: duration - logLevel: - description: "logLevel sets the level of log output for the pruner - job. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". - Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - nodeSelector: - description: nodeSelector defines the node selection constraints for - the image pruner pod. - type: object - additionalProperties: + failedJobsHistoryLimit: + description: failedJobsHistoryLimit specifies how many failed image pruner jobs to retain. Defaults to 3 if not set. + type: integer + format: int32 + ignoreInvalidImageReferences: + description: ignoreInvalidImageReferences indicates whether the pruner can ignore errors while parsing image references. + type: boolean + keepTagRevisions: + description: keepTagRevisions specifies the number of image revisions for a tag in an image stream that will be preserved. Defaults to 3. + type: integer + keepYoungerThan: + description: 'keepYoungerThan specifies the minimum age in nanoseconds of an image and its referrers for it to be considered a candidate for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. If both are set, this field is ignored and keepYoungerThanDuration takes precedence.' + type: integer + format: int64 + keepYoungerThanDuration: + description: keepYoungerThanDuration specifies the minimum age of an image and its referrers for it to be considered a candidate for pruning. Defaults to 60m (60 minutes). type: string - resources: - description: resources defines the resource requests and limits for - the image pruner pod. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - schedule: - description: 'schedule specifies when to execute the job using standard - cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to `0 - 0 * * *`.' - type: string - successfulJobsHistoryLimit: - description: successfulJobsHistoryLimit specifies how many successful - image pruner jobs to retain. Defaults to 3 if not set. - type: integer - format: int32 - suspend: - description: suspend specifies whether or not to suspend subsequent - executions of this cronjob. Defaults to false. - type: boolean - tolerations: - description: tolerations defines the node tolerations for the image - pruner pod. - type: array - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + format: duration + logLevel: + description: "logLevel sets the level of log output for the pruner job. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + nodeSelector: + description: nodeSelector defines the node selection constraints for the image pruner pod. type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - status: - description: ImagePrunerStatus reports image pruner operational status. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status. - type: array - items: - description: OperatorCondition is just the standard condition fields. + additionalProperties: + type: string + resources: + description: resources defines the resource requests and limits for the image pruner pod. type: object properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - observedGeneration: - description: observedGeneration is the last generation change that - has been applied. - type: integer - format: int64 - names: - kind: ImagePruner - listKind: ImagePrunerList - plural: imagepruners - singular: imagepruner + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + schedule: + description: 'schedule specifies when to execute the job using standard cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to `0 0 * * *`.' + type: string + successfulJobsHistoryLimit: + description: successfulJobsHistoryLimit specifies how many successful image pruner jobs to retain. Defaults to 3 if not set. + type: integer + format: int32 + suspend: + description: suspend specifies whether or not to suspend subsequent executions of this cronjob. Defaults to false. + type: boolean + tolerations: + description: tolerations defines the node tolerations for the image pruner pod. + type: array + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + status: + description: ImagePrunerStatus reports image pruner operational status. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status. + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + observedGeneration: + description: observedGeneration is the last generation change that has been applied. + type: integer + format: int64 + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types.go b/vendor/github.com/openshift/api/imageregistry/v1/types.go index debb34c09..7723074c6 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types.go @@ -10,6 +10,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ConfigList is a slice of Config objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` @@ -30,6 +33,9 @@ const ( // Config is the configuration object for a registry instance managed by // the registry operator +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Config struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -268,6 +274,38 @@ type ImageRegistryConfigStorageAzure struct { CloudName string `json:"cloudName,omitempty"` } +// ImageRegistryConfigStorageIBMCOS holds the information to configure +// the registry to use IBM Cloud Object Storage for backend storage. +type ImageRegistryConfigStorageIBMCOS struct { + // bucket is the bucket name in which you want to store the registry's + // data. + // Optional, will be generated if not provided. + // +optional + Bucket string `json:"bucket,omitempty"` + // location is the IBM Cloud location in which your bucket exists. + // Optional, will be set based on the installed IBM Cloud location. + // +optional + Location string `json:"location,omitempty"` + // resourceGroupName is the name of the IBM Cloud resource group that this + // bucket and its service instance is associated with. + // Optional, will be set based on the installed IBM Cloud resource group. + // +optional + ResourceGroupName string `json:"resourceGroupName,omitempty"` + // resourceKeyCRN is the CRN of the IBM Cloud resource key that is created + // for the service instance. Commonly referred as a service credential and + // must contain HMAC type credentials. + // Optional, will be computed if not provided. + // +optional + // +kubebuilder:validation:Pattern=`^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$` + ResourceKeyCRN string `json:"resourceKeyCRN,omitempty"` + // serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service + // instance that this bucket is associated with. + // Optional, will be computed if not provided. + // +optional + // +kubebuilder:validation:Pattern=`^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$` + ServiceInstanceCRN string `json:"serviceInstanceCRN,omitempty"` +} + // ImageRegistryConfigStorage describes how the storage should be configured // for the image registry. type ImageRegistryConfigStorage struct { @@ -292,6 +330,9 @@ type ImageRegistryConfigStorage struct { // azure represents configuration that uses Azure Blob Storage. // +optional Azure *ImageRegistryConfigStorageAzure `json:"azure,omitempty"` + // ibmcos represents configuration that uses IBM Cloud Object Storage. + // +optional + IBMCOS *ImageRegistryConfigStorageIBMCOS `json:"ibmcos,omitempty"` // managementState indicates if the operator manages the underlying // storage unit. If Managed the operator will remove the storage when // this operator gets Removed. diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go b/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go index 08948924d..8414d2238 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go @@ -12,6 +12,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ImagePrunerList is a slice of ImagePruner objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImagePrunerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` @@ -24,6 +27,9 @@ type ImagePrunerList struct { // ImagePruner is the configuration object for an image registry pruner // managed by the registry operator. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ImagePruner struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go index 87074c50c..59b795ad9 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go @@ -328,6 +328,11 @@ func (in *ImageRegistryConfigStorage) DeepCopyInto(out *ImageRegistryConfigStora *out = new(ImageRegistryConfigStorageAzure) **out = **in } + if in.IBMCOS != nil { + in, out := &in.IBMCOS, &out.IBMCOS + *out = new(ImageRegistryConfigStorageIBMCOS) + **out = **in + } return } @@ -389,6 +394,22 @@ func (in *ImageRegistryConfigStorageGCS) DeepCopy() *ImageRegistryConfigStorageG return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageRegistryConfigStorageIBMCOS) DeepCopyInto(out *ImageRegistryConfigStorageIBMCOS) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageRegistryConfigStorageIBMCOS. +func (in *ImageRegistryConfigStorageIBMCOS) DeepCopy() *ImageRegistryConfigStorageIBMCOS { + if in == nil { + return nil + } + out := new(ImageRegistryConfigStorageIBMCOS) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageRegistryConfigStoragePVC) DeepCopyInto(out *ImageRegistryConfigStoragePVC) { *out = *in diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go index 5149a2d22..42a7ff811 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Config = map[string]string{ - "": "Config is the configuration object for a registry instance managed by the registry operator", + "": "Config is the configuration object for a registry instance managed by the registry operator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (Config) SwaggerDoc() map[string]string { @@ -20,7 +20,7 @@ func (Config) SwaggerDoc() map[string]string { } var map_ConfigList = map[string]string{ - "": "ConfigList is a slice of Config objects.", + "": "ConfigList is a slice of Config objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ConfigList) SwaggerDoc() map[string]string { @@ -78,6 +78,7 @@ var map_ImageRegistryConfigStorage = map[string]string{ "swift": "swift represents configuration that uses OpenStack Object Storage.", "pvc": "pvc represents configuration that uses a PersistentVolumeClaim.", "azure": "azure represents configuration that uses Azure Blob Storage.", + "ibmcos": "ibmcos represents configuration that uses IBM Cloud Object Storage.", "managementState": "managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed.", } @@ -116,6 +117,19 @@ func (ImageRegistryConfigStorageGCS) SwaggerDoc() map[string]string { return map_ImageRegistryConfigStorageGCS } +var map_ImageRegistryConfigStorageIBMCOS = map[string]string{ + "": "ImageRegistryConfigStorageIBMCOS holds the information to configure the registry to use IBM Cloud Object Storage for backend storage.", + "bucket": "bucket is the bucket name in which you want to store the registry's data. Optional, will be generated if not provided.", + "location": "location is the IBM Cloud location in which your bucket exists. Optional, will be set based on the installed IBM Cloud location.", + "resourceGroupName": "resourceGroupName is the name of the IBM Cloud resource group that this bucket and its service instance is associated with. Optional, will be set based on the installed IBM Cloud resource group.", + "resourceKeyCRN": "resourceKeyCRN is the CRN of the IBM Cloud resource key that is created for the service instance. Commonly referred as a service credential and must contain HMAC type credentials. Optional, will be computed if not provided.", + "serviceInstanceCRN": "serviceInstanceCRN is the CRN of the IBM Cloud Object Storage service instance that this bucket is associated with. Optional, will be computed if not provided.", +} + +func (ImageRegistryConfigStorageIBMCOS) SwaggerDoc() map[string]string { + return map_ImageRegistryConfigStorageIBMCOS +} + var map_ImageRegistryConfigStoragePVC = map[string]string{ "": "ImageRegistryConfigStoragePVC holds Persistent Volume Claims data to be used by the registry.", "claim": "claim defines the Persisent Volume Claim's name to be used.", @@ -203,7 +217,7 @@ func (ImageRegistryStatus) SwaggerDoc() map[string]string { } var map_ImagePruner = map[string]string{ - "": "ImagePruner is the configuration object for an image registry pruner managed by the registry operator.", + "": "ImagePruner is the configuration object for an image registry pruner managed by the registry operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ImagePruner) SwaggerDoc() map[string]string { @@ -211,7 +225,7 @@ func (ImagePruner) SwaggerDoc() map[string]string { } var map_ImagePrunerList = map[string]string{ - "": "ImagePrunerList is a slice of ImagePruner objects.", + "": "ImagePrunerList is a slice of ImagePruner objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ImagePrunerList) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/install.go b/vendor/github.com/openshift/api/install.go index 00ec821f8..926cca048 100644 --- a/vendor/github.com/openshift/api/install.go +++ b/vendor/github.com/openshift/api/install.go @@ -20,6 +20,7 @@ import ( kextensionsv1beta1 "k8s.io/api/extensions/v1beta1" kimagepolicyv1alpha1 "k8s.io/api/imagepolicy/v1alpha1" knetworkingv1 "k8s.io/api/networking/v1" + kpolicyv1 "k8s.io/api/policy/v1" kpolicyv1beta1 "k8s.io/api/policy/v1beta1" krbacv1 "k8s.io/api/rbac/v1" krbacv1alpha1 "k8s.io/api/rbac/v1alpha1" @@ -112,6 +113,7 @@ var ( kextensionsv1beta1.AddToScheme, kimagepolicyv1alpha1.AddToScheme, knetworkingv1.AddToScheme, + kpolicyv1.AddToScheme, kpolicyv1beta1.AddToScheme, krbacv1.AddToScheme, krbacv1beta1.AddToScheme, diff --git a/vendor/github.com/openshift/api/kubecontrolplane/v1/types.go b/vendor/github.com/openshift/api/kubecontrolplane/v1/types.go index 97c1d5b7d..cb12f94ce 100644 --- a/vendor/github.com/openshift/api/kubecontrolplane/v1/types.go +++ b/vendor/github.com/openshift/api/kubecontrolplane/v1/types.go @@ -11,6 +11,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type KubeAPIServerConfig struct { metav1.TypeMeta `json:",inline"` @@ -187,6 +190,9 @@ type AggregatorConfig struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type KubeControllerManagerConfig struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go index 7a0cbada2..1561d461e 100644 --- a/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go @@ -21,6 +21,7 @@ func (AggregatorConfig) SwaggerDoc() map[string]string { } var map_KubeAPIServerConfig = map[string]string{ + "": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "authConfig": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", "aggregatorConfig": "aggregatorConfig has options for configuring the aggregator component of the API server.", "kubeletClientInfo": "kubeletClientInfo contains information about how to connect to kubelets", @@ -56,6 +57,7 @@ func (KubeAPIServerProjectConfig) SwaggerDoc() map[string]string { } var map_KubeControllerManagerConfig = map[string]string{ + "": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "serviceServingCert": "serviceServingCert provides support for the old alpha service serving cert signer CA bundle", "projectConfig": "projectConfig is an optimization for the daemonset controller", "extendedArguments": "extendedArguments is used to configure the kube-controller-manager", diff --git a/vendor/github.com/openshift/api/legacyconfig/v1/types.go b/vendor/github.com/openshift/api/legacyconfig/v1/types.go index d9276cb16..c7840dc5f 100644 --- a/vendor/github.com/openshift/api/legacyconfig/v1/types.go +++ b/vendor/github.com/openshift/api/legacyconfig/v1/types.go @@ -14,6 +14,10 @@ type ExtendedArguments map[string][]string // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // NodeConfig is the fully specified config starting an OpenShift node +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type NodeConfig struct { metav1.TypeMeta `json:",inline"` @@ -186,6 +190,10 @@ type FeatureList []string // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // MasterConfig holds the necessary configuration options for the OpenShift master +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type MasterConfig struct { metav1.TypeMeta `json:",inline"` @@ -821,6 +829,10 @@ type SessionConfig struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type SessionSecrets struct { metav1.TypeMeta `json:",inline"` @@ -855,6 +867,10 @@ type IdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type BasicAuthPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -865,6 +881,10 @@ type BasicAuthPasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type AllowAllPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` } @@ -872,6 +892,10 @@ type AllowAllPasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DenyAllPasswordIdentityProvider provides no identities for users +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type DenyAllPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` } @@ -879,6 +903,10 @@ type DenyAllPasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type HTPasswdPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -889,6 +917,10 @@ type HTPasswdPasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type LDAPPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` // URL is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is @@ -930,6 +962,10 @@ type LDAPAttributeMapping struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type KeystonePasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` // RemoteConnectionInfo contains information about how to connect to the keystone server @@ -943,6 +979,10 @@ type KeystonePasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type RequestHeaderIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -980,6 +1020,10 @@ type RequestHeaderIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GitHubIdentityProvider provides identities for users authenticating using GitHub credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type GitHubIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -1002,6 +1046,10 @@ type GitHubIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GitLabIdentityProvider provides identities for users authenticating using GitLab credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type GitLabIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -1027,6 +1075,10 @@ type GitLabIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GoogleIdentityProvider provides identities for users authenticating using Google credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type GoogleIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -1042,6 +1094,10 @@ type GoogleIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type OpenIDIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -1223,6 +1279,10 @@ type StringSourceSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type LDAPSyncConfig struct { metav1.TypeMeta `json:",inline"` // Host is the scheme, host and port of the LDAP server to connect to: @@ -1447,6 +1507,10 @@ type ServiceServingCert struct { // DefaultAdmissionConfig can be used to enable or disable various admission plugins. // When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, // this will cause an "off by default" admission plugin to be enabled +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type DefaultAdmissionConfig struct { metav1.TypeMeta `json:",inline"` @@ -1457,6 +1521,10 @@ type DefaultAdmissionConfig struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildDefaultsConfig controls the default information for Builds +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type BuildDefaultsConfig struct { metav1.TypeMeta `json:",inline"` @@ -1504,6 +1572,10 @@ type SourceStrategyDefaultsConfig struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildOverridesConfig controls override settings for builds +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type BuildOverridesConfig struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.swagger_doc_generated.go index 75ee2a42b..d7fc1a920 100644 --- a/vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.swagger_doc_generated.go @@ -52,7 +52,7 @@ func (AggregatorConfig) SwaggerDoc() map[string]string { } var map_AllowAllPasswordIdentityProvider = map[string]string{ - "": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords", + "": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", } func (AllowAllPasswordIdentityProvider) SwaggerDoc() map[string]string { @@ -92,7 +92,7 @@ func (AugmentedActiveDirectoryConfig) SwaggerDoc() map[string]string { } var map_BasicAuthPasswordIdentityProvider = map[string]string{ - "": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", + "": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", } func (BasicAuthPasswordIdentityProvider) SwaggerDoc() map[string]string { @@ -100,7 +100,7 @@ func (BasicAuthPasswordIdentityProvider) SwaggerDoc() map[string]string { } var map_BuildDefaultsConfig = map[string]string{ - "": "BuildDefaultsConfig controls the default information for Builds", + "": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "gitHTTPProxy": "gitHTTPProxy is the location of the HTTPProxy for Git source", "gitHTTPSProxy": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", "gitNoProxy": "gitNoProxy is the list of domains for which the proxy should not be used", @@ -117,7 +117,7 @@ func (BuildDefaultsConfig) SwaggerDoc() map[string]string { } var map_BuildOverridesConfig = map[string]string{ - "": "BuildOverridesConfig controls override settings for builds", + "": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "forcePull": "forcePull indicates whether the build strategy should always be set to ForcePull=true", "imageLabels": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "nodeSelector": "nodeSelector is a selector which must be true for the build pod to fit on a node", @@ -195,7 +195,7 @@ func (DNSConfig) SwaggerDoc() map[string]string { } var map_DefaultAdmissionConfig = map[string]string{ - "": "DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an \"off by default\" admission plugin to be enabled", + "": "DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an \"off by default\" admission plugin to be enabled\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "disable": "Disable turns off an admission plugin that is enabled by default.", } @@ -204,7 +204,7 @@ func (DefaultAdmissionConfig) SwaggerDoc() map[string]string { } var map_DenyAllPasswordIdentityProvider = map[string]string{ - "": "DenyAllPasswordIdentityProvider provides no identities for users", + "": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", } func (DenyAllPasswordIdentityProvider) SwaggerDoc() map[string]string { @@ -258,7 +258,7 @@ func (EtcdStorageConfig) SwaggerDoc() map[string]string { } var map_GitHubIdentityProvider = map[string]string{ - "": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials", + "": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "clientID": "ClientID is the oauth client ID", "clientSecret": "ClientSecret is the oauth client secret", "organizations": "Organizations optionally restricts which organizations are allowed to log in", @@ -272,7 +272,7 @@ func (GitHubIdentityProvider) SwaggerDoc() map[string]string { } var map_GitLabIdentityProvider = map[string]string{ - "": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials", + "": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "ca": "CA is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", "url": "URL is the oauth server base URL", "clientID": "ClientID is the oauth client ID", @@ -285,7 +285,7 @@ func (GitLabIdentityProvider) SwaggerDoc() map[string]string { } var map_GoogleIdentityProvider = map[string]string{ - "": "GoogleIdentityProvider provides identities for users authenticating using Google credentials", + "": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "clientID": "ClientID is the oauth client ID", "clientSecret": "ClientSecret is the oauth client secret", "hostedDomain": "HostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", @@ -316,7 +316,7 @@ func (GroupResource) SwaggerDoc() map[string]string { } var map_HTPasswdPasswordIdentityProvider = map[string]string{ - "": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials", + "": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "file": "File is a reference to your htpasswd file", } @@ -387,7 +387,7 @@ func (JenkinsPipelineConfig) SwaggerDoc() map[string]string { } var map_KeystonePasswordIdentityProvider = map[string]string{ - "": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials", + "": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "domainName": "Domain Name is required for keystone v3", "useKeystoneIdentity": "UseKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", } @@ -439,7 +439,7 @@ func (LDAPAttributeMapping) SwaggerDoc() map[string]string { } var map_LDAPPasswordIdentityProvider = map[string]string{ - "": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials", + "": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "url": "URL is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", "bindDN": "BindDN is an optional DN to bind with during the search phase.", "bindPassword": "BindPassword is an optional password to bind with during the search phase.", @@ -467,7 +467,7 @@ func (LDAPQuery) SwaggerDoc() map[string]string { } var map_LDAPSyncConfig = map[string]string{ - "": "LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync", + "": "LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "url": "Host is the scheme, host and port of the LDAP server to connect to: scheme://host:port", "bindDN": "BindDN is an optional DN to bind to the LDAP server with", "bindPassword": "BindPassword is an optional password to bind with during the search phase.", @@ -514,7 +514,7 @@ func (MasterClients) SwaggerDoc() map[string]string { } var map_MasterConfig = map[string]string{ - "": "MasterConfig holds the necessary configuration options for the OpenShift master", + "": "MasterConfig holds the necessary configuration options for the OpenShift master\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "servingInfo": "ServingInfo describes how to start serving", "authConfig": "AuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", "aggregatorConfig": "AggregatorConfig has options for configuring the aggregator component of the API server.", @@ -595,7 +595,7 @@ func (NodeAuthConfig) SwaggerDoc() map[string]string { } var map_NodeConfig = map[string]string{ - "": "NodeConfig is the fully specified config starting an OpenShift node", + "": "NodeConfig is the fully specified config starting an OpenShift node\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "nodeName": "NodeName is the value used to identify this particular node in the cluster. If possible, this should be your fully qualified hostname. If you're describing a set of static nodes to the master, this value must match one of the values in the list", "nodeIP": "Node may have multiple IPs, specify the IP to use for pod traffic routing If not specified, network parse/lookup on the nodeName is performed and the first non-loopback address is used", "servingInfo": "ServingInfo describes how to start serving", @@ -686,7 +686,7 @@ func (OpenIDClaims) SwaggerDoc() map[string]string { } var map_OpenIDIdentityProvider = map[string]string{ - "": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials", + "": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "ca": "CA is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", "clientID": "ClientID is the oauth client ID", "clientSecret": "ClientSecret is the oauth client secret", @@ -793,7 +793,7 @@ func (RequestHeaderAuthenticationOptions) SwaggerDoc() map[string]string { } var map_RequestHeaderIdentityProvider = map[string]string{ - "": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials", + "": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "loginURL": "LoginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", "challengeURL": "ChallengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", "clientCA": "ClientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", @@ -886,7 +886,7 @@ func (SessionSecret) SwaggerDoc() map[string]string { } var map_SessionSecrets = map[string]string{ - "": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.", + "": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "secrets": "Secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", } diff --git a/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml b/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml index aa8c84874..7609e4d1f 100644 --- a/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml +++ b/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml @@ -1,6 +1,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/527 name: clusternetworks.network.openshift.io spec: group: network.openshift.io @@ -11,113 +13,87 @@ spec: singular: clusternetwork scope: Cluster versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: Cluster Network - type: string - description: The primary cluster network CIDR - jsonPath: .network - - name: Service Network - type: string - description: The service network CIDR - jsonPath: .serviceNetwork - - name: Plugin Name - type: string - description: The OpenShift SDN network plug-in in use - jsonPath: .pluginName - schema: - openAPIV3Schema: - description: ClusterNetwork describes the cluster network. There is normally - only one object of this type, named "default", which is created by the SDN - network plugin based on the master configuration when the cluster is brought - up for the first time. - type: object - required: - - clusterNetworks - - serviceNetwork - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - clusterNetworks: - description: ClusterNetworks is a list of ClusterNetwork objects that - defines the global overlay network's L3 space by specifying a set of - CIDR and netmasks that the SDN can allocate addresses from. - type: array - items: - description: ClusterNetworkEntry defines an individual cluster network. - The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved - for external ips, CIDRs reserved for service networks, and CIDRs reserved - for ingress ips. + - additionalPrinterColumns: + - description: The primary cluster network CIDR + jsonPath: .network + name: Cluster Network + type: string + - description: The service network CIDR + jsonPath: .serviceNetwork + name: Service Network + type: string + - description: The OpenShift SDN network plug-in in use + jsonPath: .pluginName + name: Plugin Name + type: string + name: v1 + schema: + openAPIV3Schema: + description: "ClusterNetwork describes the cluster network. There is normally only one object of this type, named \"default\", which is created by the SDN network plugin based on the master configuration when the cluster is brought up for the first time. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - clusterNetworks + - serviceNetwork + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + clusterNetworks: + description: ClusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addresses from. + type: array + items: + description: ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips. + type: object + required: + - CIDR + - hostSubnetLength + properties: + CIDR: + description: CIDR defines the total range of a cluster networks address space. + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + hostSubnetLength: + description: HostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods. + type: integer + format: int32 + maximum: 30 + minimum: 2 + hostsubnetlength: + description: HostSubnetLength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods + type: integer + format: int32 + maximum: 30 + minimum: 2 + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: type: object - required: - - CIDR - - hostSubnetLength - properties: - CIDR: - description: CIDR defines the total range of a cluster networks - address space. - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - hostSubnetLength: - description: HostSubnetLength is the number of bits of the accompanying - CIDR address to allocate to each node. eg, 8 would mean that each - node would have a /24 slice of the overlay network for its pods. - type: integer - format: int32 - maximum: 30 - minimum: 2 - hostsubnetlength: - description: HostSubnetLength is the number of bits of network to allocate - to each node. eg, 8 would mean that each node would have a /24 slice - of the overlay network for its pods - type: integer - format: int32 - maximum: 30 - minimum: 2 - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - mtu: - description: MTU is the MTU for the overlay network. This should be 50 - less than the MTU of the network connecting the nodes. It is normally - autodetected by the cluster network operator. - type: integer - format: int32 - maximum: 65536 - minimum: 576 - network: - description: Network is a CIDR string specifying the global overlay network's - L3 space - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - pluginName: - description: PluginName is the name of the network plugin being used - type: string - serviceNetwork: - description: ServiceNetwork is the CIDR range that Service IP addresses - are allocated from - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - vxlanPort: - description: VXLANPort sets the VXLAN destination port used by the cluster. - It is set by the master configuration file on startup and cannot be - edited manually. Valid values for VXLANPort are integers 1-65535 inclusive - and if unset defaults to 4789. Changing VXLANPort allows users to resolve - issues between openshift SDN and other software trying to use the same - VXLAN destination port. - type: integer - format: int32 - maximum: 65535 - minimum: 1 + mtu: + description: MTU is the MTU for the overlay network. This should be 50 less than the MTU of the network connecting the nodes. It is normally autodetected by the cluster network operator. + type: integer + format: int32 + maximum: 65536 + minimum: 576 + network: + description: Network is a CIDR string specifying the global overlay network's L3 space + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + pluginName: + description: PluginName is the name of the network plugin being used + type: string + serviceNetwork: + description: ServiceNetwork is the CIDR range that Service IP addresses are allocated from + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + vxlanPort: + description: VXLANPort sets the VXLAN destination port used by the cluster. It is set by the master configuration file on startup and cannot be edited manually. Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port. + type: integer + format: int32 + maximum: 65535 + minimum: 1 + served: true + storage: true status: acceptedNames: kind: "" diff --git a/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml b/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml index c101d06f9..d8a1f665e 100644 --- a/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml +++ b/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml @@ -1,6 +1,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/527 name: hostsubnets.network.openshift.io spec: group: network.openshift.io @@ -11,91 +13,73 @@ spec: singular: hostsubnet scope: Cluster versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: Host - type: string - description: The name of the node - jsonPath: .host - - name: Host IP - type: string - description: The IP address to be used as a VTEP by other nodes in the overlay - network - jsonPath: .hostIP - - name: Subnet - type: string - description: The CIDR range of the overlay network assigned to the node for - its pods - jsonPath: .subnet - - name: Egress CIDRs - type: string - description: The network egress CIDRs - jsonPath: .egressCIDRs - - name: Egress IPs - type: string - description: The network egress IP addresses - jsonPath: .egressIPs - schema: - openAPIV3Schema: - description: HostSubnet describes the container subnet network on a node. - The HostSubnet object must have the same name as the Node object it corresponds - to. - type: object - required: - - host - - hostIP - - subnet - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - egressCIDRs: - description: EgressCIDRs is the list of CIDR ranges available for automatically - assigning egress IPs to this node from. If this field is set then EgressIPs - should be treated as read-only. - type: array - items: - description: HostSubnetEgressCIDR represents one egress CIDR from which - to assign IP addresses for this node represented by the HostSubnet + - additionalPrinterColumns: + - description: The name of the node + jsonPath: .host + name: Host + type: string + - description: The IP address to be used as a VTEP by other nodes in the overlay network + jsonPath: .hostIP + name: Host IP + type: string + - description: The CIDR range of the overlay network assigned to the node for its pods + jsonPath: .subnet + name: Subnet + type: string + - description: The network egress CIDRs + jsonPath: .egressCIDRs + name: Egress CIDRs + type: string + - description: The network egress IP addresses + jsonPath: .egressIPs + name: Egress IPs + type: string + name: v1 + schema: + openAPIV3Schema: + description: "HostSubnet describes the container subnet network on a node. The HostSubnet object must have the same name as the Node object it corresponds to. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - host + - hostIP + - subnet + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - egressIPs: - description: EgressIPs is the list of automatic egress IP addresses currently - hosted by this node. If EgressCIDRs is empty, this can be set by hand; - if EgressCIDRs is set then the master will overwrite the value here - with its own allocation of egress IPs. - type: array - items: - description: HostSubnetEgressIP represents one egress IP address currently - hosted on the node represented by HostSubnet + egressCIDRs: + description: EgressCIDRs is the list of CIDR ranges available for automatically assigning egress IPs to this node from. If this field is set then EgressIPs should be treated as read-only. + type: array + items: + description: HostSubnetEgressCIDR represents one egress CIDR from which to assign IP addresses for this node represented by the HostSubnet + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + egressIPs: + description: EgressIPs is the list of automatic egress IP addresses currently hosted by this node. If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the master will overwrite the value here with its own allocation of egress IPs. + type: array + items: + description: HostSubnetEgressIP represents one egress IP address currently hosted on the node represented by HostSubnet + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ + host: + description: Host is the name of the node. (This is the same as the object's name, but both fields must be set.) + type: string + pattern: ^[a-z0-9.-]+$ + hostIP: + description: HostIP is the IP address to be used as a VTEP by other nodes in the overlay network type: string pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - host: - description: Host is the name of the node. (This is the same as the object's - name, but both fields must be set.) - type: string - pattern: ^[a-z0-9.-]+$ - hostIP: - description: HostIP is the IP address to be used as a VTEP by other nodes - in the overlay network - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - subnet: - description: Subnet is the CIDR range of the overlay network assigned - to the node for its pods - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + subnet: + description: Subnet is the CIDR range of the overlay network assigned to the node for its pods + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + served: true + storage: true status: acceptedNames: kind: "" diff --git a/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml b/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml index 422297636..7525e8810 100644 --- a/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml +++ b/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml @@ -1,6 +1,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/527 name: netnamespaces.network.openshift.io spec: group: network.openshift.io @@ -11,65 +13,51 @@ spec: singular: netnamespace scope: Cluster versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: NetID - type: integer - description: The network identifier of the network namespace - jsonPath: .netid - - name: Egress IPs - type: string - description: The network egress IP addresses - jsonPath: .egressIPs - schema: - openAPIV3Schema: - description: NetNamespace describes a single isolated network. When using - the redhat/openshift-ovs-multitenant plugin, every Namespace will have a - corresponding NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, - NetNamespaces are not used.) - type: object - required: - - netid - - netname - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - egressIPs: - description: EgressIPs is a list of reserved IPs that will be used as - the source for external traffic coming from pods in this namespace. - (If empty, external traffic will be masqueraded to Node IPs.) - type: array - items: - description: NetNamespaceEgressIP is a single egress IP out of a list - of reserved IPs used as source of external traffic coming from pods - in this namespace + - additionalPrinterColumns: + - description: The network identifier of the network namespace + jsonPath: .netid + name: NetID + type: integer + - description: The network egress IP addresses + jsonPath: .egressIPs + name: Egress IPs + type: string + name: v1 + schema: + openAPIV3Schema: + description: "NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant plugin, every Namespace will have a corresponding NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - netid + - netname + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - netid: - description: NetID is the network identifier of the network namespace - assigned to each overlay network packet. This can be manipulated with - the "oc adm pod-network" commands. - type: integer - format: int32 - maximum: 16777215 - minimum: 0 - netname: - description: NetName is the name of the network namespace. (This is the - same as the object's name, but both fields must be set.) - type: string - pattern: ^[a-z0-9.-]+$ + egressIPs: + description: EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.) + type: array + items: + description: NetNamespaceEgressIP is a single egress IP out of a list of reserved IPs used as source of external traffic coming from pods in this namespace + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + netid: + description: NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the "oc adm pod-network" commands. + type: integer + format: int32 + maximum: 16777215 + minimum: 0 + netname: + description: NetName is the name of the network namespace. (This is the same as the object's name, but both fields must be set.) + type: string + pattern: ^[a-z0-9.-]+$ + served: true + storage: true status: acceptedNames: kind: "" diff --git a/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml b/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml index 26bd4df1b..d1b606306 100644 --- a/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml +++ b/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml @@ -1,6 +1,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/527 name: egressnetworkpolicies.network.openshift.io spec: group: network.openshift.io @@ -11,73 +13,56 @@ spec: singular: egressnetworkpolicy scope: Namespaced versions: - - name: v1 - served: true - storage: true - "schema": - "openAPIV3Schema": - description: EgressNetworkPolicy describes the current egress network policy - for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network - plugin, traffic from a pod to an IP address outside the cluster will be - checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, - in order. If no rule matches (or no EgressNetworkPolicy is present) then - the traffic will be allowed by default. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the current egress network policy - type: object - required: - - egress - properties: - egress: - description: egress contains the list of egress policy rules - type: array - items: - description: EgressNetworkPolicyRule contains a single egress network - policy rule - type: object - required: - - to - - type - properties: - to: - description: to is the target that traffic is allowed/denied - to - type: object - properties: - cidrSelector: - description: CIDRSelector is the CIDR range to allow/deny - traffic to. If this is set, dnsName must be unset Ideally - we would have liked to use the cidr openapi format for - this property. But openshift-sdn only supports v4 while - specifying the cidr format allows both v4 and v6 cidrs - We are therefore using a regex pattern to validate instead. - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - dnsName: - description: DNSName is the domain name to allow/deny traffic - to. If this is set, cidrSelector must be unset - type: string - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: - description: type marks this as an "Allow" or "Deny" rule - type: string - pattern: ^Allow|Deny$ + - name: v1 + schema: + openAPIV3Schema: + description: "EgressNetworkPolicy describes the current egress network policy for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy is present) then the traffic will be allowed by default. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the current egress network policy + type: object + required: + - egress + properties: + egress: + description: egress contains the list of egress policy rules + type: array + items: + description: EgressNetworkPolicyRule contains a single egress network policy rule + type: object + required: + - to + - type + properties: + to: + description: to is the target that traffic is allowed/denied to + type: object + properties: + cidrSelector: + description: CIDRSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset Ideally we would have liked to use the cidr openapi format for this property. But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs We are therefore using a regex pattern to validate instead. + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ + dnsName: + description: DNSName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset + type: string + pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ + type: + description: type marks this as an "Allow" or "Deny" rule + type: string + pattern: ^Allow|Deny$ + served: true + storage: true status: acceptedNames: kind: "" diff --git a/vendor/github.com/openshift/api/network/v1/generated.proto b/vendor/github.com/openshift/api/network/v1/generated.proto index 4c3688908..5c7761df4 100644 --- a/vendor/github.com/openshift/api/network/v1/generated.proto +++ b/vendor/github.com/openshift/api/network/v1/generated.proto @@ -14,10 +14,13 @@ option go_package = "v1"; // ClusterNetwork describes the cluster network. There is normally only one object of this type, // named "default", which is created by the SDN network plugin based on the master configuration // when the cluster is brought up for the first time. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:resource:scope="Cluster" // +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=`.network`,description="The primary cluster network CIDR" // +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=`.serviceNetwork`,description="The service network CIDR" // +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=`.pluginName`,description="The Openshift SDN network plug-in in use" +// +openshift:compatibility-gen:level=1 message ClusterNetwork { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -71,6 +74,9 @@ message ClusterNetworkEntry { } // ClusterNetworkList is a collection of ClusterNetworks +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ClusterNetworkList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -83,6 +89,9 @@ message ClusterNetworkList { // outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's // namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy // is present) then the traffic will be allowed by default. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message EgressNetworkPolicy { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -91,6 +100,9 @@ message EgressNetworkPolicy { } // EgressNetworkPolicyList is a collection of EgressNetworkPolicy +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message EgressNetworkPolicyList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -129,11 +141,14 @@ message EgressNetworkPolicySpec { // HostSubnet describes the container subnet network on a node. The HostSubnet object must have the // same name as the Node object it corresponds to. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.host`,description="The name of the node" // +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=`.hostIP`,description="The IP address to be used as a VTEP by other nodes in the overlay network" // +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=`.subnet`,description="The CIDR range of the overlay network assigned to the node for its pods" // +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=`.egressCIDRs`,description="The network egress CIDRs" // +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" +// +openshift:compatibility-gen:level=1 message HostSubnet { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -163,6 +178,9 @@ message HostSubnet { } // HostSubnetList is a collection of HostSubnets +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message HostSubnetList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -173,8 +191,11 @@ message HostSubnetList { // NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant // plugin, every Namespace will have a corresponding NetNamespace object with the same name. // (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=`.netid`,description="The network identifier of the network namespace" // +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" +// +openshift:compatibility-gen:level=1 message NetNamespace { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -194,6 +215,9 @@ message NetNamespace { } // NetNamespaceList is a collection of NetNamespaces +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message NetNamespaceList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/network/v1/types.go b/vendor/github.com/openshift/api/network/v1/types.go index c0ee55126..52d91e992 100644 --- a/vendor/github.com/openshift/api/network/v1/types.go +++ b/vendor/github.com/openshift/api/network/v1/types.go @@ -15,10 +15,13 @@ const ( // ClusterNetwork describes the cluster network. There is normally only one object of this type, // named "default", which is created by the SDN network plugin based on the master configuration // when the cluster is brought up for the first time. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:resource:scope="Cluster" // +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=`.network`,description="The primary cluster network CIDR" // +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=`.serviceNetwork`,description="The service network CIDR" // +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=`.pluginName`,description="The Openshift SDN network plug-in in use" +// +openshift:compatibility-gen:level=1 type ClusterNetwork struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -75,6 +78,9 @@ type ClusterNetworkEntry struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ClusterNetworkList is a collection of ClusterNetworks +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterNetworkList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -99,11 +105,14 @@ type HostSubnetEgressCIDR string // HostSubnet describes the container subnet network on a node. The HostSubnet object must have the // same name as the Node object it corresponds to. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.host`,description="The name of the node" // +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=`.hostIP`,description="The IP address to be used as a VTEP by other nodes in the overlay network" // +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=`.subnet`,description="The CIDR range of the overlay network assigned to the node for its pods" // +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=`.egressCIDRs`,description="The network egress CIDRs" // +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" +// +openshift:compatibility-gen:level=1 type HostSubnet struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -136,6 +145,9 @@ type HostSubnet struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // HostSubnetList is a collection of HostSubnets +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type HostSubnetList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -156,8 +168,11 @@ type NetNamespaceEgressIP string // NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant // plugin, every Namespace will have a corresponding NetNamespace object with the same name. // (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=`.netid`,description="The network identifier of the network namespace" // +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" +// +openshift:compatibility-gen:level=1 type NetNamespace struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -180,6 +195,9 @@ type NetNamespace struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // NetNamespaceList is a collection of NetNamespaces +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type NetNamespaceList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -232,6 +250,9 @@ type EgressNetworkPolicySpec struct { // outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's // namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy // is present) then the traffic will be allowed by default. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type EgressNetworkPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -243,6 +264,9 @@ type EgressNetworkPolicy struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // EgressNetworkPolicyList is a collection of EgressNetworkPolicy +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type EgressNetworkPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go index 9a3d2ffdf..da595b2f7 100644 --- a/vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_ClusterNetwork = map[string]string{ - "": "ClusterNetwork describes the cluster network. There is normally only one object of this type, named \"default\", which is created by the SDN network plugin based on the master configuration when the cluster is brought up for the first time.", + "": "ClusterNetwork describes the cluster network. There is normally only one object of this type, named \"default\", which is created by the SDN network plugin based on the master configuration when the cluster is brought up for the first time.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "network": "Network is a CIDR string specifying the global overlay network's L3 space", "hostsubnetlength": "HostSubnetLength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods", "serviceNetwork": "ServiceNetwork is the CIDR range that Service IP addresses are allocated from", @@ -37,7 +37,7 @@ func (ClusterNetworkEntry) SwaggerDoc() map[string]string { } var map_ClusterNetworkList = map[string]string{ - "": "ClusterNetworkList is a collection of ClusterNetworks", + "": "ClusterNetworkList is a collection of ClusterNetworks\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of cluster networks", } @@ -46,7 +46,7 @@ func (ClusterNetworkList) SwaggerDoc() map[string]string { } var map_EgressNetworkPolicy = map[string]string{ - "": "EgressNetworkPolicy describes the current egress network policy for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy is present) then the traffic will be allowed by default.", + "": "EgressNetworkPolicy describes the current egress network policy for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy is present) then the traffic will be allowed by default.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the specification of the current egress network policy", } @@ -55,7 +55,7 @@ func (EgressNetworkPolicy) SwaggerDoc() map[string]string { } var map_EgressNetworkPolicyList = map[string]string{ - "": "EgressNetworkPolicyList is a collection of EgressNetworkPolicy", + "": "EgressNetworkPolicyList is a collection of EgressNetworkPolicy\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "items is the list of policies", } @@ -93,7 +93,7 @@ func (EgressNetworkPolicySpec) SwaggerDoc() map[string]string { } var map_HostSubnet = map[string]string{ - "": "HostSubnet describes the container subnet network on a node. The HostSubnet object must have the same name as the Node object it corresponds to.", + "": "HostSubnet describes the container subnet network on a node. The HostSubnet object must have the same name as the Node object it corresponds to.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "host": "Host is the name of the node. (This is the same as the object's name, but both fields must be set.)", "hostIP": "HostIP is the IP address to be used as a VTEP by other nodes in the overlay network", "subnet": "Subnet is the CIDR range of the overlay network assigned to the node for its pods", @@ -106,7 +106,7 @@ func (HostSubnet) SwaggerDoc() map[string]string { } var map_HostSubnetList = map[string]string{ - "": "HostSubnetList is a collection of HostSubnets", + "": "HostSubnetList is a collection of HostSubnets\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of host subnets", } @@ -115,7 +115,7 @@ func (HostSubnetList) SwaggerDoc() map[string]string { } var map_NetNamespace = map[string]string{ - "": "NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant plugin, every Namespace will have a corresponding NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.)", + "": "NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant plugin, every Namespace will have a corresponding NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.)\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "netname": "NetName is the name of the network namespace. (This is the same as the object's name, but both fields must be set.)", "netid": "NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the \"oc adm pod-network\" commands.", "egressIPs": "EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)", @@ -126,7 +126,7 @@ func (NetNamespace) SwaggerDoc() map[string]string { } var map_NetNamespaceList = map[string]string{ - "": "NetNamespaceList is a collection of NetNamespaces", + "": "NetNamespaceList is a collection of NetNamespaces\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of net namespaces", } diff --git a/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml b/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml index 6d7678ff6..6019c14c2 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml +++ b/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/851 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" creationTimestamp: null @@ -32,8 +33,9 @@ spec: as per configuration. \n It is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with , the CNO will create and manage: - A service called - An egress pod called - A - NAD called \n EgressRouter is a single egressrouter pod configuration - object." + NAD called \n Compatibility level 1: Stable within a major release + for a minimum of 12 months or 3 minor releases (whichever is longer). \n + EgressRouter is a single egressrouter pod configuration object." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -72,9 +74,6 @@ spec: be automatically determined. Can be IPv4 or IPv6. type: string ip: - anyOf: - - format: ipv4 - - format: ipv6 description: IP is the address to configure on the router's interface. Can be IPv4 or IPv6. type: string diff --git a/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch b/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch index 0598dbd58..3f1cc0342 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch +++ b/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch @@ -1,8 +1,3 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/addresses/items/properties/ip/anyOf - value: - - format: ipv4 - - format: ipv6 - op: add path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/addresses/items/properties/gateway/anyOf value: diff --git a/vendor/github.com/openshift/api/networkoperator/v1/generated.proto b/vendor/github.com/openshift/api/networkoperator/v1/generated.proto index 33631d663..1e19f9406 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/generated.proto +++ b/vendor/github.com/openshift/api/networkoperator/v1/generated.proto @@ -22,6 +22,7 @@ option go_package = "v1"; // - An egress pod called // - A NAD called // +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // // EgressRouter is a single egressrouter pod configuration object. @@ -30,6 +31,7 @@ option go_package = "v1"; // +kubebuilder:resource:path=egressrouters,scope=Namespaced // +kubebuilder:printcolumn:name="Condition",type=string,JSONPath=".status.conditions[*].type" // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=".status.conditions[*].status" +// +openshift:compatibility-gen:level=1 message EgressRouter { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -60,6 +62,9 @@ message EgressRouterInterface { } // EgressRouterList is the list of egress router pods requested. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message EgressRouterList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go b/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go index f300b3505..fc48494b8 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go +++ b/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go @@ -15,6 +15,8 @@ import ( // - An egress pod called // - A NAD called // +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // // EgressRouter is a single egressrouter pod configuration object. @@ -23,6 +25,7 @@ import ( // +kubebuilder:resource:path=egressrouters,scope=Namespaced // +kubebuilder:printcolumn:name="Condition",type=string,JSONPath=".status.conditions[*].type" // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=".status.conditions[*].status" +// +openshift:compatibility-gen:level=1 type EgressRouter struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -246,6 +249,9 @@ type EgressRouterStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // EgressRouterList is the list of egress router pods requested. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type EgressRouterList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.swagger_doc_generated.go index d547dc8ed..78866f715 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_EgressRouter = map[string]string{ - "": "EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration.\n\nIt is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with , the CNO will create and manage: - A service called - An egress pod called - A NAD called \n\n\nEgressRouter is a single egressrouter pod configuration object.", + "": "EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration.\n\nIt is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with , the CNO will create and manage: - A service called - An egress pod called - A NAD called \n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).\n\nEgressRouter is a single egressrouter pod configuration object.", "spec": "Specification of the desired egress router.", "status": "Observed status of EgressRouter.", } @@ -41,7 +41,7 @@ func (EgressRouterInterface) SwaggerDoc() map[string]string { } var map_EgressRouterList = map[string]string{ - "": "EgressRouterList is the list of egress router pods requested.", + "": "EgressRouterList is the list of egress router pods requested.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (EgressRouterList) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/oauth/v1/generated.proto b/vendor/github.com/openshift/api/oauth/v1/generated.proto index 0c088f9db..433b34bd2 100644 --- a/vendor/github.com/openshift/api/oauth/v1/generated.proto +++ b/vendor/github.com/openshift/api/oauth/v1/generated.proto @@ -24,6 +24,9 @@ message ClusterRoleScopeRestriction { } // OAuthAccessToken describes an OAuth access token +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthAccessToken { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -58,6 +61,9 @@ message OAuthAccessToken { } // OAuthAccessTokenList is a collection of OAuth access tokens +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthAccessTokenList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -66,6 +72,9 @@ message OAuthAccessTokenList { } // OAuthAuthorizeToken describes an OAuth authorization token +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthAuthorizeToken { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -99,6 +108,9 @@ message OAuthAuthorizeToken { } // OAuthAuthorizeTokenList is a collection of OAuth authorization tokens +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthAuthorizeTokenList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -107,6 +119,9 @@ message OAuthAuthorizeTokenList { } // OAuthClient describes an OAuth client +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthClient { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -154,6 +169,9 @@ message OAuthClient { } // OAuthClientAuthorization describes an authorization created by an OAuth client +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthClientAuthorization { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -172,6 +190,9 @@ message OAuthClientAuthorization { } // OAuthClientAuthorizationList is a collection of OAuth client authorizations +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthClientAuthorizationList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -180,6 +201,9 @@ message OAuthClientAuthorizationList { } // OAuthClientList is a collection of OAuth clients +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthClientList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -188,6 +212,9 @@ message OAuthClientList { } // OAuthRedirectReference is a reference to an OAuth redirect object. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message OAuthRedirectReference { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -218,6 +245,7 @@ message ScopeRestriction { // UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to // the user the access token was issued for +// +openshift:compatibility-gen:level=1 message UserOAuthAccessToken { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -253,6 +281,9 @@ message UserOAuthAccessToken { // UserOAuthAccessTokenList is a collection of access tokens issued on behalf of // the requesting user +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message UserOAuthAccessTokenList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/oauth/v1/types.go b/vendor/github.com/openshift/api/oauth/v1/types.go index 0f4bcf536..fbb98a220 100644 --- a/vendor/github.com/openshift/api/oauth/v1/types.go +++ b/vendor/github.com/openshift/api/oauth/v1/types.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthAccessToken describes an OAuth access token +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthAccessToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -48,6 +51,9 @@ type OAuthAccessToken struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthAuthorizeToken describes an OAuth authorization token +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthAuthorizeToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -86,6 +92,9 @@ type OAuthAuthorizeToken struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthClient describes an OAuth client +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthClient struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -168,6 +177,9 @@ type ClusterRoleScopeRestriction struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthClientAuthorization describes an authorization created by an OAuth client +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthClientAuthorization struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -189,6 +201,9 @@ type OAuthClientAuthorization struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthAccessTokenList is a collection of OAuth access tokens +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthAccessTokenList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -200,6 +215,9 @@ type OAuthAccessTokenList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthAuthorizeTokenList is a collection of OAuth authorization tokens +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthAuthorizeTokenList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -211,6 +229,9 @@ type OAuthAuthorizeTokenList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthClientList is a collection of OAuth clients +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthClientList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -222,6 +243,9 @@ type OAuthClientList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthClientAuthorizationList is a collection of OAuth client authorizations +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthClientAuthorizationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -233,6 +257,9 @@ type OAuthClientAuthorizationList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuthRedirectReference is a reference to an OAuth redirect object. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OAuthRedirectReference struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -259,12 +286,16 @@ type RedirectReference struct { // UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to // the user the access token was issued for +// +openshift:compatibility-gen:level=1 type UserOAuthAccessToken OAuthAccessToken // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // UserOAuthAccessTokenList is a collection of access tokens issued on behalf of // the requesting user +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type UserOAuthAccessTokenList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go index 8e29e4bb0..f6da6deaa 100644 --- a/vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/oauth/v1/zz_generated.swagger_doc_generated.go @@ -23,7 +23,7 @@ func (ClusterRoleScopeRestriction) SwaggerDoc() map[string]string { } var map_OAuthAccessToken = map[string]string{ - "": "OAuthAccessToken describes an OAuth access token", + "": "OAuthAccessToken describes an OAuth access token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "clientName": "ClientName references the client that created this token.", "expiresIn": "ExpiresIn is the seconds from CreationTime before this token expires.", "scopes": "Scopes is an array of the requested scopes.", @@ -40,7 +40,7 @@ func (OAuthAccessToken) SwaggerDoc() map[string]string { } var map_OAuthAccessTokenList = map[string]string{ - "": "OAuthAccessTokenList is a collection of OAuth access tokens", + "": "OAuthAccessTokenList is a collection of OAuth access tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of OAuth access tokens", } @@ -49,7 +49,7 @@ func (OAuthAccessTokenList) SwaggerDoc() map[string]string { } var map_OAuthAuthorizeToken = map[string]string{ - "": "OAuthAuthorizeToken describes an OAuth authorization token", + "": "OAuthAuthorizeToken describes an OAuth authorization token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "clientName": "ClientName references the client that created this token.", "expiresIn": "ExpiresIn is the seconds from CreationTime before this token expires.", "scopes": "Scopes is an array of the requested scopes.", @@ -66,7 +66,7 @@ func (OAuthAuthorizeToken) SwaggerDoc() map[string]string { } var map_OAuthAuthorizeTokenList = map[string]string{ - "": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens", + "": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of OAuth authorization tokens", } @@ -75,7 +75,7 @@ func (OAuthAuthorizeTokenList) SwaggerDoc() map[string]string { } var map_OAuthClient = map[string]string{ - "": "OAuthClient describes an OAuth client", + "": "OAuthClient describes an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "secret": "Secret is the unique secret associated with a client", "additionalSecrets": "AdditionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation", "respondWithChallenges": "RespondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects", @@ -91,7 +91,7 @@ func (OAuthClient) SwaggerDoc() map[string]string { } var map_OAuthClientAuthorization = map[string]string{ - "": "OAuthClientAuthorization describes an authorization created by an OAuth client", + "": "OAuthClientAuthorization describes an authorization created by an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "clientName": "ClientName references the client that created this authorization", "userName": "UserName is the user name that authorized this client", "userUID": "UserUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.", @@ -103,7 +103,7 @@ func (OAuthClientAuthorization) SwaggerDoc() map[string]string { } var map_OAuthClientAuthorizationList = map[string]string{ - "": "OAuthClientAuthorizationList is a collection of OAuth client authorizations", + "": "OAuthClientAuthorizationList is a collection of OAuth client authorizations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of OAuth client authorizations", } @@ -112,7 +112,7 @@ func (OAuthClientAuthorizationList) SwaggerDoc() map[string]string { } var map_OAuthClientList = map[string]string{ - "": "OAuthClientList is a collection of OAuth clients", + "": "OAuthClientList is a collection of OAuth clients\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of OAuth clients", } @@ -121,7 +121,7 @@ func (OAuthClientList) SwaggerDoc() map[string]string { } var map_OAuthRedirectReference = map[string]string{ - "": "OAuthRedirectReference is a reference to an OAuth redirect object.", + "": "OAuthRedirectReference is a reference to an OAuth redirect object.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "reference": "The reference to an redirect object in the current namespace.", } @@ -151,7 +151,7 @@ func (ScopeRestriction) SwaggerDoc() map[string]string { } var map_UserOAuthAccessTokenList = map[string]string{ - "": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user", + "": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (UserOAuthAccessTokenList) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go index 1326942be..5f0f9b914 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go @@ -10,6 +10,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type OpenShiftAPIServerConfig struct { metav1.TypeMeta `json:",inline"` @@ -155,6 +158,9 @@ type JenkinsPipelineConfig struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type OpenShiftControllerManagerConfig struct { metav1.TypeMeta `json:",inline"` @@ -253,6 +259,10 @@ type ImageImportControllerConfig struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildDefaultsConfig controls the default information for Builds +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type BuildDefaultsConfig struct { metav1.TypeMeta `json:",inline"` @@ -300,6 +310,10 @@ type SourceStrategyDefaultsConfig struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BuildOverridesConfig controls override settings for builds +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type BuildOverridesConfig struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go index 26572e1a7..bdd73ceee 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go @@ -20,7 +20,7 @@ func (BuildControllerConfig) SwaggerDoc() map[string]string { } var map_BuildDefaultsConfig = map[string]string{ - "": "BuildDefaultsConfig controls the default information for Builds", + "": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "gitHTTPProxy": "gitHTTPProxy is the location of the HTTPProxy for Git source", "gitHTTPSProxy": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", "gitNoProxy": "gitNoProxy is the list of domains for which the proxy should not be used", @@ -37,7 +37,7 @@ func (BuildDefaultsConfig) SwaggerDoc() map[string]string { } var map_BuildOverridesConfig = map[string]string{ - "": "BuildOverridesConfig controls override settings for builds", + "": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "forcePull": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", "imageLabels": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "nodeSelector": "nodeSelector is a selector which must be true for the build pod to fit on a node", @@ -143,6 +143,7 @@ func (NetworkControllerConfig) SwaggerDoc() map[string]string { } var map_OpenShiftAPIServerConfig = map[string]string{ + "": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "aggregatorConfig": "aggregatorConfig contains information about how to verify the aggregator front proxy", "imagePolicyConfig": "imagePolicyConfig feeds the image policy admission plugin", "projectConfig": "projectConfig feeds an admission plugin", @@ -157,6 +158,7 @@ func (OpenShiftAPIServerConfig) SwaggerDoc() map[string]string { } var map_OpenShiftControllerManagerConfig = map[string]string{ + "": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "servingInfo": "servingInfo describes how to start serving", "leaderElection": "leaderElection defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", "controllers": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", diff --git a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml index 5a90f45db..14efbb00e 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml @@ -1,162 +1,136 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: configs.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/612 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: configs.operator.openshift.io spec: - scope: Cluster group: operator.openshift.io names: + categories: + - coreoperators kind: Config plural: configs singular: config - categories: - - coreoperators + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Config provides information to configure the config operator. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Config Operator. - type: object - properties: - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status defines the observed status of the Config Operator. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "Config provides information to configure the config operator. It handles installation, migration or synchronization of cloud based cluster configurations like AWS or Azure. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the Config Operator. + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status defines the observed status of the Config Operator. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml index d57ec9e35..ff4dc1c8a 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml @@ -1,230 +1,192 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: etcds.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: etcds.operator.openshift.io spec: - scope: Cluster group: operator.openshift.io names: + categories: + - coreoperators kind: Etcd plural: etcds singular: etcd - categories: - - coreoperators + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Etcd provides information to configure an operator to manage - etcd. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - type: integer - format: int32 - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - type: integer - format: int32 - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + - name: v1 + schema: + openAPIV3Schema: + description: "Etcd provides information to configure an operator to manage etcd. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - type: integer - format: int32 - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - type: array - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - type: integer - format: int32 - lastFailedCount: - description: lastFailedCount is how often the last failed revision - failed. - type: integer - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - type: integer - format: int32 - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of the errors - during the failed deployment referenced in lastFailedRevision - type: array - items: + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most recent deployment + type: integer + format: int32 + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across individual nodes + type: array + items: + description: NodeStatus provides information about the current state of a particular node managed by this operator. + type: object + properties: + currentRevision: + description: currentRevision is the generation of the most recently successful deployment + type: integer + format: int32 + lastFailedCount: + description: lastFailedCount is how often the installer pod of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. + type: integer + format: int32 + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. + type: array + items: + type: string + lastFailedTime: + description: lastFailedTime is the time the last failed revision failed the last time. + type: string + format: date-time + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node type: string - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - type: string - format: date-time - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - type: integer - format: int32 - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + targetRevision: + description: targetRevision is the generation of the deployment we're trying to apply + type: integer + format: int32 + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml index 1f37dcc5e..33bba0b7c 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" @@ -17,8 +18,9 @@ spec: - name: v1 schema: openAPIV3Schema: - description: KubeAPIServer provides information to configure an operator to - manage kube-apiserver. + description: "KubeAPIServer provides information to configure an operator + to manage kube-apiserver. \n Compatibility level 1: Stable within a major + release for a minimum of 12 months or 3 minor releases (whichever is longer)." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -180,17 +182,21 @@ spec: format: int32 type: integer lastFailedCount: - description: lastFailedCount is how often the last failed revision - failed. + description: lastFailedCount is how often the installer pod + of the last failed revision failed. type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string lastFailedRevision: description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. format: int32 type: integer lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of the errors - during the failed deployment referenced in lastFailedRevision + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. items: type: string type: array @@ -199,6 +205,10 @@ spec: failed the last time. format: date-time type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer nodeName: description: nodeName is the name of the node type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml index 78bb0b7b1..21361c6fb 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" @@ -19,8 +20,10 @@ spec: - name: v1 schema: openAPIV3Schema: - description: KubeControllerManager provides information to configure an operator - to manage kube-controller-manager. + description: "KubeControllerManager provides information to configure an operator + to manage kube-controller-manager. \n Compatibility level 1: Stable within + a major release for a minimum of 12 months or 3 minor releases (whichever + is longer)." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -105,6 +108,15 @@ spec: nullable: true type: object x-kubernetes-preserve-unknown-fields: true + useMoreSecureServiceCA: + default: false + description: useMoreSecureServiceCA indicates that the service-ca.crt + provided in SA token volumes should include only enough certificates + to validate service serving certificates. Once set to true, it cannot + be set to false. Even if someone finds a way to set it back to false, + the service-ca.crt files that previously existed will only have + the more secure content. + type: boolean type: object status: description: status is the most recently observed status of the Kubernetes @@ -182,17 +194,21 @@ spec: format: int32 type: integer lastFailedCount: - description: lastFailedCount is how often the last failed revision - failed. + description: lastFailedCount is how often the installer pod + of the last failed revision failed. type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string lastFailedRevision: description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. format: int32 type: integer lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of the errors - during the failed deployment referenced in lastFailedRevision + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. items: type: string type: array @@ -201,6 +217,10 @@ spec: failed the last time. format: date-time type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer nodeName: description: nodeName is the name of the node type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml index a72704706..1efccbea9 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" @@ -19,8 +20,9 @@ spec: - name: v1 schema: openAPIV3Schema: - description: KubeScheduler provides information to configure an operator to - manage scheduler. + description: "KubeScheduler provides information to configure an operator + to manage scheduler. \n Compatibility level 1: Stable within a major release + for a minimum of 12 months or 3 minor releases (whichever is longer)." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -182,17 +184,21 @@ spec: format: int32 type: integer lastFailedCount: - description: lastFailedCount is how often the last failed revision - failed. + description: lastFailedCount is how often the installer pod + of the last failed revision failed. type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string lastFailedRevision: description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. format: int32 type: integer lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of the errors - during the failed deployment referenced in lastFailedRevision + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. items: type: string type: array @@ -201,6 +207,10 @@ spec: failed the last time. format: date-time type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer nodeName: description: nodeName is the name of the node type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml index ad20dab67..937718b77 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml @@ -1,170 +1,141 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: openshiftapiservers.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: openshiftapiservers.operator.openshift.io spec: - scope: Cluster group: operator.openshift.io names: + categories: + - coreoperators kind: OpenShiftAPIServer plural: openshiftapiservers singular: openshiftapiserver - categories: - - coreoperators + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: OpenShiftAPIServer provides information to configure an operator - to manage openshift-apiserver. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - OpenShift API Server. - type: object - properties: - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status defines the observed status of the OpenShift API Server. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the OpenShift API Server. + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - latestAvailableRevision: - description: latestAvailableRevision is the latest revision used as - suffix of revisioned secrets like encryption-config. A new revision - causes a new deployment of pods. - type: integer - format: int32 - minimum: 0 - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status defines the observed status of the OpenShift API Server. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + latestAvailableRevision: + description: latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods. + type: integer + format: int32 + minimum: 0 + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml index ef2ec14c8..360765c3b 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml @@ -1,178 +1,142 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: cloudcredentials.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/692 include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: cloudcredentials.operator.openshift.io spec: - scope: Cluster group: operator.openshift.io names: kind: CloudCredential listKind: CloudCredentialList plural: cloudcredentials singular: cloudcredential + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: CloudCredential provides a means to configure an operator to - manage CredentialsRequests. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CloudCredentialSpec is the specification of the desired behavior - of the cloud-credential-operator. - type: object - properties: - credentialsMode: - description: 'CredentialsMode allows informing CCO that it should - not attempt to dynamically determine the root cloud credentials - capabilities, and it should just run in the specified mode. It also - allows putting the operator into "manual" mode if desired. Leaving - the field in default mode runs CCO so that the cluster''s cloud - credentials will be dynamically probed for capabilities (on supported - clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), - "Mint", "Passthrough", "Manual" Others: Do not set value as other - platforms only support running in "Passthrough"' - type: string - enum: - - "" - - Manual - - Mint - - Passthrough - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: CloudCredentialStatus defines the observed status of the - cloud-credential-operator. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "CloudCredential provides a means to configure an operator to manage CredentialsRequests. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator. + type: object + properties: + credentialsMode: + description: 'CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into "manual" mode if desired. Leaving the field in default mode runs CCO so that the cluster''s cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" Others: Do not set value as other platforms only support running in "Passthrough"' + type: string + enum: + - "" + - Manual + - Mint + - Passthrough + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: CloudCredentialStatus defines the observed status of the cloud-credential-operator. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml index bb616a307..befa175b7 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml @@ -1,11 +1,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: kubestorageversionmigrators.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/503 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: kubestorageversionmigrators.operator.openshift.io spec: group: operator.openshift.io names: @@ -15,145 +16,118 @@ spec: singular: kubestorageversionmigrator scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - "openAPIV3Schema": - description: KubeStorageVersionMigrator provides information to configure - an operator to manage kube-storage-version-migrator. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml index 964793f34..1efa2d46e 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml @@ -1,168 +1,140 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: authentications.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: authentications.operator.openshift.io spec: - scope: Cluster group: operator.openshift.io names: kind: Authentication plural: authentications singular: authentication + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Authentication provides information to configure an operator - to manage authentication. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "Authentication provides information to configure an operator to manage authentication. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + oauthAPIServer: + description: OAuthAPIServer holds status specific only to oauth-apiserver type: object properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved + latestAvailableRevision: + description: LatestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods. type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - oauthAPIServer: - description: OAuthAPIServer holds status specific only to oauth-apiserver - type: object - properties: - latestAvailableRevision: - description: LatestAvailableRevision is the latest revision used - as suffix of revisioned secrets like encryption-config. A new - revision causes a new deployment of pods. - type: integer - format: int32 - minimum: 0 - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + format: int32 + minimum: 0 + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml index 7dc44d28b..64b1e93ba 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml @@ -1,160 +1,134 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: openshiftcontrollermanagers.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: openshiftcontrollermanagers.operator.openshift.io spec: - scope: Cluster group: operator.openshift.io names: + categories: + - coreoperators kind: OpenShiftControllerManager plural: openshiftcontrollermanagers singular: openshiftcontrollermanager - categories: - - coreoperators + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: OpenShiftControllerManager provides information to configure - an operator to manage openshift-controller-manager. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml index 18926b9d4..2bf181862 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml @@ -1,11 +1,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: storages.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/670 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: storages.operator.openshift.io spec: group: operator.openshift.io names: @@ -14,148 +15,120 @@ spec: singular: storage scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Storage provides a means to configure an operator to manage the - cluster storage operator. `cluster` is the canonical name. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 9bcd8445a..330dff7bf 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/616 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" @@ -26,7 +27,8 @@ spec: for public facing network connections as a new ingress controller revision may be rolled out. \n https://kubernetes.io/docs/concepts/services-networking/ingress-controllers \n Whenever possible, sensible defaults for the platform are used. See each - field for more details." + field for more details. \n Compatibility level 1: Stable within a major + release for a minimum of 12 months or 3 minor releases (whichever is longer)." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -44,6 +46,53 @@ spec: description: spec is the specification of the desired behavior of the IngressController. properties: + clientTLS: + description: clientTLS specifies settings for requesting and verifying + client certificates, which can be used to enable mutual TLS for + edge-terminated and reencrypt routes. + properties: + allowedSubjectPatterns: + description: allowedSubjectPatterns specifies a list of regular + expressions that should be matched against the distinguished + name on a valid client certificate to filter requests. The + regular expressions must use PCRE syntax. If this list is empty, + no filtering is performed. If the list is nonempty, then at + least one pattern must match a client certificate's distinguished + name or else the ingress controller rejects the certificate + and denies the connection. + items: + type: string + type: array + x-kubernetes-list-type: atomic + clientCA: + description: clientCA specifies a configmap containing the PEM-encoded + CA certificate bundle that should be used to verify a client's + certificate. The administrator must create this configmap in + the openshift-config namespace. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + clientCertificatePolicy: + description: "clientCertificatePolicy specifies whether the ingress + controller requires clients to provide certificates. This field + accepts the values \"Required\" or \"Optional\". \n Note that + the ingress controller only checks client certificates for edge-terminated + and reencrypt TLS routes; it cannot check certificates for cleartext + HTTP or passthrough TLS routes." + enum: + - "" + - Required + - Optional + type: string + required: + - clientCA + - clientCertificatePolicy + type: object defaultCertificate: description: "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes @@ -279,6 +328,28 @@ spec: required: - type type: object + httpEmptyRequestsPolicy: + default: Respond + description: "httpEmptyRequestsPolicy describes how HTTP connections + should be handled if the connection times out before a request is + received. Allowed values for this field are \"Respond\" and \"Ignore\". + \ If the field is set to \"Respond\", the ingress controller sends + an HTTP 400 or 408 response, logs the connection (if access logging + is enabled), and counts the connection in the appropriate metrics. + \ If the field is set to \"Ignore\", the ingress controller closes + the connection without sending a response, logging the connection, + or incrementing metrics. The default value is \"Respond\". \n Typically, + these connections come from load balancers' health probes or Web + browsers' speculative connections (\"preconnect\") and can be safely + ignored. However, these requests may also be caused by network + errors, and so setting this field to \"Ignore\" may impede detection + and diagnosis of problems. In addition, these requests may be caused + by port scans, in which case logging empty requests may aid in detecting + intrusion attempts." + enum: + - Respond + - Ignore + type: string httpErrorCodePages: description: httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the @@ -610,6 +681,23 @@ spec: or reencrypt connections). It does not affect the log format for TLS passthrough connections." type: string + logEmptyRequests: + default: Log + description: logEmptyRequests specifies how connections on + which no request is received should be logged. Typically, + these empty requests come from load balancers' health probes + or Web browsers' speculative connections ("preconnect"), + in which case logging these requests may be undesirable. However, + these requests may also be caused by network errors, in + which case logging empty requests may be useful for diagnosing + the errors. In addition, these requests may be caused by + port scans, in which case logging empty requests may aid + in detecting intrusion attempts. Allowed values for this + field are "Log" and "Ignore". The default value is "Log". + enum: + - Log + - Ignore + type: string required: - destination type: object @@ -849,10 +937,7 @@ spec: example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting - in a rollout. \n Note that the minimum TLS version for ingress controllers - is 1.1, and the maximum TLS version is 1.2. An implication of this - restriction is that the Modern TLS profile type cannot be used because - it requires TLS 1.3." + in a rollout." properties: custom: description: "custom is a user-defined TLS security profile. Be @@ -947,6 +1032,19 @@ spec: is generally not recommended. The default values are suitable for most configurations." properties: + clientFinTimeout: + description: "clientFinTimeout defines how long a connection will + be held open while waiting for the client response to the server/backend + closing the connection. \n If unset, the default timeout is + 1s" + format: duration + type: string + clientTimeout: + description: "clientTimeout defines how long a connection will + be held open while waiting for a client response. \n If unset, + the default timeout is 30s" + format: duration + type: string headerBufferBytes: description: "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. @@ -977,21 +1075,51 @@ spec: format: int32 minimum: 4096 type: integer + serverFinTimeout: + description: "serverFinTimeout defines how long a connection will + be held open while waiting for the server/backend response to + the client closing the connection. \n If unset, the default + timeout is 1s" + format: duration + type: string + serverTimeout: + description: "serverTimeout defines how long a connection will + be held open while waiting for a server/backend response. \n + If unset, the default timeout is 30s" + format: duration + type: string threadCount: description: "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more - system resources being used. If this field is empty, the IngressController - will use the default value. The current default is 4 threads, - but this may change in future releases. \n Setting this field - is generally not recommended. Increasing the number of HAProxy + system resources being used. HAProxy currently supports up to + 64 threads. If this field is empty, the IngressController will + use the default value. The current default is 4 threads, but + this may change in future releases. \n Setting this field is + generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly." format: int32 + maximum: 64 minimum: 1 type: integer + tlsInspectDelay: + description: "tlsInspectDelay defines how long the router can + hold data to find a matching route. \n Setting this too short + can cause the router to fall back to the default certificate + for edge-terminated or reencrypt routes even when a better matching + certificate could be used. \n If unset, the default inspect + delay is 5s" + format: duration + type: string + tunnelTimeout: + description: "tunnelTimeout defines how long a tunnel connection + (including websockets) will be held open while the tunnel is + idle. \n If unset, the default timeout is 1h" + format: duration + type: string type: object unsupportedConfigOverrides: description: unsupportedConfigOverrides allows specifying unsupported diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml index 40acfb081..3c7a67d61 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml @@ -1,162 +1,135 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: servicecas.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: servicecas.operator.openshift.io spec: - scope: Cluster group: operator.openshift.io names: kind: ServiceCA listKind: ServiceCAList plural: servicecas singular: serviceca + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: ServiceCA provides information to configure an operator to manage - the service cert controllers - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "ServiceCA provides information to configure an operator to manage the service cert controllers \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml index 2cd8df93e..c0dcce7df 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml @@ -1,10 +1,11 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: networks.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: networks.operator.openshift.io spec: group: operator.openshift.io names: @@ -14,612 +15,429 @@ spec: singular: network scope: Cluster versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - description: Network describes the cluster's desired network configuration. - It is consumed by the cluster-network-operator. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - type: object - properties: - additionalNetworks: - description: additionalNetworks is a list of extra networks to make - available to pods when multiple networks are enabled. - type: array - items: - description: AdditionalNetworkDefinition configures an extra network - that is available but not created by default. Instead, pods must - request them by name. type must be specified, along with exactly - one "Config" that matches the type. + - name: v1 + schema: + openAPIV3Schema: + description: "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + type: object + properties: + additionalNetworks: + description: additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled. + type: array + items: + description: AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one "Config" that matches the type. + type: object + properties: + name: + description: name is the name of the network. This will be populated in the resulting CRD This must be unique. + type: string + namespace: + description: namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan + type: object + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used for IP Address Management (IPAM). + type: object + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic + type: object + properties: + addresses: + description: Addresses configures IP address for the interface + type: array + items: + description: StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses + type: object + properties: + address: + description: Address is the IP address in CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet to designate as the gateway + type: string + dns: + description: DNS configures DNS for the interface + type: object + properties: + domain: + description: Domain configures the domainname the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers for IP lookup + type: array + items: + type: string + search: + description: Search configures priority ordered search domains for short hostname lookups + type: array + items: + type: string + routes: + description: Routes configures IP routes for the interface + type: array + items: + description: StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes + type: object + properties: + destination: + description: Destination points the IP route destination + type: string + gateway: + description: Gateway is the route's next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: + description: Type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + master: + description: master is the host interface to create the macvlan interface from. If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge' + type: string + mtu: + description: mtu is the mtu to use for the macvlan interface. if unset, host's kernel will select the value. + type: integer + format: int32 + minimum: 0 + type: + description: type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + clusterNetwork: + description: clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr. + type: array + items: + description: ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks + type: object + properties: + cidr: + type: string + hostPrefix: + type: integer + format: int32 + minimum: 0 + defaultNetwork: + description: defaultNetwork is the "default" network that all pods will receive type: object properties: - name: - description: name is the name of the network. This will be populated - in the resulting CRD This must be unique. - type: string - namespace: - description: namespace is the namespace of the network. This - will be populated in the resulting CRD If not given the network - will be created in the default namespace. - type: string - rawCNIConfig: - description: rawCNIConfig is the raw CNI configuration json - to create in the NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: SimpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan + kuryrConfig: + description: KuryrConfig configures the kuryr plugin type: object properties: - ipamConfig: - description: IPAMConfig configures IPAM module will be used - for IP Address Management (IPAM). - type: object - properties: - staticIPAMConfig: - description: StaticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - type: object - properties: - addresses: - description: Addresses configures IP address for - the interface - type: array - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - type: object - properties: - address: - description: Address is the IP address in - CIDR format - type: string - gateway: - description: Gateway is IP inside of subnet - to designate as the gateway - type: string - dns: - description: DNS configures DNS for the interface - type: object - properties: - domain: - description: Domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: Nameservers points DNS servers - for IP lookup - type: array - items: - type: string - search: - description: Search configures priority ordered - search domains for short hostname lookups - type: array - items: - type: string - routes: - description: Routes configures IP routes for the - interface - type: array - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - type: object - properties: - destination: - description: Destination points the IP route - destination - type: string - gateway: - description: Gateway is the route's next-hop - IP address If unset, a default gateway is - assumed (as determined by the CNI plugin). - type: string - type: - description: Type is the type of IPAM module will be - used for IP Address Management(IPAM). The supported - values are IPAMTypeDHCP, IPAMTypeStatic - type: string - master: - description: master is the host interface to create the - macvlan interface from. If not specified, it will be default - route interface + controllerProbesPort: + description: The port kuryr-controller will listen for readiness and liveness requests. + type: integer + format: int32 + minimum: 0 + daemonProbesPort: + description: The port kuryr-daemon will listen for readiness and liveness requests. + type: integer + format: int32 + minimum: 0 + enablePortPoolsPrepopulation: + description: enablePortPoolsPrepopulation when true will make Kuryr prepopulate each newly created port pool with a minimum number of ports. Kuryr uses Neutron port pooling to fight the fact that it takes a significant amount of time to create one. Instead of creating it when pod is being deployed, Kuryr keeps a number of ports ready to be attached to pods. By default port prepopulation is disabled. + type: boolean + mtu: + description: mtu is the MTU that Kuryr should use when creating pod networks in Neutron. The value has to be lower or equal to the MTU of the nodes network and Neutron has to allow creation of tenant networks with such MTU. If unset Pod networks will be created with the same MTU as the nodes network has. + type: integer + format: int32 + minimum: 0 + openStackServiceNetwork: + description: openStackServiceNetwork contains the CIDR of network from which to allocate IPs for OpenStack Octavia's Amphora VMs. Please note that with Amphora driver Octavia uses two IPs from that network for each loadbalancer - one given by OpenShift and second for VRRP connections. As the first one is managed by OpenShift's and second by Neutron's IPAMs, those need to come from different pools. Therefore `openStackServiceNetwork` needs to be at least twice the size of `serviceNetwork`, and whole `serviceNetwork` must be overlapping with `openStackServiceNetwork`. cluster-network-operator will then make sure VRRP IPs are taken from the ranges inside `openStackServiceNetwork` that are not overlapping with `serviceNetwork`, effectivly preventing conflicts. If not set cluster-network-operator will use `serviceNetwork` expanded by decrementing the prefix size by 1. type: string + poolBatchPorts: + description: poolBatchPorts sets a number of ports that should be created in a single batch request to extend the port pool. The default is 3. For more information about port pools see enablePortPoolsPrepopulation setting. + type: integer + minimum: 0 + poolMaxPorts: + description: poolMaxPorts sets a maximum number of free ports that are being kept in a port pool. If the number of ports exceeds this setting, free ports will get deleted. Setting 0 will disable this upper bound, effectively preventing pools from shrinking and this is the default value. For more information about port pools see enablePortPoolsPrepopulation setting. + type: integer + minimum: 0 + poolMinPorts: + description: poolMinPorts sets a minimum number of free ports that should be kept in a port pool. If the number of ports is lower than this setting, new ports will get created and added to pool. The default is 1. For more information about port pools see enablePortPoolsPrepopulation setting. + type: integer + minimum: 1 + openshiftSDNConfig: + description: openShiftSDNConfig configures the openshift-sdn plugin + type: object + properties: + enableUnidling: + description: enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled. + type: boolean mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" type: string mtu: - description: mtu is the mtu to use for the macvlan interface. - if unset, host's kernel will select the value. + description: mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink. + type: integer + format: int32 + minimum: 0 + useExternalOpenvswitch: + description: 'useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored. DEPRECATED: non-functional as of 4.6' + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. The default is 4789. + type: integer + format: int32 + minimum: 0 + ovnKubernetesConfig: + description: oVNKubernetesConfig configures the ovn-kubernetes plugin. This is currently not implemented. + type: object + properties: + genevePort: + description: geneve port is the UDP port to be used by geneve encapulation. Default is 6081 + type: integer + format: int32 + minimum: 1 + hybridOverlayConfig: + description: HybridOverlayConfig configures an additional overlay network for peers that are not using OVN. + type: object + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space given to nodes on an additional overlay network. + type: array + items: + description: ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks + type: object + properties: + cidr: + type: string + hostPrefix: + type: integer + format: int32 + minimum: 0 + hybridOverlayVXLANPort: + description: HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789 + type: integer + format: int32 + ipsecConfig: + description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster. + type: object + mtu: + description: mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400 type: integer format: int32 minimum: 0 + policyAuditConfig: + description: policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used. + type: object + properties: + destination: + description: 'destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - "libc" -> to use the libc syslog() function of the host node''s journdald process - "udp:host:port" -> for sending syslog over UDP - "unix:file" -> for using the UNIX domain socket directly - "null" -> to discard all messages logged to syslog The default is "null"' + type: string + default: "null" + maxFileSize: + description: maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB + type: integer + format: int32 + default: 50 + minimum: 1 + rateLimit: + description: rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used. + type: integer + format: int32 + default: 20 + minimum: 1 + syslogFacility: + description: syslogFacility the RFC5424 facility for generated messages, e.g. "kern". Default is "local0" + type: string + default: local0 type: - description: type is the type of network The supported values - are NetworkTypeRaw, NetworkTypeSimpleMacvlan + description: type is the type of network All NetworkTypes are supported except for NetworkTypeRaw type: string - clusterNetwork: - description: clusterNetwork is the IP address pool to use for pod - IPs. Some network providers, e.g. OpenShift SDN, support multiple - ClusterNetworks. Others only support one. This is equivalent to - the cluster-cidr. - type: array - items: - description: ClusterNetworkEntry is a subnet from which to allocate - PodIPs. A network of size HostPrefix (in CIDR notation) will be - allocated when nodes join the cluster. If the HostPrefix field - is not used by the plugin, it can be left unset. Not all network - providers support multiple ClusterNetworks + deployKubeProxy: + description: deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when OpenShift SDN and ovn-kubernetes are used and true otherwise. + type: boolean + disableMultiNetwork: + description: disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + default: false + exportNetworkFlows: + description: exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector. type: object properties: - cidr: - type: string - hostPrefix: - type: integer - format: int32 - minimum: 0 - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - type: object - properties: - kuryrConfig: - description: KuryrConfig configures the kuryr plugin - type: object - properties: - controllerProbesPort: - description: The port kuryr-controller will listen for readiness - and liveness requests. - type: integer - format: int32 - minimum: 0 - daemonProbesPort: - description: The port kuryr-daemon will listen for readiness - and liveness requests. - type: integer - format: int32 - minimum: 0 - enablePortPoolsPrepopulation: - description: enablePortPoolsPrepopulation when true will make - Kuryr prepopulate each newly created port pool with a minimum - number of ports. Kuryr uses Neutron port pooling to fight - the fact that it takes a significant amount of time to create - one. Instead of creating it when pod is being deployed, - Kuryr keeps a number of ports ready to be attached to pods. - By default port prepopulation is disabled. - type: boolean - mtu: - description: mtu is the MTU that Kuryr should use when creating - pod networks in Neutron. The value has to be lower or equal - to the MTU of the nodes network and Neutron has to allow - creation of tenant networks with such MTU. If unset Pod - networks will be created with the same MTU as the nodes - network has. - type: integer - format: int32 - minimum: 0 - openStackServiceNetwork: - description: openStackServiceNetwork contains the CIDR of - network from which to allocate IPs for OpenStack Octavia's - Amphora VMs. Please note that with Amphora driver Octavia - uses two IPs from that network for each loadbalancer - one - given by OpenShift and second for VRRP connections. As the - first one is managed by OpenShift's and second by Neutron's - IPAMs, those need to come from different pools. Therefore - `openStackServiceNetwork` needs to be at least twice the - size of `serviceNetwork`, and whole `serviceNetwork` must - be overlapping with `openStackServiceNetwork`. cluster-network-operator - will then make sure VRRP IPs are taken from the ranges inside - `openStackServiceNetwork` that are not overlapping with - `serviceNetwork`, effectivly preventing conflicts. If not - set cluster-network-operator will use `serviceNetwork` expanded - by decrementing the prefix size by 1. - type: string - poolBatchPorts: - description: poolBatchPorts sets a number of ports that should - be created in a single batch request to extend the port - pool. The default is 3. For more information about port - pools see enablePortPoolsPrepopulation setting. - type: integer - minimum: 0 - poolMaxPorts: - description: poolMaxPorts sets a maximum number of free ports - that are being kept in a port pool. If the number of ports - exceeds this setting, free ports will get deleted. Setting - 0 will disable this upper bound, effectively preventing - pools from shrinking and this is the default value. For - more information about port pools see enablePortPoolsPrepopulation - setting. - type: integer - minimum: 0 - poolMinPorts: - description: poolMinPorts sets a minimum number of free ports - that should be kept in a port pool. If the number of ports - is lower than this setting, new ports will get created and - added to pool. The default is 1. For more information about - port pools see enablePortPoolsPrepopulation setting. - type: integer - minimum: 1 - openshiftSDNConfig: - description: openShiftSDNConfig configures the openshift-sdn plugin - type: object - properties: - enableUnidling: - description: enableUnidling controls whether or not the service - proxy will support idling and unidling of services. By default, - unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: mtu is the mtu to use for the tunnel interface. - Defaults to 1450 if unset. This must be 50 bytes smaller - than the machine's uplink. - type: integer - format: int32 - minimum: 0 - useExternalOpenvswitch: - description: useExternalOpenvswitch tells the operator not - to install openvswitch, because it will be provided separately. - If set, you must provide it yourself. - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - type: integer - format: int32 - minimum: 0 - ovnKubernetesConfig: - description: oVNKubernetesConfig configures the ovn-kubernetes - plugin. This is currently not implemented. - type: object - properties: - genevePort: - description: geneve port is the UDP port to be used by geneve - encapulation. Default is 6081 - type: integer - format: int32 - minimum: 1 - hybridOverlayConfig: - description: HybridOverlayConfig configures an additional - overlay network for peers that are not using OVN. - type: object - properties: - hybridClusterNetwork: - description: HybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - type: array - items: - description: ClusterNetworkEntry is a subnet from which - to allocate PodIPs. A network of size HostPrefix (in - CIDR notation) will be allocated when nodes join the - cluster. If the HostPrefix field is not used by the - plugin, it can be left unset. Not all network providers - support multiple ClusterNetworks - type: object - properties: - cidr: - type: string - hostPrefix: - type: integer - format: int32 - minimum: 0 - hybridOverlayVXLANPort: - description: HybridOverlayVXLANPort defines the VXLAN - port number to be used by the additional overlay network. - Default is 4789 - type: integer - format: int32 - ipsecConfig: - description: ipsecConfig enables and configures IPsec for - pods on the pod network within the cluster. - type: object - mtu: - description: mtu is the MTU to use for the tunnel interface. - This must be 100 bytes smaller than the uplink mtu. Default - is 1400 - type: integer - format: int32 - minimum: 0 - policyAuditConfig: - description: policyAuditConfig is the configuration for network - policy audit events. If unset, reported defaults are used. - type: object - properties: - destination: - description: 'destination is the location for policy log - messages. Regardless of this config, persistent logs - will always be dumped to the host at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - "libc" -> to use the libc syslog() - function of the host node''s journdald process - "udp:host:port" - -> for sending syslog over UDP - "unix:file" -> for - using the UNIX domain socket directly - "null" -> to - discard all messages logged to syslog The default is - "null"' + ipfix: + description: ipfix defines IPFIX configuration. + type: object + properties: + collectors: + description: ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items + type: array + maxItems: 10 + minItems: 1 + items: type: string - default: "null" - maxFileSize: - description: maxFilesSize is the max size an ACL_audit - log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - type: integer - format: int32 - default: 50 - minimum: 1 - rateLimit: - description: rateLimit is the approximate maximum number - of messages to generate per-second per-node. If unset - the default of 20 msg/sec is used. - type: integer - format: int32 - default: 20 - minimum: 1 - syslogFacility: - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + netFlow: + description: netFlow defines the NetFlow configuration. + type: object + properties: + collectors: + description: netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items + type: array + maxItems: 10 + minItems: 1 + items: type: string - default: local0 - type: - description: type is the type of network All NetworkTypes are - supported except for NetworkTypeRaw - type: string - deployKubeProxy: - description: deployKubeProxy specifies whether or not a standalone - kube-proxy should be deployed by the operator. Some network providers - include kube-proxy or similar functionality. If unset, the plugin - will attempt to select the correct value, which is false when OpenShift - SDN and ovn-kubernetes are used and true otherwise. - type: boolean - disableMultiNetwork: - description: disableMultiNetwork specifies whether or not multiple - pod network support should be disabled. If unset, this property - defaults to 'false' and multiple network support is enabled. - type: boolean - disableNetworkDiagnostics: - description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled - or not. If unset, this property defaults to 'false' and network - diagnostics is enabled. Setting this to 'true' would reduce the - additional load of the pods performing the checks. - type: boolean - default: false - exportNetworkFlows: - description: exportNetworkFlows enables and configures the export - of network flow metadata from the pod network by using protocols - NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes - plugin. If unset, flows will not be exported to any collector. - type: object - properties: - ipfix: - description: ipfix defines IPFIX configuration. - type: object - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + sFlow: + description: sFlow defines the SFlow configuration. + type: object + properties: + collectors: + description: sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items + type: array + maxItems: 10 + minItems: 1 + items: + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + kubeProxyConfig: + description: kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn. + type: object + properties: + bindAddress: + description: The address to "bind" on Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: 'An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s' + type: string + proxyArguments: + description: Any additional arguments to pass to the kubeproxy process + type: object + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass to the kubeproxy process type: array - maxItems: 10 - minItems: 1 items: type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):[0-9]+$ - netFlow: - description: netFlow defines the NetFlow configuration. + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + migration: + description: migration enables and configures the cluster network migration. Setting this to the target network type to allow changing the default network. If unset, the operation of changing cluster default network plugin will be rejected. + type: object + properties: + networkType: + description: networkType is the target type of network migration The supported values are OpenShiftSDN, OVNKubernetes + type: string + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + serviceNetwork: + description: serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth. + type: array + items: + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored. + type: boolean + status: + description: NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. type: object properties: - collectors: - description: netFlow defines the NetFlow collectors that will - consume the flow data exported from OVS. It is a list of - strings formatted as ip:port with a maximum of ten items - type: array - maxItems: 10 - minItems: 1 - items: - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):[0-9]+$ - sFlow: - description: sFlow defines the SFlow configuration. + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. type: object properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - type: array - maxItems: 10 - minItems: 1 - items: - type: string - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):[0-9]+$ - kubeProxyConfig: - description: kubeProxyConfig lets us configure desired proxy configuration. - If not specified, sensible defaults will be chosen by OpenShift - directly. Not consumed by all network providers - currently only - openshift-sdn. - type: object - properties: - bindAddress: - description: The address to "bind" on Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: 'An internal kube-proxy parameter. In older releases - of OCP, this sometimes needed to be adjusted in large clusters - for performance reasons, but this is no longer necessary, and - there is no reason to change this from the default value. Default: - 30s' - type: string - proxyArguments: - description: Any additional arguments to pass to the kubeproxy - process - type: object - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - type: array - items: + group: + description: group is the group of the thing you're tracking type: string - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - migration: - description: migration enables and configures the cluster network - migration. Setting this to the target network type to allow changing - the default network. If unset, the operation of changing cluster - default network plugin will be rejected. - type: object - properties: - networkType: - description: networkType is the target type of network migration - The supported values are OpenShiftSDN, OVNKubernetes - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - serviceNetwork: - description: serviceNetwork is the ip address pool to use for Service - IPs Currently, all existing network providers only support a single - value here, but this is an array to allow for growth. - type: array - items: + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: useMultiNetworkPolicy enables a controller which allows - for MultiNetworkPolicy objects to be used on additional networks - as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod - can receive over the secondary interfaces. If unset, this property - defaults to 'false' and MultiNetworkPolicy objects are ignored. - If 'disableMultiNetwork' is 'true' then the value of this field - is ignored. - type: boolean - status: - description: NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + served: true + storage: true diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml index d640e6038..7a7492d6e 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml @@ -1,356 +1,275 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: consoles.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/486 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: consoles.operator.openshift.io spec: - scope: Cluster group: operator.openshift.io names: kind: Console listKind: ConsoleList plural: consoles singular: console + scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: Console provides a means to configure an operator to manage the - console. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleSpec is the specification of the desired behavior - of the Console. - type: object - properties: - customization: - description: customization is used to optionally provide a small set - of customization options to the web console. - type: object - properties: - brand: - description: brand is the default branding of the web console - which can be overridden by providing the brand field. There - is a limited set of specific brand options. This field controls - elements of the console such as the logo. Invalid value will - prevent a console rollout. - type: string - pattern: ^$|^(ocp|origin|okd|dedicated|online|azure)$ - customLogoFile: - description: 'customLogoFile replaces the default OpenShift logo - in the masthead and about dialog. It is a reference to a ConfigMap - in the openshift-config namespace. This can be created with - a command like ''oc create configmap custom-logo --from-file=/path/to/file - -n openshift-config''. Image size must be less than 1 MB due - to constraints on the ConfigMap size. The ConfigMap key should - include a file extension so that the console serves the file - with the correct MIME type. Recommended logo specifications: - Dimensions: Max height of 68px and max width of 200px SVG format - preferred' - type: object - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - customProductName: - description: customProductName is the name that will be displayed - in page titles, logo alt text, and the about dialog instead - of the normal OpenShift product name. - type: string - developerCatalog: - description: developerCatalog allows to configure the shown developer - catalog categories. - type: object - properties: - categories: - description: categories which are shown in the developer catalog. - type: array - items: - description: DeveloperConsoleCatalogCategory for the developer - console catalog. - type: object - required: - - id - - label - properties: - id: - description: ID is an identifier used in the URL to - enable deep linking in console. ID is required and - must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. - type: string - maxLength: 32 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - label: - description: label defines a category display label. - It is required and must have 1-64 characters. - type: string - maxLength: 64 - minLength: 1 - subcategories: - description: subcategories defines a list of child categories. - type: array - items: - description: DeveloperConsoleCatalogCategoryMeta are - the key identifiers of a developer catalog category. - type: object - required: - - id - - label - properties: - id: - description: ID is an identifier used in the URL - to enable deep linking in console. ID is required - and must have 1-32 URL safe (A-Z, a-z, 0-9, - - and _) characters. - type: string - maxLength: 32 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - label: - description: label defines a category display - label. It is required and must have 1-64 characters. - type: string - maxLength: 64 - minLength: 1 - tags: - description: tags is a list of strings that will - match the category. A selected category show - all items which has at least one overlapping - tag between category and item. - type: array - items: - type: string - tags: - description: tags is a list of strings that will match - the category. A selected category show all items which - has at least one overlapping tag between category - and item. - type: array - items: + - name: v1 + schema: + openAPIV3Schema: + description: "Console provides a means to configure an operator to manage the console. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsoleSpec is the specification of the desired behavior of the Console. + type: object + properties: + customization: + description: customization is used to optionally provide a small set of customization options to the web console. + type: object + properties: + addPage: + description: addPage allows customizing actions on the Add page in developer perspective. + type: object + properties: + disabledActions: + description: disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID. + type: array + minItems: 1 + items: + type: string + brand: + description: brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout. + type: string + pattern: ^$|^(ocp|origin|okd|dedicated|online|azure)$ + customLogoFile: + description: 'customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like ''oc create configmap custom-logo --from-file=/path/to/file -n openshift-config''. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred' + type: object + properties: + key: + description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. + type: string + name: + type: string + customProductName: + description: customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name. + type: string + developerCatalog: + description: developerCatalog allows to configure the shown developer catalog categories. + type: object + properties: + categories: + description: categories which are shown in the developer catalog. + type: array + items: + description: DeveloperConsoleCatalogCategory for the developer console catalog. + type: object + required: + - id + - label + properties: + id: + description: ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. type: string - documentationBaseURL: - description: documentationBaseURL links to external documentation - are shown in various sections of the web console. Providing - documentationBaseURL will override the default documentation - URL. Invalid value will prevent a console rollout. + maxLength: 32 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + label: + description: label defines a category display label. It is required and must have 1-64 characters. + type: string + maxLength: 64 + minLength: 1 + subcategories: + description: subcategories defines a list of child categories. + type: array + items: + description: DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category. + type: object + required: + - id + - label + properties: + id: + description: ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + type: string + maxLength: 32 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + label: + description: label defines a category display label. It is required and must have 1-64 characters. + type: string + maxLength: 64 + minLength: 1 + tags: + description: tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item. + type: array + items: + type: string + tags: + description: tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item. + type: array + items: + type: string + documentationBaseURL: + description: documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout. + type: string + pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ + projectAccess: + description: projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options. + type: object + properties: + availableClusterRoles: + description: availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab. + type: array + items: + type: string + quickStarts: + description: quickStarts allows customization of available ConsoleQuickStart resources in console. + type: object + properties: + disabled: + description: disabled is a list of ConsoleQuickStart resource names that are not shown to users. + type: array + items: + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + plugins: + description: plugins defines a list of enabled console plugin names. + type: array + items: type: string - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ - projectAccess: - description: projectAccess allows customizing the available list - of ClusterRoles in the Developer perspective Project access - page which can be used by a project admin to specify roles to - other users and restrict access within the project. If set, - the list will replace the default ClusterRole options. - type: object - properties: - availableClusterRoles: - description: availableClusterRoles is the list of ClusterRole - names that are assignable to users through the project access - tab. - type: array - items: + providers: + description: providers contains configuration for using specific service providers. + type: object + properties: + statuspage: + description: statuspage contains ID for statuspage.io page that provides status info about. + type: object + properties: + pageID: + description: pageID is the unique ID assigned by Statuspage for your page. This must be a public page. type: string - quickStarts: - description: quickStarts allows customization of available ConsoleQuickStart - resources in console. - type: object - properties: - disabled: - description: disabled is a list of ConsoleQuickStart resource - names that are not shown to users. - type: array - items: + route: + description: route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED + type: object + properties: + hostname: + description: hostname is the desired custom domain under which console will be available. + type: string + secret: + description: 'secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - "tls.crt" - to specifies custom certificate - "tls.key" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret type: string - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - plugins: - description: plugins defines a list of enabled console plugin names. - type: array - items: - type: string - providers: - description: providers contains configuration for using specific service - providers. - type: object - properties: - statuspage: - description: statuspage contains ID for statuspage.io page that - provides status info about. + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: ConsoleStatus defines the observed status of the Console. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. type: object properties: - pageID: - description: pageID is the unique ID assigned by Statuspage - for your page. This must be a public page. + lastTransitionTime: type: string - route: - description: route contains hostname and secret reference that contains - the serving certificate. If a custom route is specified, a new route - will be created with the provided hostname, under which console - will be available. In case of custom hostname uses the default routing - suffix of the cluster, the Secret specification for a serving certificate - will not be needed. In case of custom hostname points to an arbitrary - domain, manual DNS configurations steps are necessary. The default - console route will be maintained to reserve the default hostname - for console if the custom route is removed. If not specified, default - route will be used. - type: object - properties: - hostname: - description: hostname is the desired custom domain under which - console will be available. - type: string - secret: - description: 'secret points to secret in the openshift-config - namespace that contains custom certificate and key and needs - to be created manually by the cluster admin. Referenced Secret - is required to contain following key value pairs: - "tls.crt" - - to specifies custom certificate - "tls.key" - to specifies - private key of the custom certificate If the custom hostname - uses the default routing suffix of the cluster, the Secret specification - for a serving certificate will not be needed.' + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. type: object - required: - - name properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 name: - description: name is the metadata.name of the referenced secret + description: name is the name of the thing you're tracking type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: ConsoleStatus defines the observed status of the Console. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml index 66e595bb8..84ff00d91 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml @@ -3,6 +3,7 @@ kind: CustomResourceDefinition metadata: name: dnses.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" @@ -15,191 +16,117 @@ spec: singular: dns scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: "DNS manages the CoreDNS component to provide a name resolution - service for pods and services in the cluster. \n This supports the DNS-based - service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md - \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - DNS. - type: object - properties: - nodePlacement: - description: "nodePlacement provides explicit control over the scheduling - of DNS pods. \n Generally, it is useful to run a DNS pod on every - node so that DNS queries are always handled by a local DNS pod instead - of going over the network to a DNS pod on another node. However, - security policies may require restricting the placement of DNS pods - to specific nodes. For example, if a security policy prohibits pods - on arbitrary nodes from communicating with the API, a node selector - can be specified to restrict DNS pods to nodes that are permitted - to communicate with the API. Conversely, if running DNS pods on - nodes with a particular taint is desired, a toleration can be specified - for that taint. \n If unset, defaults are used. See nodePlacement - for more details." - type: object - properties: - nodeSelector: - description: "nodeSelector is the node selector applied to DNS - pods. \n If empty, the default is used, which is currently the - following: \n kubernetes.io/os: linux \n This default is subject - to change. \n If set, the specified selector is used and replaces - the default." - type: object - additionalProperties: - type: string - tolerations: - description: "tolerations is a list of tolerations applied to - DNS pods. \n The default is an empty list. This default is - subject to change. \n See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - servers: - description: "servers is a list of DNS resolvers that provide name - query delegation for one or more subdomains outside the scope of - the cluster domain. If servers consists of more than one Server, - longest suffix match will be used to determine the Server. \n For - example, if there are two Servers, one for \"foo.com\" and another - for \"a.foo.com\", and the name query is for \"www.a.foo.com\", - it will be routed to the Server with Zone \"a.foo.com\". \n If this - field is nil, no servers are created." - type: array - items: - description: Server defines the schema for a server that runs per - instance of CoreDNS. + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster. \n This supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the DNS. + type: object + properties: + managementState: + description: managementState indicates whether the DNS operator should manage cluster DNS + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + nodePlacement: + description: "nodePlacement provides explicit control over the scheduling of DNS pods. \n Generally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint. \n If unset, defaults are used. See nodePlacement for more details." type: object properties: - forwardPlugin: - description: forwardPlugin defines a schema for configuring - CoreDNS to proxy DNS messages to upstream resolvers. + nodeSelector: + description: "nodeSelector is the node selector applied to DNS pods. \n If empty, the default is used, which is currently the following: \n kubernetes.io/os: linux \n This default is subject to change. \n If set, the specified selector is used and replaces the default." type: object - properties: - upstreams: - description: "upstreams is a list of resolvers to forward - name queries for subdomains of Zones. Upstreams are randomized - when more than 1 upstream is specified. Each instance - of CoreDNS performs health checking of Upstreams. When - a healthy upstream returns an error during the exchange, - another resolver is tried from Upstreams. Each upstream - is represented by an IP address or IP:port if the upstream - listens on a port other than 53. \n A maximum of 15 upstreams - is allowed per ForwardPlugin." - type: array - maxItems: 15 - items: - type: string - name: - description: name is required and specifies a unique name for - the server. Name must comply with the Service Name Syntax - of rfc6335. - type: string - zones: - description: zones is required and specifies the subdomains - that Server is authoritative for. Zones must conform to the - rfc1123 definition of a subdomain. Specifying the cluster - domain (i.e., "cluster.local") is invalid. + additionalProperties: + type: string + tolerations: + description: "tolerations is a list of tolerations applied to DNS pods. \n If empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable. \n Note that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" type: array items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + servers: + description: "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server. \n For example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\". \n If this field is nil, no servers are created." + type: array + items: + description: Server defines the schema for a server that runs per instance of CoreDNS. + type: object + properties: + forwardPlugin: + description: forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers. + type: object + properties: + upstreams: + description: "upstreams is a list of resolvers to forward name queries for subdomains of Zones. Upstreams are randomized when more than 1 upstream is specified. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53. \n A maximum of 15 upstreams is allowed per ForwardPlugin." + type: array + maxItems: 15 + items: + type: string + name: + description: name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335. + type: string + zones: + description: zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., "cluster.local") is invalid. + type: array + items: + type: string + status: + description: status is the most recently observed status of the DNS. + type: object + required: + - clusterDomain + - clusterIP + properties: + clusterDomain: + description: "clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\" \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service" + type: string + clusterIP: + description: "clusterIP is the service IP through which this DNS is made available. \n In the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy. \n In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + type: string + conditions: + description: "conditions provide information about the state of the DNS on the cluster. \n These are the supported DNS conditions: \n * Available - True if the following conditions are met: * DNS controller daemonset is available. - False if any of those conditions are unsatisfied." + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: type: string - status: - description: status is the most recently observed status of the DNS. - type: object - required: - - clusterDomain - - clusterIP - properties: - clusterDomain: - description: "clusterDomain is the local cluster DNS domain suffix - for DNS services. This will be a subdomain as defined in RFC 1034, - section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: - \"cluster.local\" \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service" - type: string - clusterIP: - description: "clusterIP is the service IP through which this DNS is - made available. \n In the case of the default DNS, this will be - a well known IP that is used as the default nameserver for pods - that are using the default ClusterFirst DNS policy. \n In general, - this IP can be specified in a pod's spec.dnsConfig.nameservers list - or used explicitly when performing name resolution from within the - cluster. Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - type: string - conditions: - description: "conditions provide information about the state of the - DNS on the cluster. \n These are the supported DNS conditions: \n - \ * Available - True if the following conditions are met: * - DNS controller daemonset is available. - False if any of those - conditions are unsatisfied." - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml index 720253030..f59319a60 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml @@ -1,11 +1,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: csisnapshotcontrollers.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/562 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: csisnapshotcontrollers.operator.openshift.io spec: group: operator.openshift.io names: @@ -14,148 +15,120 @@ spec: singular: csisnapshotcontroller scope: Cluster versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: CSISnapshotController provides a means to configure an operator - to manage the CSI snapshots. `cluster` is the canonical name. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - logLevel: - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - type: string - default: Normal - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + - name: v1 + schema: + openAPIV3Schema: + description: "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml index ff66f8c2a..78451b2fa 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/701 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" @@ -17,10 +18,11 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ClusterCSIDriver object allows management and configuration of - a CSI driver operator installed by default in OpenShift. Name of the object - must be name of the CSI driver it operates. See CSIDriverName type for list - of allowed values. + description: "ClusterCSIDriver object allows management and configuration + of a CSI driver operator installed by default in OpenShift. Name of the + object must be name of the CSI driver it operates. See CSIDriverName type + for list of allowed values. \n Compatibility level 1: Stable within a major + release for a minimum of 12 months or 3 minor releases (whichever is longer)." properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -37,6 +39,7 @@ spec: name: enum: - ebs.csi.aws.com + - efs.csi.aws.com - disk.csi.azure.com - pd.csi.storage.gke.io - cinder.csi.openstack.org @@ -44,6 +47,7 @@ spec: - manila.csi.openstack.org - csi.ovirt.org - csi.kubevirt.io + - csi.shared-resources.openshift.io type: string type: object spec: diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch index dfcaf8b44..508903a8c 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch @@ -5,6 +5,7 @@ type: string enum: - ebs.csi.aws.com + - efs.csi.aws.com - disk.csi.azure.com - pd.csi.storage.gke.io - cinder.csi.openstack.org @@ -12,3 +13,4 @@ - manila.csi.openstack.org - csi.ovirt.org - csi.kubevirt.io + - csi.shared-resources.openshift.io diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index c4586ad31..5f731593d 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -6,6 +6,9 @@ import ( ) // MyOperatorResource is an example operator configuration type +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:internal type MyOperatorResource struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -220,8 +223,12 @@ type NodeStatus struct { LastFailedRevision int32 `json:"lastFailedRevision,omitempty"` // lastFailedTime is the time the last failed revision failed the last time. LastFailedTime *metav1.Time `json:"lastFailedTime,omitempty"` - // lastFailedCount is how often the last failed revision failed. + // lastFailedReason is a machine readable failure reason string. + LastFailedReason string `json:"lastFailedReason,omitempty"` + // lastFailedCount is how often the installer pod of the last failed revision failed. LastFailedCount int `json:"lastFailedCount,omitempty"` - // lastFailedRevisionErrors is a list of the errors during the failed deployment referenced in lastFailedRevision + // lastFallbackCount is how often a fallback to a previous revision happened. + LastFallbackCount int `json:"lastFallbackCount,omitempty"` + // lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. LastFailedRevisionErrors []string `json:"lastFailedRevisionErrors,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/types_authentication.go b/vendor/github.com/openshift/api/operator/v1/types_authentication.go index 61c777cf2..80aa55f39 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/operator/v1/types_authentication.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Authentication provides information to configure an operator to manage authentication. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Authentication struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -43,6 +46,9 @@ type OAuthAPIServerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // AuthenticationList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type AuthenticationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go index 8d1806cd6..8ad336fa2 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go +++ b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CloudCredential provides a means to configure an operator to manage CredentialsRequests. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type CloudCredential struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -68,6 +71,8 @@ type CloudCredentialStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type CloudCredentialList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_config.go b/vendor/github.com/openshift/api/operator/v1/types_config.go index 267f3682e..89a6975ac 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_config.go +++ b/vendor/github.com/openshift/api/operator/v1/types_config.go @@ -8,7 +8,10 @@ import ( // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// Config provides information to configure the config operator. +// Config provides information to configure the config operator. It handles installation, migration or synchronization of cloud based cluster configurations like AWS or Azure. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Config struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -34,6 +37,9 @@ type ConfigStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ConfigList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 866ce26fa..a01333b7c 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -11,6 +11,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Console provides a means to configure an operator to manage the console. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Console struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -40,6 +43,7 @@ type ConsoleSpec struct { // The default console route will be maintained to reserve the default hostname // for console if the custom route is removed. // If not specified, default route will be used. + // DEPRECATED // +optional Route ConsoleConfigRoute `json:"route"` // plugins defines a list of enabled console plugin names. @@ -48,6 +52,7 @@ type ConsoleSpec struct { } // ConsoleConfigRoute holds information on external route access to console. +// DEPRECATED type ConsoleConfigRoute struct { // hostname is the desired custom domain under which console will be available. Hostname string `json:"hostname"` @@ -123,6 +128,10 @@ type ConsoleCustomization struct { // +kubebuilder:validation:Optional // +optional QuickStarts QuickStarts `json:"quickStarts,omitempty"` + // addPage allows customizing actions on the Add page in developer perspective. + // +kubebuilder:validation:Optional + // +optional + AddPage AddPage `json:"addPage,omitempty"` } // ProjectAccess contains options for project access roles @@ -183,6 +192,16 @@ type QuickStarts struct { Disabled []string `json:"disabled,omitempty"` } +// AddPage allows customizing actions on the Add page in developer perspective. +type AddPage struct { + // disabledActions is a list of actions that are not shown to users. + // Each action in the list is represented by its ID. + // +kubebuilder:validation:Optional + // +kubebuilder:validation:MinItems=1 + // +optional + DisabledActions []string `json:"disabledActions,omitempty"` +} + // Brand is a specific supported brand within the console. // +kubebuilder:validation:Pattern=`^$|^(ocp|origin|okd|dedicated|online|azure)$` type Brand string @@ -204,6 +223,8 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ConsoleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 09413dc74..1460d15e3 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -20,6 +20,9 @@ import ( // ClusterCSIDriver object allows management and configuration of a CSI driver operator // installed by default in OpenShift. Name of the object must be name of the CSI driver // it operates. See CSIDriverName type for list of allowed values. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterCSIDriver struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -37,17 +40,18 @@ type ClusterCSIDriver struct { // CSIDriverName is the name of the CSI driver type CSIDriverName string -// If you are adding a new driver name here, ensure that kubebuilder:validation:Enum is updated above -// and 0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch file is also updated with new driver name. +// If you are adding a new driver name here, ensure that 0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch file is also updated with new driver name. const ( - AWSEBSCSIDriver CSIDriverName = "ebs.csi.aws.com" - AzureDiskCSIDriver CSIDriverName = "disk.csi.azure.com" - GCPPDCSIDriver CSIDriverName = "pd.csi.storage.gke.io" - CinderCSIDriver CSIDriverName = "cinder.csi.openstack.org" - VSphereCSIDriver CSIDriverName = "csi.vsphere.vmware.com" - ManilaCSIDriver CSIDriverName = "manila.csi.openstack.org" - OvirtCSIDriver CSIDriverName = "csi.ovirt.org" - KubevirtCSIDriver CSIDriverName = "csi.kubevirt.io" + AWSEBSCSIDriver CSIDriverName = "ebs.csi.aws.com" + AWSEFSCSIDriver CSIDriverName = "efs.csi.aws.com" + AzureDiskCSIDriver CSIDriverName = "disk.csi.azure.com" + GCPPDCSIDriver CSIDriverName = "pd.csi.storage.gke.io" + CinderCSIDriver CSIDriverName = "cinder.csi.openstack.org" + VSphereCSIDriver CSIDriverName = "csi.vsphere.vmware.com" + ManilaCSIDriver CSIDriverName = "manila.csi.openstack.org" + OvirtCSIDriver CSIDriverName = "csi.ovirt.org" + KubevirtCSIDriver CSIDriverName = "csi.kubevirt.io" + SharedResourcesCSIDriver CSIDriverName = "csi.shared-resources.openshift.io" ) // ClusterCSIDriverSpec is the desired behavior of CSI driver operator @@ -64,6 +68,9 @@ type ClusterCSIDriverStatus struct { // +kubebuilder:object:root=true // ClusterCSIDriverList contains a list of ClusterCSIDriver +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterCSIDriverList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go b/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go index 5b6c06aaf..21db5df0a 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type CSISnapshotController struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -37,6 +40,9 @@ type CSISnapshotControllerStatus struct { // +kubebuilder:object:root=true // CSISnapshotControllerList contains a list of CSISnapshotControllers. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type CSISnapshotControllerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_dns.go b/vendor/github.com/openshift/api/operator/v1/types_dns.go index ce4cf3238..4e6c7eea7 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_dns.go +++ b/vendor/github.com/openshift/api/operator/v1/types_dns.go @@ -20,6 +20,9 @@ import ( // https://github.com/kubernetes/dns/blob/master/docs/specification.md // // More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DNS struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -62,6 +65,11 @@ type DNSSpec struct { // // +optional NodePlacement DNSNodePlacement `json:"nodePlacement,omitempty"` + + // managementState indicates whether the DNS operator should manage cluster + // DNS + // +optional + ManagementState ManagementState `json:"managementState,omitempty"` } // Server defines the schema for a server that runs per instance of CoreDNS. @@ -110,9 +118,14 @@ type DNSNodePlacement struct { // tolerations is a list of tolerations applied to DNS pods. // - // The default is an empty list. This default is subject to change. + // If empty, the DNS operator sets a toleration for the + // "node-role.kubernetes.io/master" taint. This default is subject to + // change. Specifying tolerations without including a toleration for + // the "node-role.kubernetes.io/master" taint may be risky as it could + // lead to an outage if all worker nodes become unavailable. // - // See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + // Note that the daemon controller adds some tolerations as well. See + // https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ // // +optional Tolerations []corev1.Toleration `json:"tolerations,omitempty"` @@ -170,6 +183,9 @@ type DNSStatus struct { // +kubebuilder:object:root=true // DNSList contains a list of DNS +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type DNSList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index 106c92b81..6cd593ced 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Etcd provides information to configure an operator to manage etcd. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Etcd struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -31,6 +34,9 @@ type EtcdStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeAPISOperatorConfigList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type EtcdList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 235d11849..44c02d6ec 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -28,6 +28,9 @@ import ( // // Whenever possible, sensible defaults for the platform are used. See each // field for more details. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type IngressController struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -158,14 +161,16 @@ type IngressControllerSpec struct { // to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress // controller, resulting in a rollout. // - // Note that the minimum TLS version for ingress controllers is 1.1, and - // the maximum TLS version is 1.2. An implication of this restriction - // is that the Modern TLS profile type cannot be used because it - // requires TLS 1.3. - // // +optional TLSSecurityProfile *configv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + // clientTLS specifies settings for requesting and verifying client + // certificates, which can be used to enable mutual TLS for + // edge-terminated and reencrypt routes. + // + // +optional + ClientTLS ClientTLS `json:"clientTLS"` + // routeAdmission defines a policy for handling new route claims (for example, // to allow or deny claims across namespaces). // @@ -189,6 +194,28 @@ type IngressControllerSpec struct { // +optional HTTPHeaders *IngressControllerHTTPHeaders `json:"httpHeaders,omitempty"` + // httpEmptyRequestsPolicy describes how HTTP connections should be + // handled if the connection times out before a request is received. + // Allowed values for this field are "Respond" and "Ignore". If the + // field is set to "Respond", the ingress controller sends an HTTP 400 + // or 408 response, logs the connection (if access logging is enabled), + // and counts the connection in the appropriate metrics. If the field + // is set to "Ignore", the ingress controller closes the connection + // without sending a response, logging the connection, or incrementing + // metrics. The default value is "Respond". + // + // Typically, these connections come from load balancers' health probes + // or Web browsers' speculative connections ("preconnect") and can be + // safely ignored. However, these requests may also be caused by + // network errors, and so setting this field to "Ignore" may impede + // detection and diagnosis of problems. In addition, these requests may + // be caused by port scans, in which case logging empty requests may aid + // in detecting intrusion attempts. + // + // +optional + // +kubebuilder:default:="Respond" + HTTPEmptyRequestsPolicy HTTPEmptyRequestsPolicy `json:"httpEmptyRequestsPolicy,omitempty"` + // tuningOptions defines parameters for adjusting the performance of // ingress controller pods. All fields are optional and will use their // respective defaults if not set. See specific tuningOptions fields for @@ -585,6 +612,57 @@ type EndpointPublishingStrategy struct { NodePort *NodePortStrategy `json:"nodePort,omitempty"` } +// ClientCertificatePolicy describes the policy for client certificates. +// +kubebuilder:validation:Enum="";Required;Optional +type ClientCertificatePolicy string + +const ( + // ClientCertificatePolicyRequired indicates that a client certificate + // should be required. + ClientCertificatePolicyRequired ClientCertificatePolicy = "Required" + + // ClientCertificatePolicyOptional indicates that a client certificate + // should be requested but not required. + ClientCertificatePolicyOptional ClientCertificatePolicy = "Optional" +) + +// ClientTLS specifies TLS configuration to enable client-to-server +// authentication, which can be used for mutual TLS. +type ClientTLS struct { + // clientCertificatePolicy specifies whether the ingress controller + // requires clients to provide certificates. This field accepts the + // values "Required" or "Optional". + // + // Note that the ingress controller only checks client certificates for + // edge-terminated and reencrypt TLS routes; it cannot check + // certificates for cleartext HTTP or passthrough TLS routes. + // + // +kubebuilder:validation:Required + // +required + ClientCertificatePolicy ClientCertificatePolicy `json:"clientCertificatePolicy"` + + // clientCA specifies a configmap containing the PEM-encoded CA + // certificate bundle that should be used to verify a client's + // certificate. The administrator must create this configmap in the + // openshift-config namespace. + // + // +kubebuilder:validation:Required + // +required + ClientCA configv1.ConfigMapNameReference `json:"clientCA"` + + // allowedSubjectPatterns specifies a list of regular expressions that + // should be matched against the distinguished name on a valid client + // certificate to filter requests. The regular expressions must use + // PCRE syntax. If this list is empty, no filtering is performed. If + // the list is nonempty, then at least one pattern must match a client + // certificate's distinguished name or else the ingress controller + // rejects the certificate and denies the connection. + // + // +listType=atomic + // +optional + AllowedSubjectPatterns []string `json:"allowedSubjectPatterns,omitempty"` +} + // RouteAdmissionPolicy is an admission policy for allowing new route claims. type RouteAdmissionPolicy struct { // namespaceOwnership describes how host name claims across namespaces should @@ -852,6 +930,17 @@ type IngressControllerCaptureHTTPCookieUnion struct { NamePrefix string `json:"namePrefix"` } +// LoggingPolicy indicates how an event should be logged. +// +kubebuilder:validation:Enum=Log;Ignore +type LoggingPolicy string + +const ( + // LoggingPolicyLog indicates that an event should be logged. + LoggingPolicyLog LoggingPolicy = "Log" + // LoggingPolicyIgnore indicates that an event should not be logged. + LoggingPolicyIgnore LoggingPolicy = "Ignore" +) + // AccessLogging describes how client requests should be logged. type AccessLogging struct { // destination is where access logs go. @@ -896,6 +985,21 @@ type AccessLogging struct { // +optional // +kubebuilder:validation:MaxItems=1 HTTPCaptureCookies []IngressControllerCaptureHTTPCookie `json:"httpCaptureCookies,omitempty"` + + // logEmptyRequests specifies how connections on which no request is + // received should be logged. Typically, these empty requests come from + // load balancers' health probes or Web browsers' speculative + // connections ("preconnect"), in which case logging these requests may + // be undesirable. However, these requests may also be caused by + // network errors, in which case logging empty requests may be useful + // for diagnosing the errors. In addition, these requests may be caused + // by port scans, in which case logging empty requests may aid in + // detecting intrusion attempts. Allowed values for this field are + // "Log" and "Ignore". The default value is "Log". + // + // +optional + // +kubebuilder:default:="Log" + LogEmptyRequests LoggingPolicy `json:"logEmptyRequests,omitempty"` } // IngressControllerLogging describes what should be logged where. @@ -1064,9 +1168,10 @@ type IngressControllerTuningOptions struct { // threadCount defines the number of threads created per HAProxy process. // Creating more threads allows each ingress controller pod to handle more - // connections, at the cost of more system resources being used. If this - // field is empty, the IngressController will use the default value. The - // current default is 4 threads, but this may change in future releases. + // connections, at the cost of more system resources being used. HAProxy + // currently supports up to 64 threads. If this field is empty, the + // IngressController will use the default value. The current default is 4 + // threads, but this may change in future releases. // // Setting this field is generally not recommended. Increasing the number // of HAProxy threads allows ingress controller pods to utilize more CPU @@ -1076,10 +1181,85 @@ type IngressControllerTuningOptions struct { // // +kubebuilder:validation:Optional // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=64 // +optional ThreadCount int32 `json:"threadCount,omitempty"` + + // clientTimeout defines how long a connection will be held open while + // waiting for a client response. + // + // If unset, the default timeout is 30s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ClientTimeout *metav1.Duration `json:"clientTimeout,omitempty"` + + // clientFinTimeout defines how long a connection will be held open while + // waiting for the client response to the server/backend closing the + // connection. + // + // If unset, the default timeout is 1s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ClientFinTimeout *metav1.Duration `json:"clientFinTimeout,omitempty"` + + // serverTimeout defines how long a connection will be held open while + // waiting for a server/backend response. + // + // If unset, the default timeout is 30s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ServerTimeout *metav1.Duration `json:"serverTimeout,omitempty"` + + // serverFinTimeout defines how long a connection will be held open while + // waiting for the server/backend response to the client closing the + // connection. + // + // If unset, the default timeout is 1s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + ServerFinTimeout *metav1.Duration `json:"serverFinTimeout,omitempty"` + + // tunnelTimeout defines how long a tunnel connection (including + // websockets) will be held open while the tunnel is idle. + // + // If unset, the default timeout is 1h + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + TunnelTimeout *metav1.Duration `json:"tunnelTimeout,omitempty"` + + // tlsInspectDelay defines how long the router can hold data to find a + // matching route. + // + // Setting this too short can cause the router to fall back to the default + // certificate for edge-terminated or reencrypt routes even when a better + // matching certificate could be used. + // + // If unset, the default inspect delay is 5s + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Format=duration + // +optional + TLSInspectDelay *metav1.Duration `json:"tlsInspectDelay,omitempty"` } +// HTTPEmptyRequestsPolicy indicates how HTTP connections for which no request +// is received should be handled. +// +kubebuilder:validation:Enum=Respond;Ignore +type HTTPEmptyRequestsPolicy string + +const ( + // HTTPEmptyRequestsPolicyRespond indicates that the ingress controller + // should respond to empty requests. + HTTPEmptyRequestsPolicyRespond HTTPEmptyRequestsPolicy = "Respond" + // HTTPEmptyRequestsPolicyIgnore indicates that the ingress controller + // should ignore empty requests. + HTTPEmptyRequestsPolicyIgnore HTTPEmptyRequestsPolicy = "Ignore" +) + var ( // Available indicates the ingress controller deployment is available. IngressControllerAvailableConditionType = "Available" @@ -1161,6 +1341,9 @@ type IngressControllerStatus struct { // +kubebuilder:object:root=true // IngressControllerList contains a list of IngressControllers. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type IngressControllerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go index cd657c554..b4e45c960 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go @@ -9,6 +9,10 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeAPIServer provides information to configure an operator to manage kube-apiserver. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:compatibility-gen:level=1 type KubeAPIServer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -34,6 +38,9 @@ type KubeAPIServerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeAPIServerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type KubeAPIServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go index c20ae30cc..e07d26f17 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeControllerManager provides information to configure an operator to manage kube-controller-manager. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type KubeControllerManager struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -25,6 +28,14 @@ type KubeControllerManager struct { type KubeControllerManagerSpec struct { StaticPodOperatorSpec `json:",inline"` + + // useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only + // enough certificates to validate service serving certificates. + // Once set to true, it cannot be set to false. + // Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will + // only have the more secure content. + // +kubebuilder:default=false + UseMoreSecureServiceCA bool `json:"useMoreSecureServiceCA"` } type KubeControllerManagerStatus struct { @@ -34,6 +45,9 @@ type KubeControllerManagerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeControllerManagerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type KubeControllerManagerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go b/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go index 5949ac021..b187efc83 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type KubeStorageVersionMigrator struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -31,6 +34,9 @@ type KubeStorageVersionMigratorStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeStorageVersionMigratorList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type KubeStorageVersionMigratorList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 33b23bc8a..b04c6b6d3 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -10,7 +10,10 @@ import ( // Network describes the cluster's desired network configuration. It is // consumed by the cluster-network-operator. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +k8s:openapi-gen=true +// +openshift:compatibility-gen:level=1 type Network struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -28,6 +31,9 @@ type NetworkStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // NetworkList contains a list of Network configurations +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type NetworkList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` @@ -95,7 +101,6 @@ type NetworkSpec struct { // by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. // If unset, flows will not be exported to any collector. // +optional - // +kubebuilder:validation:MinProperties=1 ExportNetworkFlows *ExportNetworkFlows `json:"exportNetworkFlows,omitempty"` // migration enables and configures the cluster network migration. @@ -264,8 +269,10 @@ type OpenShiftSDNConfig struct { // +optional MTU *uint32 `json:"mtu,omitempty"` - // useExternalOpenvswitch tells the operator not to install openvswitch, because - // it will be provided separately. If set, you must provide it yourself. + // useExternalOpenvswitch used to control whether the operator would deploy an OVS + // DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + // run as a system service, and this flag is ignored. + // DEPRECATED: non-functional as of 4.6 // +optional UseExternalOpenvswitch *bool `json:"useExternalOpenvswitch,omitempty"` @@ -415,7 +422,7 @@ type IPFIXConfig struct { Collectors []IPPort `json:"collectors,omitempty"` } -// +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):[0-9]+$` +// +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$` type IPPort string type PolicyAuditConfig struct { diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go index 8ab50ed32..5511db364 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OpenShiftAPIServer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -41,6 +44,9 @@ type OpenShiftAPIServerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OpenShiftAPIServerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OpenShiftAPIServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go index 0f23b01be..442e40314 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OpenShiftControllerManager struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -31,6 +34,9 @@ type OpenShiftControllerManagerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OpenShiftControllerManagerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type OpenShiftControllerManagerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_scheduler.go b/vendor/github.com/openshift/api/operator/v1/types_scheduler.go index f8a542082..654f0d612 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_scheduler.go +++ b/vendor/github.com/openshift/api/operator/v1/types_scheduler.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeScheduler provides information to configure an operator to manage scheduler. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type KubeScheduler struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -34,6 +37,9 @@ type KubeSchedulerStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeSchedulerList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type KubeSchedulerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_serviceca.go b/vendor/github.com/openshift/api/operator/v1/types_serviceca.go index b8d5e2646..a7404c4f2 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_serviceca.go +++ b/vendor/github.com/openshift/api/operator/v1/types_serviceca.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCA provides information to configure an operator to manage the service cert controllers +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ServiceCA struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -33,6 +36,9 @@ type ServiceCAStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCAList is a collection of items +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ServiceCAList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go index 4dc98f4a4..2d96e0240 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogapiserver.go @@ -10,6 +10,9 @@ import ( // ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server // DEPRECATED: will be removed in 4.6 +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ServiceCatalogAPIServer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -33,6 +36,9 @@ type ServiceCatalogAPIServerStatus struct { // ServiceCatalogAPIServerList is a collection of items // DEPRECATED: will be removed in 4.6 +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ServiceCatalogAPIServerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go index f4cc3f695..1317487e6 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_servicecatalogcontrollermanager.go @@ -10,6 +10,9 @@ import ( // ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager // DEPRECATED: will be removed in 4.6 +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ServiceCatalogControllerManager struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -33,6 +36,9 @@ type ServiceCatalogControllerManagerStatus struct { // ServiceCatalogControllerManagerList is a collection of items // DEPRECATED: will be removed in 4.6 +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ServiceCatalogControllerManagerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_storage.go b/vendor/github.com/openshift/api/operator/v1/types_storage.go index d5d3bd407..38ffe26d5 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_storage.go +++ b/vendor/github.com/openshift/api/operator/v1/types_storage.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Storage struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -37,6 +40,9 @@ type StorageStatus struct { // +kubebuilder:object:root=true // StorageList contains a list of Storages. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type StorageList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 9368a39d6..a7454e97c 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -92,6 +92,27 @@ func (in *AccessLogging) DeepCopy() *AccessLogging { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddPage) DeepCopyInto(out *AddPage) { + *out = *in + if in.DisabledActions != nil { + in, out := &in.DisabledActions, &out.DisabledActions + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddPage. +func (in *AddPage) DeepCopy() *AddPage { + if in == nil { + return nil + } + out := new(AddPage) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdditionalNetworkDefinition) DeepCopyInto(out *AdditionalNetworkDefinition) { *out = *in @@ -304,6 +325,28 @@ func (in *CSISnapshotControllerStatus) DeepCopy() *CSISnapshotControllerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientTLS) DeepCopyInto(out *ClientTLS) { + *out = *in + out.ClientCA = in.ClientCA + if in.AllowedSubjectPatterns != nil { + in, out := &in.AllowedSubjectPatterns, &out.AllowedSubjectPatterns + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLS. +func (in *ClientTLS) DeepCopy() *ClientTLS { + if in == nil { + return nil + } + out := new(ClientTLS) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CloudCredential) DeepCopyInto(out *CloudCredential) { *out = *in @@ -657,6 +700,7 @@ func (in *ConsoleCustomization) DeepCopyInto(out *ConsoleCustomization) { in.DeveloperCatalog.DeepCopyInto(&out.DeveloperCatalog) in.ProjectAccess.DeepCopyInto(&out.ProjectAccess) in.QuickStarts.DeepCopyInto(&out.QuickStarts) + in.AddPage.DeepCopyInto(&out.AddPage) return } @@ -1568,6 +1612,7 @@ func (in *IngressControllerSpec) DeepCopyInto(out *IngressControllerSpec) { *out = new(configv1.TLSSecurityProfile) (*in).DeepCopyInto(*out) } + in.ClientTLS.DeepCopyInto(&out.ClientTLS) if in.RouteAdmission != nil { in, out := &in.RouteAdmission, &out.RouteAdmission *out = new(RouteAdmissionPolicy) @@ -1583,7 +1628,7 @@ func (in *IngressControllerSpec) DeepCopyInto(out *IngressControllerSpec) { *out = new(IngressControllerHTTPHeaders) (*in).DeepCopyInto(*out) } - out.TuningOptions = in.TuningOptions + in.TuningOptions.DeepCopyInto(&out.TuningOptions) in.UnsupportedConfigOverrides.DeepCopyInto(&out.UnsupportedConfigOverrides) return } @@ -1634,6 +1679,36 @@ func (in *IngressControllerStatus) DeepCopy() *IngressControllerStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerTuningOptions) DeepCopyInto(out *IngressControllerTuningOptions) { *out = *in + if in.ClientTimeout != nil { + in, out := &in.ClientTimeout, &out.ClientTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.ClientFinTimeout != nil { + in, out := &in.ClientFinTimeout, &out.ClientFinTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.ServerTimeout != nil { + in, out := &in.ServerTimeout, &out.ServerTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.ServerFinTimeout != nil { + in, out := &in.ServerFinTimeout, &out.ServerFinTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.TunnelTimeout != nil { + in, out := &in.TunnelTimeout, &out.TunnelTimeout + *out = new(metav1.Duration) + **out = **in + } + if in.TLSInspectDelay != nil { + in, out := &in.TLSInspectDelay, &out.TLSInspectDelay + *out = new(metav1.Duration) + **out = **in + } return } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index f6996a6fd..bb4110389 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -26,7 +26,7 @@ func (GenerationStatus) SwaggerDoc() map[string]string { } var map_MyOperatorResource = map[string]string{ - "": "MyOperatorResource is an example operator configuration type", + "": "MyOperatorResource is an example operator configuration type\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", } func (MyOperatorResource) SwaggerDoc() map[string]string { @@ -40,8 +40,10 @@ var map_NodeStatus = map[string]string{ "targetRevision": "targetRevision is the generation of the deployment we're trying to apply", "lastFailedRevision": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", "lastFailedTime": "lastFailedTime is the time the last failed revision failed the last time.", - "lastFailedCount": "lastFailedCount is how often the last failed revision failed.", - "lastFailedRevisionErrors": "lastFailedRevisionErrors is a list of the errors during the failed deployment referenced in lastFailedRevision", + "lastFailedReason": "lastFailedReason is a machine readable failure reason string.", + "lastFailedCount": "lastFailedCount is how often the installer pod of the last failed revision failed.", + "lastFallbackCount": "lastFallbackCount is how often a fallback to a previous revision happened.", + "lastFailedRevisionErrors": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", } func (NodeStatus) SwaggerDoc() map[string]string { @@ -104,7 +106,7 @@ func (StaticPodOperatorStatus) SwaggerDoc() map[string]string { } var map_Authentication = map[string]string{ - "": "Authentication provides information to configure an operator to manage authentication.", + "": "Authentication provides information to configure an operator to manage authentication.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (Authentication) SwaggerDoc() map[string]string { @@ -112,7 +114,7 @@ func (Authentication) SwaggerDoc() map[string]string { } var map_AuthenticationList = map[string]string{ - "": "AuthenticationList is a collection of items", + "": "AuthenticationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (AuthenticationList) SwaggerDoc() map[string]string { @@ -136,13 +138,21 @@ func (OAuthAPIServerStatus) SwaggerDoc() map[string]string { } var map_CloudCredential = map[string]string{ - "": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.", + "": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (CloudCredential) SwaggerDoc() map[string]string { return map_CloudCredential } +var map_CloudCredentialList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (CloudCredentialList) SwaggerDoc() map[string]string { + return map_CloudCredentialList +} + var map_CloudCredentialSpec = map[string]string{ "": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", "credentialsMode": "CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", @@ -161,7 +171,7 @@ func (CloudCredentialStatus) SwaggerDoc() map[string]string { } var map_Config = map[string]string{ - "": "Config provides information to configure the config operator.", + "": "Config provides information to configure the config operator. It handles installation, migration or synchronization of cloud based cluster configurations like AWS or Azure.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the specification of the desired behavior of the Config Operator.", "status": "status defines the observed status of the Config Operator.", } @@ -171,7 +181,7 @@ func (Config) SwaggerDoc() map[string]string { } var map_ConfigList = map[string]string{ - "": "ConfigList is a collection of items", + "": "ConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -179,8 +189,17 @@ func (ConfigList) SwaggerDoc() map[string]string { return map_ConfigList } +var map_AddPage = map[string]string{ + "": "AddPage allows customizing actions on the Add page in developer perspective.", + "disabledActions": "disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.", +} + +func (AddPage) SwaggerDoc() map[string]string { + return map_AddPage +} + var map_Console = map[string]string{ - "": "Console provides a means to configure an operator to manage the console.", + "": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (Console) SwaggerDoc() map[string]string { @@ -188,7 +207,7 @@ func (Console) SwaggerDoc() map[string]string { } var map_ConsoleConfigRoute = map[string]string{ - "": "ConsoleConfigRoute holds information on external route access to console.", + "": "ConsoleConfigRoute holds information on external route access to console. DEPRECATED", "hostname": "hostname is the desired custom domain under which console will be available.", "secret": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", } @@ -206,12 +225,21 @@ var map_ConsoleCustomization = map[string]string{ "developerCatalog": "developerCatalog allows to configure the shown developer catalog categories.", "projectAccess": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", "quickStarts": "quickStarts allows customization of available ConsoleQuickStart resources in console.", + "addPage": "addPage allows customizing actions on the Add page in developer perspective.", } func (ConsoleCustomization) SwaggerDoc() map[string]string { return map_ConsoleCustomization } +var map_ConsoleList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ConsoleList) SwaggerDoc() map[string]string { + return map_ConsoleList +} + var map_ConsoleProviders = map[string]string{ "": "ConsoleProviders defines a list of optional additional providers of functionality to the console.", "statuspage": "statuspage contains ID for statuspage.io page that provides status info about.", @@ -225,7 +253,7 @@ var map_ConsoleSpec = map[string]string{ "": "ConsoleSpec is the specification of the desired behavior of the Console.", "customization": "customization is used to optionally provide a small set of customization options to the web console.", "providers": "providers contains configuration for using specific service providers.", - "route": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used.", + "route": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED", "plugins": "plugins defines a list of enabled console plugin names.", } @@ -298,7 +326,7 @@ func (StatuspageProvider) SwaggerDoc() map[string]string { } var map_ClusterCSIDriver = map[string]string{ - "": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.", + "": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -308,7 +336,7 @@ func (ClusterCSIDriver) SwaggerDoc() map[string]string { } var map_ClusterCSIDriverList = map[string]string{ - "": "ClusterCSIDriverList contains a list of ClusterCSIDriver", + "": "ClusterCSIDriverList contains a list of ClusterCSIDriver\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ClusterCSIDriverList) SwaggerDoc() map[string]string { @@ -332,7 +360,7 @@ func (ClusterCSIDriverStatus) SwaggerDoc() map[string]string { } var map_CSISnapshotController = map[string]string{ - "": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.", + "": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -342,7 +370,7 @@ func (CSISnapshotController) SwaggerDoc() map[string]string { } var map_CSISnapshotControllerList = map[string]string{ - "": "CSISnapshotControllerList contains a list of CSISnapshotControllers.", + "": "CSISnapshotControllerList contains a list of CSISnapshotControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (CSISnapshotControllerList) SwaggerDoc() map[string]string { @@ -366,7 +394,7 @@ func (CSISnapshotControllerStatus) SwaggerDoc() map[string]string { } var map_DNS = map[string]string{ - "": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster.\n\nThis supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md\n\nMore details: https://kubernetes.io/docs/tasks/administer-cluster/coredns", + "": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster.\n\nThis supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md\n\nMore details: https://kubernetes.io/docs/tasks/administer-cluster/coredns\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the specification of the desired behavior of the DNS.", "status": "status is the most recently observed status of the DNS.", } @@ -376,7 +404,7 @@ func (DNS) SwaggerDoc() map[string]string { } var map_DNSList = map[string]string{ - "": "DNSList contains a list of DNS", + "": "DNSList contains a list of DNS\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (DNSList) SwaggerDoc() map[string]string { @@ -386,7 +414,7 @@ func (DNSList) SwaggerDoc() map[string]string { var map_DNSNodePlacement = map[string]string{ "": "DNSNodePlacement describes the node scheduling configuration for DNS pods.", "nodeSelector": "nodeSelector is the node selector applied to DNS pods.\n\nIf empty, the default is used, which is currently the following:\n\n kubernetes.io/os: linux\n\nThis default is subject to change.\n\nIf set, the specified selector is used and replaces the default.", - "tolerations": "tolerations is a list of tolerations applied to DNS pods.\n\nThe default is an empty list. This default is subject to change.\n\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "tolerations": "tolerations is a list of tolerations applied to DNS pods.\n\nIf empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable.\n\nNote that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", } func (DNSNodePlacement) SwaggerDoc() map[string]string { @@ -394,9 +422,10 @@ func (DNSNodePlacement) SwaggerDoc() map[string]string { } var map_DNSSpec = map[string]string{ - "": "DNSSpec is the specification of the desired behavior of the DNS.", - "servers": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", - "nodePlacement": "nodePlacement provides explicit control over the scheduling of DNS pods.\n\nGenerally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint.\n\nIf unset, defaults are used. See nodePlacement for more details.", + "": "DNSSpec is the specification of the desired behavior of the DNS.", + "servers": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", + "nodePlacement": "nodePlacement provides explicit control over the scheduling of DNS pods.\n\nGenerally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint.\n\nIf unset, defaults are used. See nodePlacement for more details.", + "managementState": "managementState indicates whether the DNS operator should manage cluster DNS", } func (DNSSpec) SwaggerDoc() map[string]string { @@ -435,7 +464,7 @@ func (Server) SwaggerDoc() map[string]string { } var map_Etcd = map[string]string{ - "": "Etcd provides information to configure an operator to manage etcd.", + "": "Etcd provides information to configure an operator to manage etcd.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (Etcd) SwaggerDoc() map[string]string { @@ -443,7 +472,7 @@ func (Etcd) SwaggerDoc() map[string]string { } var map_EtcdList = map[string]string{ - "": "KubeAPISOperatorConfigList is a collection of items", + "": "KubeAPISOperatorConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -484,12 +513,24 @@ var map_AccessLogging = map[string]string{ "httpLogFormat": "httpLogFormat specifies the format of the log message for an HTTP request.\n\nIf this field is empty, log messages use the implementation's default HTTP log format. For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections.", "httpCaptureHeaders": "httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.", "httpCaptureCookies": "httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured.", + "logEmptyRequests": "logEmptyRequests specifies how connections on which no request is received should be logged. Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\"), in which case logging these requests may be undesirable. However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. Allowed values for this field are \"Log\" and \"Ignore\". The default value is \"Log\".", } func (AccessLogging) SwaggerDoc() map[string]string { return map_AccessLogging } +var map_ClientTLS = map[string]string{ + "": "ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.", + "clientCertificatePolicy": "clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values \"Required\" or \"Optional\".\n\nNote that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.", + "clientCA": "clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client's certificate. The administrator must create this configmap in the openshift-config namespace.", + "allowedSubjectPatterns": "allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.", +} + +func (ClientTLS) SwaggerDoc() map[string]string { + return map_ClientTLS +} + var map_ContainerLoggingDestinationParameters = map[string]string{ "": "ContainerLoggingDestinationParameters describes parameters for the Container logging destination type.", } @@ -530,7 +571,7 @@ func (HostNetworkStrategy) SwaggerDoc() map[string]string { } var map_IngressController = map[string]string{ - "": "IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each field for more details.", + "": "IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each field for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the specification of the desired behavior of the IngressController.", "status": "status is the most recently observed status of the IngressController.", } @@ -601,7 +642,7 @@ func (IngressControllerHTTPUniqueIdHeaderPolicy) SwaggerDoc() map[string]string } var map_IngressControllerList = map[string]string{ - "": "IngressControllerList contains a list of IngressControllers.", + "": "IngressControllerList contains a list of IngressControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (IngressControllerList) SwaggerDoc() map[string]string { @@ -627,10 +668,12 @@ var map_IngressControllerSpec = map[string]string{ "namespaceSelector": "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", "routeSelector": "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", "nodePlacement": "nodePlacement enables explicit control over the scheduling of the ingress controller.\n\nIf unset, defaults are used. See NodePlacement for more details.", - "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.\n\nNote that the minimum TLS version for ingress controllers is 1.1, and the maximum TLS version is 1.2. An implication of this restriction is that the Modern TLS profile type cannot be used because it requires TLS 1.3.", + "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.", + "clientTLS": "clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.", "routeAdmission": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", "logging": "logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.", "httpHeaders": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", + "httpEmptyRequestsPolicy": "httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are \"Respond\" and \"Ignore\". If the field is set to \"Respond\", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics. If the field is set to \"Ignore\", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics. The default value is \"Respond\".\n\nTypically, these connections come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\") and can be safely ignored. However, these requests may also be caused by network errors, and so setting this field to \"Ignore\" may impede detection and diagnosis of problems. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.", "tuningOptions": "tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details.\n\nSetting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.", "unsupportedConfigOverrides": "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", } @@ -658,7 +701,13 @@ var map_IngressControllerTuningOptions = map[string]string{ "": "IngressControllerTuningOptions specifies options for tuning the performance of ingress controller pods", "headerBufferBytes": "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", "headerBufferMaxRewriteBytes": "headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes.\n\nSetting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", - "threadCount": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", + "threadCount": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", + "clientTimeout": "clientTimeout defines how long a connection will be held open while waiting for a client response.\n\nIf unset, the default timeout is 30s", + "clientFinTimeout": "clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection.\n\nIf unset, the default timeout is 1s", + "serverTimeout": "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", + "serverFinTimeout": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", + "tunnelTimeout": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", + "tlsInspectDelay": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", } func (IngressControllerTuningOptions) SwaggerDoc() map[string]string { @@ -746,7 +795,7 @@ func (SyslogLoggingDestinationParameters) SwaggerDoc() map[string]string { } var map_KubeAPIServer = map[string]string{ - "": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.", + "": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the specification of the desired behavior of the Kubernetes API Server", "status": "status is the most recently observed status of the Kubernetes API Server", } @@ -756,7 +805,7 @@ func (KubeAPIServer) SwaggerDoc() map[string]string { } var map_KubeAPIServerList = map[string]string{ - "": "KubeAPIServerList is a collection of items", + "": "KubeAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -765,7 +814,7 @@ func (KubeAPIServerList) SwaggerDoc() map[string]string { } var map_KubeControllerManager = map[string]string{ - "": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.", + "": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the specification of the desired behavior of the Kubernetes Controller Manager", "status": "status is the most recently observed status of the Kubernetes Controller Manager", } @@ -775,7 +824,7 @@ func (KubeControllerManager) SwaggerDoc() map[string]string { } var map_KubeControllerManagerList = map[string]string{ - "": "KubeControllerManagerList is a collection of items", + "": "KubeControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -783,8 +832,16 @@ func (KubeControllerManagerList) SwaggerDoc() map[string]string { return map_KubeControllerManagerList } +var map_KubeControllerManagerSpec = map[string]string{ + "useMoreSecureServiceCA": "useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content.", +} + +func (KubeControllerManagerSpec) SwaggerDoc() map[string]string { + return map_KubeControllerManagerSpec +} + var map_KubeStorageVersionMigrator = map[string]string{ - "": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.", + "": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (KubeStorageVersionMigrator) SwaggerDoc() map[string]string { @@ -792,7 +849,7 @@ func (KubeStorageVersionMigrator) SwaggerDoc() map[string]string { } var map_KubeStorageVersionMigratorList = map[string]string{ - "": "KubeStorageVersionMigratorList is a collection of items", + "": "KubeStorageVersionMigratorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -895,7 +952,7 @@ func (NetFlowConfig) SwaggerDoc() map[string]string { } var map_Network = map[string]string{ - "": "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator.", + "": "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (Network) SwaggerDoc() map[string]string { @@ -903,7 +960,7 @@ func (Network) SwaggerDoc() map[string]string { } var map_NetworkList = map[string]string{ - "": "NetworkList contains a list of Network configurations", + "": "NetworkList contains a list of Network configurations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (NetworkList) SwaggerDoc() map[string]string { @@ -964,7 +1021,7 @@ var map_OpenShiftSDNConfig = map[string]string{ "mode": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", "vxlanPort": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", "mtu": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.", - "useExternalOpenvswitch": "useExternalOpenvswitch tells the operator not to install openvswitch, because it will be provided separately. If set, you must provide it yourself.", + "useExternalOpenvswitch": "useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored. DEPRECATED: non-functional as of 4.6", "enableUnidling": "enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.", } @@ -1057,7 +1114,7 @@ func (StaticIPAMRoutes) SwaggerDoc() map[string]string { } var map_OpenShiftAPIServer = map[string]string{ - "": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.", + "": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the specification of the desired behavior of the OpenShift API Server.", "status": "status defines the observed status of the OpenShift API Server.", } @@ -1067,7 +1124,7 @@ func (OpenShiftAPIServer) SwaggerDoc() map[string]string { } var map_OpenShiftAPIServerList = map[string]string{ - "": "OpenShiftAPIServerList is a collection of items", + "": "OpenShiftAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -1084,7 +1141,7 @@ func (OpenShiftAPIServerStatus) SwaggerDoc() map[string]string { } var map_OpenShiftControllerManager = map[string]string{ - "": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.", + "": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (OpenShiftControllerManager) SwaggerDoc() map[string]string { @@ -1092,7 +1149,7 @@ func (OpenShiftControllerManager) SwaggerDoc() map[string]string { } var map_OpenShiftControllerManagerList = map[string]string{ - "": "OpenShiftControllerManagerList is a collection of items", + "": "OpenShiftControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -1101,7 +1158,7 @@ func (OpenShiftControllerManagerList) SwaggerDoc() map[string]string { } var map_KubeScheduler = map[string]string{ - "": "KubeScheduler provides information to configure an operator to manage scheduler.", + "": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the specification of the desired behavior of the Kubernetes Scheduler", "status": "status is the most recently observed status of the Kubernetes Scheduler", } @@ -1111,7 +1168,7 @@ func (KubeScheduler) SwaggerDoc() map[string]string { } var map_KubeSchedulerList = map[string]string{ - "": "KubeSchedulerList is a collection of items", + "": "KubeSchedulerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -1120,7 +1177,7 @@ func (KubeSchedulerList) SwaggerDoc() map[string]string { } var map_ServiceCA = map[string]string{ - "": "ServiceCA provides information to configure an operator to manage the service cert controllers", + "": "ServiceCA provides information to configure an operator to manage the service cert controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1130,7 +1187,7 @@ func (ServiceCA) SwaggerDoc() map[string]string { } var map_ServiceCAList = map[string]string{ - "": "ServiceCAList is a collection of items", + "": "ServiceCAList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -1139,7 +1196,7 @@ func (ServiceCAList) SwaggerDoc() map[string]string { } var map_ServiceCatalogAPIServer = map[string]string{ - "": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6", + "": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ServiceCatalogAPIServer) SwaggerDoc() map[string]string { @@ -1147,7 +1204,7 @@ func (ServiceCatalogAPIServer) SwaggerDoc() map[string]string { } var map_ServiceCatalogAPIServerList = map[string]string{ - "": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6", + "": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -1156,7 +1213,7 @@ func (ServiceCatalogAPIServerList) SwaggerDoc() map[string]string { } var map_ServiceCatalogControllerManager = map[string]string{ - "": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6", + "": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (ServiceCatalogControllerManager) SwaggerDoc() map[string]string { @@ -1164,7 +1221,7 @@ func (ServiceCatalogControllerManager) SwaggerDoc() map[string]string { } var map_ServiceCatalogControllerManagerList = map[string]string{ - "": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6", + "": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items contains the items", } @@ -1173,7 +1230,7 @@ func (ServiceCatalogControllerManagerList) SwaggerDoc() map[string]string { } var map_Storage = map[string]string{ - "": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.", + "": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -1183,7 +1240,7 @@ func (Storage) SwaggerDoc() map[string]string { } var map_StorageList = map[string]string{ - "": "StorageList contains a list of Storages.", + "": "StorageList contains a list of Storages.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (StorageList) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml index 16c5e4f8e..9649db7d9 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml @@ -1,92 +1,59 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: imagecontentsourcepolicies.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: imagecontentsourcepolicies.operator.openshift.io spec: group: operator.openshift.io - scope: Cluster - preserveUnknownFields: false names: kind: ImageContentSourcePolicy - singular: imagecontentsourcepolicy - plural: imagecontentsourcepolicies listKind: ImageContentSourcePolicyList + plural: imagecontentsourcepolicies + singular: imagecontentsourcepolicy + scope: Cluster versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: ImageContentSourcePolicy holds cluster-wide information about how - to handle registry mirror rules. When multiple policies are defined, the outcome - of the behavior is defined on each field. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." type: object + required: + - spec properties: - repositoryDigestMirrors: - description: "repositoryDigestMirrors allows images referenced by image - digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will be - compared to the source locations described in RepositoryDigestMirrors - and the image may be pulled down from any of the mirrors in the list - instead of the specified repository allowing administrators to choose - a potentially faster mirror. Only image pull specifications that have - an image digest will have this behavior applied to them - tags will - continue to be pulled from the specified repository in the pull spec. - \n Each “source” repository is treated independently; configurations - for different “source” repositories don’t interact. \n When multiple - policies are defined for the same “source” repository, the sets of - defined mirrors will be merged together, preserving the relative order - of the mirrors, if possible. For example, if policy A has mirrors - `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be - used in the order `a, b, c, d, e`. If the orders of mirror entries - conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected - but the resulting order is unspecified." - type: array - items: - description: 'RepositoryDigestMirrors holds cluster-wide information - about how to handle mirros in the registries config. Note: the mirrors - only work when pulling the images that are referenced by their digests.' - type: object - required: - - source - properties: - mirrors: - description: mirrors is one or more repositories that may also - contain the same images. The order of mirrors in this list is - treated as the user's desired priority, while source is by default - considered lower priority than all mirrors. Other cluster configuration, - including (but not limited to) other repositoryDigestMirrors - objects, may impact the exact order mirrors are contacted in, - or some mirrors may be contacted in parallel, so this should - be considered a preference rather than a guarantee of ordering. - type: array - items: - type: string - source: - description: source is the repository that users refer to, e.g. - in image pull specifications. - type: string + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + repositoryDigestMirrors: + description: "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec. \n Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. \n When multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified." + type: array + items: + description: 'RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.' + type: object + required: + - source + properties: + mirrors: + description: mirrors is one or more repositories that may also contain the same images. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. + type: array + items: + type: string + source: + description: source is the repository that users refer to, e.g. in image pull specifications. + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types.go b/vendor/github.com/openshift/api/operator/v1alpha1/types.go index 8f2e5be24..69eb004c1 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types.go @@ -124,6 +124,9 @@ type OperatorStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GenericOperatorConfig provides information to configure an operator +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:internal type GenericOperatorConfig struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go index 29345e7d9..75b5dd7fc 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. // When multiple policies are defined, the outcome of the behavior is defined on each field. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 type ImageContentSourcePolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -43,6 +46,9 @@ type ImageContentSourcePolicySpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ImageContentSourcePolicyList lists the items in the ImageContentSourcePolicy CRD. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 type ImageContentSourcePolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go index 7af715955..7897be3e5 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go @@ -43,7 +43,7 @@ func (GenerationHistory) SwaggerDoc() map[string]string { } var map_GenericOperatorConfig = map[string]string{ - "": "GenericOperatorConfig provides information to configure an operator", + "": "GenericOperatorConfig provides information to configure an operator\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "servingInfo": "ServingInfo is the HTTP serving information for the controller's endpoints", "leaderElection": "leaderElection provides information to elect a leader. Only override this if you have a specific need", "authentication": "authentication allows configuration of authentication for the endpoints", @@ -136,7 +136,7 @@ func (VersionAvailability) SwaggerDoc() map[string]string { } var map_ImageContentSourcePolicy = map[string]string{ - "": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.", + "": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "spec": "spec holds user settable values for configuration", } @@ -145,7 +145,7 @@ func (ImageContentSourcePolicy) SwaggerDoc() map[string]string { } var map_ImageContentSourcePolicyList = map[string]string{ - "": "ImageContentSourcePolicyList lists the items in the ImageContentSourcePolicy CRD.", + "": "ImageContentSourcePolicyList lists the items in the ImageContentSourcePolicy CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", } func (ImageContentSourcePolicyList) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml index 1009c9162..891190219 100644 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml +++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/639 include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" name: podnetworkconnectivitychecks.controlplane.operator.openshift.io @@ -14,246 +15,213 @@ spec: singular: podnetworkconnectivitycheck scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - description: PodNetworkConnectivityCheck - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the source and target of the connectivity check - type: object - required: - - sourcePod - - targetEndpoint - properties: - sourcePod: - description: SourcePod names the pod from which the condition will - be checked - type: string - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - targetEndpoint: - description: EndpointAddress to check. A TCP address of the form host:port. - Note that if host is a DNS name, then the check would fail if the - DNS name cannot be resolved. Specify an IP address for host to bypass - DNS name lookup. - type: string - pattern: ^\S+:\d*$ - tlsClientCert: - description: TLSClientCert, if specified, references a kubernetes.io/tls - type secret with 'tls.crt' and 'tls.key' entries containing an optional - TLS client certificate and key to be used when checking endpoints - that require a client certificate in order to gracefully preform - the scan without causing excessive logging in the endpoint process. - The secret must exist in the same namespace as this resource. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - status: - description: Status contains the observed status of the connectivity check - type: object - properties: - conditions: - description: Conditions summarize the status of the check - type: array - items: - description: PodNetworkConnectivityCheckCondition represents the - overall status of the pod network connectivity. + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "PodNetworkConnectivityCheck \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the source and target of the connectivity check + type: object + required: + - sourcePod + - targetEndpoint + properties: + sourcePod: + description: SourcePod names the pod from which the condition will be checked + type: string + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + targetEndpoint: + description: EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup. + type: string + pattern: ^\S+:\d*$ + tlsClientCert: + description: TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource. type: object required: - - lastTransitionTime - - status - - type + - name properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - format: date-time - nullable: true - message: - description: Message indicating details about last transition - in a human readable format. - type: string - reason: - description: Reason for the condition's last status transition - in a machine readable format. - type: string - status: - description: Status of the condition - type: string - type: - description: Type of the condition - type: string - failures: - description: Failures contains logs of unsuccessful check actions - type: array - items: - description: LogEntry records events - type: object - required: - - success - - time - properties: - latency: - description: Latency records how long the action mentioned in - the entry took. - type: string - nullable: true - message: - description: Message explaining status in a human readable format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates a - success or failure. - type: boolean - time: - description: Start time of check action. - type: string - format: date-time - nullable: true - outages: - description: Outages contains logs of time periods of outages - type: array - items: - description: OutageEntry records time period of an outage - type: object - required: - - start - properties: - end: - description: End of outage detected - type: string - format: date-time - nullable: true - endLogs: - description: EndLogs contains log entries related to the end - of this outage. Should contain the success entry that resolved - the outage and possibly a few of the failure log entries that - preceded it. - type: array - items: - description: LogEntry records events - type: object - required: - - success - - time - properties: - latency: - description: Latency records how long the action mentioned - in the entry took. - type: string - nullable: true - message: - description: Message explaining status in a human readable - format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates - a success or failure. - type: boolean - time: - description: Start time of check action. - type: string - format: date-time - nullable: true - message: - description: Message summarizes outage details in a human readable - format. - type: string - start: - description: Start of outage detected - type: string - format: date-time - nullable: true - startLogs: - description: StartLogs contains log entries related to the start - of this outage. Should contain the original failure, any entries - where the failure mode changed. - type: array - items: - description: LogEntry records events - type: object - required: - - success - - time - properties: - latency: - description: Latency records how long the action mentioned - in the entry took. - type: string - nullable: true - message: - description: Message explaining status in a human readable - format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates - a success or failure. - type: boolean - time: - description: Start time of check action. - type: string - format: date-time - nullable: true - successes: - description: Successes contains logs successful check actions - type: array - items: - description: LogEntry records events - type: object - required: - - success - - time - properties: - latency: - description: Latency records how long the action mentioned in - the entry took. - type: string - nullable: true - message: - description: Message explaining status in a human readable format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates a - success or failure. - type: boolean - time: - description: Start time of check action. - type: string - format: date-time - nullable: true + name: + description: name is the metadata.name of the referenced secret + type: string + status: + description: Status contains the observed status of the connectivity check + type: object + properties: + conditions: + description: Conditions summarize the status of the check + type: array + items: + description: PodNetworkConnectivityCheckCondition represents the overall status of the pod network connectivity. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + format: date-time + nullable: true + message: + description: Message indicating details about last transition in a human readable format. + type: string + reason: + description: Reason for the condition's last status transition in a machine readable format. + type: string + status: + description: Status of the condition + type: string + type: + description: Type of the condition + type: string + failures: + description: Failures contains logs of unsuccessful check actions + type: array + items: + description: LogEntry records events + type: object + required: + - success + - time + properties: + latency: + description: Latency records how long the action mentioned in the entry took. + type: string + nullable: true + message: + description: Message explaining status in a human readable format. + type: string + reason: + description: Reason for status in a machine readable format. + type: string + success: + description: Success indicates if the log entry indicates a success or failure. + type: boolean + time: + description: Start time of check action. + type: string + format: date-time + nullable: true + outages: + description: Outages contains logs of time periods of outages + type: array + items: + description: OutageEntry records time period of an outage + type: object + required: + - start + properties: + end: + description: End of outage detected + type: string + format: date-time + nullable: true + endLogs: + description: EndLogs contains log entries related to the end of this outage. Should contain the success entry that resolved the outage and possibly a few of the failure log entries that preceded it. + type: array + items: + description: LogEntry records events + type: object + required: + - success + - time + properties: + latency: + description: Latency records how long the action mentioned in the entry took. + type: string + nullable: true + message: + description: Message explaining status in a human readable format. + type: string + reason: + description: Reason for status in a machine readable format. + type: string + success: + description: Success indicates if the log entry indicates a success or failure. + type: boolean + time: + description: Start time of check action. + type: string + format: date-time + nullable: true + message: + description: Message summarizes outage details in a human readable format. + type: string + start: + description: Start of outage detected + type: string + format: date-time + nullable: true + startLogs: + description: StartLogs contains log entries related to the start of this outage. Should contain the original failure, any entries where the failure mode changed. + type: array + items: + description: LogEntry records events + type: object + required: + - success + - time + properties: + latency: + description: Latency records how long the action mentioned in the entry took. + type: string + nullable: true + message: + description: Message explaining status in a human readable format. + type: string + reason: + description: Reason for status in a machine readable format. + type: string + success: + description: Success indicates if the log entry indicates a success or failure. + type: boolean + time: + description: Start time of check action. + type: string + format: date-time + nullable: true + successes: + description: Successes contains logs successful check actions + type: array + items: + description: LogEntry records events + type: object + required: + - success + - time + properties: + latency: + description: Latency records how long the action mentioned in the entry took. + type: string + nullable: true + message: + description: Message explaining status in a human readable format. + type: string + reason: + description: Reason for status in a machine readable format. + type: string + success: + description: Success indicates if the log entry indicates a success or failure. + type: boolean + time: + description: Start time of check action. + type: string + format: date-time + nullable: true + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go index 9af889921..73f55856a 100644 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go +++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go @@ -4,4 +4,5 @@ // +kubebuilder:validation:Optional // +groupName=controlplane.operator.openshift.io + package v1alpha1 diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go index 61af620cb..36f06d468 100644 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go +++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go @@ -10,7 +10,10 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // PodNetworkConnectivityCheck +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // +kubebuilder:subresource:status +// +openshift:compatibility-gen:level=4 type PodNetworkConnectivityCheck struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -172,6 +175,9 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // PodNetworkConnectivityCheckList is a collection of PodNetworkConnectivityCheck +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 type PodNetworkConnectivityCheckList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.swagger_doc_generated.go index 8deef38ca..f4ceb6497 100644 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.swagger_doc_generated.go @@ -38,7 +38,7 @@ func (OutageEntry) SwaggerDoc() map[string]string { } var map_PodNetworkConnectivityCheck = map[string]string{ - "": "PodNetworkConnectivityCheck", + "": "PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "spec": "Spec defines the source and target of the connectivity check", "status": "Status contains the observed status of the connectivity check", } @@ -61,7 +61,7 @@ func (PodNetworkConnectivityCheckCondition) SwaggerDoc() map[string]string { } var map_PodNetworkConnectivityCheckList = map[string]string{ - "": "PodNetworkConnectivityCheckList is a collection of PodNetworkConnectivityCheck", + "": "PodNetworkConnectivityCheckList is a collection of PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "items": "Items contains the items", } diff --git a/vendor/github.com/openshift/api/osin/v1/types.go b/vendor/github.com/openshift/api/osin/v1/types.go index fa0087d79..3da8a19f9 100644 --- a/vendor/github.com/openshift/api/osin/v1/types.go +++ b/vendor/github.com/openshift/api/osin/v1/types.go @@ -9,6 +9,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type OsinServerConfig struct { metav1.TypeMeta `json:",inline"` @@ -112,6 +115,10 @@ type IdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type BasicAuthPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -122,6 +129,10 @@ type BasicAuthPasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type AllowAllPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` } @@ -129,6 +140,10 @@ type AllowAllPasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // DenyAllPasswordIdentityProvider provides no identities for users +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type DenyAllPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` } @@ -136,6 +151,10 @@ type DenyAllPasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type HTPasswdPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -146,6 +165,10 @@ type HTPasswdPasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type LDAPPasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` // url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is @@ -187,6 +210,10 @@ type LDAPAttributeMapping struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type KeystonePasswordIdentityProvider struct { metav1.TypeMeta `json:",inline"` // RemoteConnectionInfo contains information about how to connect to the keystone server @@ -200,6 +227,10 @@ type KeystonePasswordIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type RequestHeaderIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -237,6 +268,10 @@ type RequestHeaderIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GitHubIdentityProvider provides identities for users authenticating using GitHub credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type GitHubIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -259,6 +294,10 @@ type GitHubIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GitLabIdentityProvider provides identities for users authenticating using GitLab credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type GitLabIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -284,6 +323,10 @@ type GitLabIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GoogleIdentityProvider provides identities for users authenticating using Google credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type GoogleIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -299,6 +342,10 @@ type GoogleIdentityProvider struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type OpenIDIdentityProvider struct { metav1.TypeMeta `json:",inline"` @@ -416,6 +463,10 @@ type TokenConfig struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type SessionSecrets struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/project/v1/generated.proto b/vendor/github.com/openshift/api/project/v1/generated.proto index b30c6dda8..5f981bb93 100644 --- a/vendor/github.com/openshift/api/project/v1/generated.proto +++ b/vendor/github.com/openshift/api/project/v1/generated.proto @@ -24,6 +24,9 @@ option go_package = "v1"; // An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed // as editable to end users while namespaces are not. Direct creation of a project is typically restricted // to administrators, while end users should use the requestproject resource. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Project { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -36,6 +39,9 @@ message Project { } // ProjectList is a list of Project objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ProjectList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -44,6 +50,9 @@ message ProjectList { } // ProjectRequest is the set of options necessary to fully qualify a project request +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ProjectRequest { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/project/v1/types.go b/vendor/github.com/openshift/api/project/v1/types.go index 0aef40ad3..87bedcf48 100644 --- a/vendor/github.com/openshift/api/project/v1/types.go +++ b/vendor/github.com/openshift/api/project/v1/types.go @@ -8,6 +8,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ProjectList is a list of Project objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ProjectList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -63,6 +66,9 @@ type ProjectStatus struct { // An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed // as editable to end users while namespaces are not. Direct creation of a project is typically restricted // to administrators, while end users should use the requestproject resource. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Project struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -82,6 +88,9 @@ type Project struct { // +genclient:method=Create,verb=create,result=Project // ProjectRequest is the set of options necessary to fully qualify a project request +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ProjectRequest struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go index 245c7a76f..03f74cec3 100644 --- a/vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/project/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Project = map[string]string{ - "": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.", + "": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec defines the behavior of the Namespace.", "status": "Status describes the current status of a Namespace", } @@ -22,7 +22,7 @@ func (Project) SwaggerDoc() map[string]string { } var map_ProjectList = map[string]string{ - "": "ProjectList is a list of Project objects.", + "": "ProjectList is a list of Project objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of projects", } @@ -31,7 +31,7 @@ func (ProjectList) SwaggerDoc() map[string]string { } var map_ProjectRequest = map[string]string{ - "": "ProjectRequest is the set of options necessary to fully qualify a project request", + "": "ProjectRequest is the set of options necessary to fully qualify a project request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "displayName": "DisplayName is the display name to apply to a project", "description": "Description is the description to apply to a project", } diff --git a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml index ae60b571a..bf2038c91 100644 --- a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml +++ b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml @@ -1,7 +1,8 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" @@ -13,233 +14,182 @@ spec: listKind: ClusterResourceQuotaList plural: clusterresourcequotas singular: clusterresourcequota - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This - object is easily convertible to synthetic ResourceQuota object to allow quota - evaluation re-use. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." type: object - spec: - description: Spec defines the desired quota + required: + - metadata + - spec properties: - quota: - description: Quota defines the desired quota + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired quota + type: object + required: + - quota + - selector properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: "" - x-kubernetes-int-or-string: true - description: 'hard is the set of desired hard limits for each named - resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + quota: + description: Quota defines the desired quota type: object - scopeSelector: - description: scopeSelector is also a collection of filters like - scopes that must match each object tracked by a quota but expressed - using ScopeSelectorOperator in combination with possible values. - For a resource to match, both scopes AND scopeSelector (if specified - in spec), must be matched. properties: - matchExpressions: - description: A list of scope selector requirements by scope - of the resources. - items: - description: A scoped-resource selector requirement is a selector - that contains values, a scope name, and an operator that - relates the scope name and values. - properties: - operator: - description: Represents a scope's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - type: string - scopeName: - description: The name of the scope that the selector applies - to. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - operator - - scopeName - type: object + hard: + description: 'hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scopeSelector: + description: scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. + type: object + properties: + matchExpressions: + description: A list of scope selector requirements by scope of the resources. + type: array + items: + description: A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values. + type: object + required: + - operator + - scopeName + properties: + operator: + description: Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies to. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + scopes: + description: A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. type: array + items: + description: A ResourceQuotaScope defines a filter that must match each object tracked by a quota + type: string + selector: + description: Selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects). These projects will contend on object creation through this resource. type: object - scopes: - description: A collection of filters that must match each object - tracked by a quota. If not specified, the quota matches all objects. - items: - description: A ResourceQuotaScope defines a filter that must match - each object tracked by a quota - type: string - type: array - type: object - selector: - description: Selector is the selector used to match projects. It should - only select active projects on the scale of dozens (though it can - select many more less active projects). These projects will contend - on object creation through this resource. - properties: - annotations: - additionalProperties: - type: string - description: AnnotationSelector is used to select projects by annotation. - nullable: true - type: object - labels: - description: LabelSelector is used to select projects by label. - nullable: true properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + annotations: + description: AnnotationSelector is used to select projects by annotation. + type: object additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + nullable: true + labels: + description: LabelSelector is used to select projects by label. type: object - type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + nullable: true + status: + description: Status defines the actual enforced quota and its current usage type: object - required: - - quota - - selector - type: object - status: - description: Status defines the actual enforced quota and its current usage - properties: - namespaces: - description: Namespaces slices the usage by project. This division - allows for quick resolution of deletion reconciliation inside of a - single project without requiring a recalculation across all projects. This - can be used to pull the deltas for a given project. - items: - description: ResourceQuotaStatusByNamespace gives status for a particular - project - properties: - namespace: - description: Namespace the project this status applies to - type: string - status: - description: Status indicates how many resources have been consumed - by this project + required: + - total + properties: + namespaces: + description: Namespaces slices the usage by project. This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects. This can be used to pull the deltas for a given project. + type: array + items: + description: ResourceQuotaStatusByNamespace gives status for a particular project + type: object + required: + - namespace + - status properties: - hard: - additionalProperties: - anyOf: + namespace: + description: Namespace the project this status applies to + type: string + status: + description: Status indicates how many resources have been consumed by this project + type: object + properties: + hard: + description: 'Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + used: + description: Used is the current observed total usage of the resource in the namespace. + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + nullable: true + total: + description: Total defines the actual enforced quota and its current usage across all projects + type: object + properties: + hard: + description: 'Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Hard is the set of enforced hard limits for - each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' - type: object - used: - additionalProperties: - anyOf: + x-kubernetes-int-or-string: true + used: + description: Used is the current observed total usage of the resource in the namespace. + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Used is the current observed total usage of the - resource in the namespace. - type: object - type: object - required: - - namespace - - status - type: object - nullable: true - type: array - total: - description: Total defines the actual enforced quota and its current - usage across all projects - properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Hard is the set of enforced hard limits for each named - resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' - type: object - used: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Used is the current observed total usage of the resource - in the namespace. - type: object - type: object - required: - - total - type: object - required: - - metadata - - spec - type: object - versions: - - name: v1 - served: true - storage: true + x-kubernetes-int-or-string: true + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml-merge-patch b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml-merge-patch deleted file mode 100644 index 1897fdbee..000000000 --- a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml-merge-patch +++ /dev/null @@ -1,13 +0,0 @@ -spec: - validation: - openAPIV3Schema: - properties: - spec: - properties: - quota: - properties: - hard: - additionalProperties: - type: "" - x-kubernetes-int-or-string: true - diff --git a/vendor/github.com/openshift/api/quota/v1/generated.proto b/vendor/github.com/openshift/api/quota/v1/generated.proto index 7f2734761..a05204e82 100644 --- a/vendor/github.com/openshift/api/quota/v1/generated.proto +++ b/vendor/github.com/openshift/api/quota/v1/generated.proto @@ -15,6 +15,9 @@ option go_package = "v1"; // AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection // into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to // his project and their associated usage. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message AppliedClusterResourceQuota { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -26,6 +29,9 @@ message AppliedClusterResourceQuota { } // AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message AppliedClusterResourceQuotaList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -35,6 +41,9 @@ message AppliedClusterResourceQuotaList { // ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to // synthetic ResourceQuota object to allow quota evaluation re-use. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ClusterResourceQuota { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -46,6 +55,9 @@ message ClusterResourceQuota { } // ClusterResourceQuotaList is a collection of ClusterResourceQuotas +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ClusterResourceQuotaList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/quota/v1/types.go b/vendor/github.com/openshift/api/quota/v1/types.go index 1bac842c7..bafc842cd 100644 --- a/vendor/github.com/openshift/api/quota/v1/types.go +++ b/vendor/github.com/openshift/api/quota/v1/types.go @@ -11,6 +11,9 @@ import ( // ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to // synthetic ResourceQuota object to allow quota evaluation re-use. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterResourceQuota struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` @@ -65,6 +68,9 @@ type ClusterResourceQuotaStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ClusterResourceQuotaList is a collection of ClusterResourceQuotas +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ClusterResourceQuotaList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -92,6 +98,9 @@ type ResourceQuotaStatusByNamespace struct { // AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection // into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to // his project and their associated usage. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type AppliedClusterResourceQuota struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` @@ -106,6 +115,9 @@ type AppliedClusterResourceQuota struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type AppliedClusterResourceQuotaList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/quota/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/quota/v1/zz_generated.swagger_doc_generated.go index 71c0d6d56..77e0e8f08 100644 --- a/vendor/github.com/openshift/api/quota/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/quota/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_AppliedClusterResourceQuota = map[string]string{ - "": "AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to his project and their associated usage.", + "": "AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to his project and their associated usage.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec defines the desired quota", "status": "Status defines the actual enforced quota and its current usage", } @@ -22,7 +22,7 @@ func (AppliedClusterResourceQuota) SwaggerDoc() map[string]string { } var map_AppliedClusterResourceQuotaList = map[string]string{ - "": "AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas", + "": "AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of AppliedClusterResourceQuota", } @@ -31,7 +31,7 @@ func (AppliedClusterResourceQuotaList) SwaggerDoc() map[string]string { } var map_ClusterResourceQuota = map[string]string{ - "": "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use.", + "": "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "Spec defines the desired quota", "status": "Status defines the actual enforced quota and its current usage", } @@ -41,7 +41,7 @@ func (ClusterResourceQuota) SwaggerDoc() map[string]string { } var map_ClusterResourceQuotaList = map[string]string{ - "": "ClusterResourceQuotaList is a collection of ClusterResourceQuotas", + "": "ClusterResourceQuotaList is a collection of ClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of ClusterResourceQuotas", } diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index 42031b346..35f9a6ebb 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -38,6 +38,9 @@ option go_package = "v1"; // connection re-use/coalescing. Routes that do not have their own // custom certificate will not be HTTP/2 ALPN-enabled on either the // frontend or the backend. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Route { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -91,6 +94,9 @@ message RouteIngressCondition { } // RouteList is a collection of Routes. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RouteList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index 0931bdecc..e9f22f3fe 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -34,6 +34,9 @@ import ( // connection re-use/coalescing. Routes that do not have their own // custom certificate will not be HTTP/2 ALPN-enabled on either the // frontend or the backend. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Route struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -48,6 +51,9 @@ type Route struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RouteList is a collection of Routes. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RouteList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go index 83b92816b..8256c62c9 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Route = map[string]string{ - "": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.", + "": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the desired state of the route", "status": "status is the current state of the route", } @@ -48,7 +48,7 @@ func (RouteIngressCondition) SwaggerDoc() map[string]string { } var map_RouteList = map[string]string{ - "": "RouteList is a collection of Routes.", + "": "RouteList is a collection of Routes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "items is a list of routes", } diff --git a/vendor/github.com/openshift/api/samples/v1/0000_10_samplesconfig.crd.yaml b/vendor/github.com/openshift/api/samples/v1/0000_10_samplesconfig.crd.yaml index f0bd21eda..c55f98417 100644 --- a/vendor/github.com/openshift/api/samples/v1/0000_10_samplesconfig.crd.yaml +++ b/vendor/github.com/openshift/api/samples/v1/0000_10_samplesconfig.crd.yaml @@ -1,178 +1,127 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: configs.samples.operator.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/513 description: Extension for configuring openshif samples operator. displayName: ConfigsSamples include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: configs.samples.operator.openshift.io spec: - scope: Cluster - preserveUnknownFields: false group: samples.operator.openshift.io + names: + kind: Config + listKind: ConfigList + plural: configs + singular: config + preserveUnknownFields: false + scope: Cluster versions: - - name: v1 - subresources: - status: {} - served: true - storage: true - "schema": - "openAPIV3Schema": - description: Config contains the configuration and detailed condition status - for the Samples Operator. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigSpec contains the desired configuration and state for - the Samples Operator, controlling various behavior around the imagestreams - and templates it creates/updates in the openshift namespace. - type: object - properties: - architectures: - description: architectures determine which hardware architecture(s) - to install, where x86_64, ppc64le, and s390x are the only supported - choices currently. - type: array - items: + - name: v1 + schema: + openAPIV3Schema: + description: "Config contains the configuration and detailed condition status for the Samples Operator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace. + type: object + properties: + architectures: + description: architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently. + type: array + items: + type: string + managementState: + description: managementState is top level on/off type of switch for all operators. When "Managed", this operator processes config and manipulates the samples accordingly. When "Unmanaged", this operator ignores any updates to the resources it watches. When "Removed", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator's namespace that represents the last config used to manipulate the samples, type: string - managementState: - description: managementState is top level on/off type of switch for - all operators. When "Managed", this operator processes config and - manipulates the samples accordingly. When "Unmanaged", this operator - ignores any updates to the resources it watches. When "Removed", - it reacts that same wasy as it does if the Config object is deleted, - meaning any ImageStreams or Templates it manages (i.e. it honors - the skipped lists) and the registry secret are deleted, along with - the ConfigMap in the operator's namespace that represents the last - config used to manipulate the samples, - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - samplesRegistry: - description: samplesRegistry allows for the specification of which - registry is accessed by the ImageStreams for their image content. Defaults - on the content in https://github.com/openshift/library that are - pulled into this github repository, but based on our pulling only - ocp content it typically defaults to registry.redhat.io. - type: string - skippedImagestreams: - description: skippedImagestreams specifies names of image streams - that should NOT be created/updated. Admins can use this to allow - them to delete content they don’t want. They will still have to - manually delete the content but the operator will not recreate(or - update) anything listed here. - type: array - items: + pattern: ^(Managed|Unmanaged|Force|Removed)$ + samplesRegistry: + description: samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io. type: string - skippedTemplates: - description: skippedTemplates specifies names of templates that should - NOT be created/updated. Admins can use this to allow them to delete - content they don’t want. They will still have to manually delete - the content but the operator will not recreate(or update) anything - listed here. - type: array - items: + skippedImagestreams: + description: skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here. + type: array + items: + type: string + skippedTemplates: + description: skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here. + type: array + items: + type: string + status: + description: ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator. + type: object + properties: + architectures: + description: architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices. + type: array + items: + type: string + conditions: + description: conditions represents the available maintenance status of the sample imagestreams and templates. + type: array + items: + description: ConfigCondition captures various conditions of the Config as entries are processed. + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. + type: string + format: date-time + lastUpdateTime: + description: lastUpdateTime is the last time this condition was updated. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. + type: string + reason: + description: reason is what caused the condition's last transition. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type of condition. + type: string + managementState: + description: managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. "Managed") when it was previously "Unmanaged". type: string - status: - description: ConfigStatus contains the actual configuration in effect, - as well as various details that describe the state of the Samples Operator. - type: object - properties: - architectures: - description: architectures determine which hardware architecture(s) - to install, where x86_64 and ppc64le are the supported choices. - type: array - items: + pattern: ^(Managed|Unmanaged|Force|Removed)$ + samplesRegistry: + description: samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io. type: string - conditions: - description: conditions represents the available maintenance status - of the sample imagestreams and templates. - type: array - items: - description: ConfigCondition captures various conditions of the - Config as entries are processed. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: lastUpdateTime is the last time this condition - was updated. - type: string - format: date-time - message: - description: message is a human readable message indicating - details about the transition. - type: string - reason: - description: reason is what caused the condition's last transition. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type of condition. - type: string - managementState: - description: managementState reflects the current operational status - of the on/off switch for the operator. This operator compares the - ManagementState as part of determining that we are turning the operator - back on (i.e. "Managed") when it was previously "Unmanaged". - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - samplesRegistry: - description: samplesRegistry allows for the specification of which - registry is accessed by the ImageStreams for their image content. Defaults - on the content in https://github.com/openshift/library that are - pulled into this github repository, but based on our pulling only - ocp content it typically defaults to registry.redhat.io. - type: string - skippedImagestreams: - description: skippedImagestreams specifies names of image streams - that should NOT be created/updated. Admins can use this to allow - them to delete content they don’t want. They will still have to - manually delete the content but the operator will not recreate(or - update) anything listed here. - type: array - items: + skippedImagestreams: + description: skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here. + type: array + items: + type: string + skippedTemplates: + description: skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here. + type: array + items: + type: string + version: + description: version is the value of the operator's payload based version indicator when it was last successfully processed type: string - skippedTemplates: - description: skippedTemplates specifies names of templates that should - NOT be created/updated. Admins can use this to allow them to delete - content they don’t want. They will still have to manually delete - the content but the operator will not recreate(or update) anything - listed here. - type: array - items: - type: string - version: - description: version is the value of the operator's payload based - version indicator when it was last successfully processed - type: string - names: - plural: configs - singular: config - kind: Config - listKind: ConfigList + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/samples/v1/generated.proto b/vendor/github.com/openshift/api/samples/v1/generated.proto index 4aecf67a7..e1095eeea 100644 --- a/vendor/github.com/openshift/api/samples/v1/generated.proto +++ b/vendor/github.com/openshift/api/samples/v1/generated.proto @@ -14,6 +14,9 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; option go_package = "v1"; // Config contains the configuration and detailed condition status for the Samples Operator. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Config { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -47,6 +50,8 @@ message ConfigCondition { optional string message = 6; } +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message ConfigList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/samples/v1/types_config.go b/vendor/github.com/openshift/api/samples/v1/types_config.go index 6f472a757..a0248e479 100644 --- a/vendor/github.com/openshift/api/samples/v1/types_config.go +++ b/vendor/github.com/openshift/api/samples/v1/types_config.go @@ -11,6 +11,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Config contains the configuration and detailed condition status for the Samples Operator. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Config struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` @@ -115,6 +118,8 @@ type ConfigStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type ConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/samples/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/samples/v1/zz_generated.swagger_doc_generated.go index 7fb0dd073..2e62e7641 100644 --- a/vendor/github.com/openshift/api/samples/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/samples/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Config = map[string]string{ - "": "Config contains the configuration and detailed condition status for the Samples Operator.", + "": "Config contains the configuration and detailed condition status for the Samples Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", } func (Config) SwaggerDoc() map[string]string { @@ -33,6 +33,14 @@ func (ConfigCondition) SwaggerDoc() map[string]string { return map_ConfigCondition } +var map_ConfigList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", +} + +func (ConfigList) SwaggerDoc() map[string]string { + return map_ConfigList +} + var map_ConfigSpec = map[string]string{ "": "ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.", "managementState": "managementState is top level on/off type of switch for all operators. When \"Managed\", this operator processes config and manipulates the samples accordingly. When \"Unmanaged\", this operator ignores any updates to the resources it watches. When \"Removed\", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator's namespace that represents the last config used to manipulate the samples,", diff --git a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml index 480f7b273..f08d16578 100644 --- a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml +++ b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml @@ -1,362 +1,279 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: securitycontextconstraints.security.openshift.io annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + name: securitycontextconstraints.security.openshift.io spec: group: security.openshift.io - scope: Cluster names: kind: SecurityContextConstraints listKind: SecurityContextConstraintsList plural: securitycontextconstraints singular: securitycontextconstraints + scope: Cluster versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: Priv - type: string - jsonPath: .allowPrivilegedContainer - description: Determines if a container can request to be run as privileged - - name: Caps - type: string - jsonPath: .allowedCapabilities - description: A list of capabilities that can be requested to add to the container - - name: SELinux - type: string - jsonPath: .seLinuxContext.type - description: Strategy that will dictate what labels will be set in the SecurityContext - - name: RunAsUser - type: string - jsonPath: .runAsUser.type - description: Strategy that will dictate what RunAsUser is used in the SecurityContext - - name: FSGroup - type: string - jsonPath: .fsGroup.type - description: Strategy that will dictate what fs group is used by the SecurityContext - - name: SupGroup - type: string - jsonPath: .supplementalGroups.type - description: Strategy that will dictate what supplemental groups are used by - the SecurityContext - - name: Priority - type: string - jsonPath: .priority - description: Sort order of SCCs - - name: ReadOnlyRootFS - type: string - jsonPath: .readOnlyRootFilesystem - description: Force containers to run with a read only root file system - - name: Volumes - type: string - jsonPath: .volumes - description: White list of allowed volume plugins - schema: - openAPIV3Schema: - description: SecurityContextConstraints governs the ability to make requests - that affect the SecurityContext that will be applied to a container. For - historical reasons SCC was exposed under the core Kubernetes API group. - That exposure is deprecated and will be removed in a future release - users - should instead use the security.openshift.io group to manage SecurityContextConstraints. - type: object - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - properties: - allowHostDirVolumePlugin: - description: AllowHostDirVolumePlugin determines if the policy allow containers - to use the HostDir volume plugin - type: boolean - allowHostIPC: - description: AllowHostIPC determines if the policy allows host ipc in - the containers. - type: boolean - allowHostNetwork: - description: AllowHostNetwork determines if the policy allows the use - of HostNetwork in the pod spec. - type: boolean - allowHostPID: - description: AllowHostPID determines if the policy allows host pid in - the containers. - type: boolean - allowHostPorts: - description: AllowHostPorts determines if the policy allows host ports - in the containers. - type: boolean - allowPrivilegeEscalation: - description: AllowPrivilegeEscalation determines if a pod can request - to allow privilege escalation. If unspecified, defaults to true. - type: boolean - nullable: true - allowPrivilegedContainer: - description: AllowPrivilegedContainer determines if a container can request - to be run as privileged. - type: boolean - allowedCapabilities: - description: AllowedCapabilities is a list of capabilities that can be - requested to add to the container. Capabilities in this field maybe - added at the pod author's discretion. You must not list a capability - in both AllowedCapabilities and RequiredDropCapabilities. To allow all - capabilities you may use '*'. - type: array - items: - description: Capability represent POSIX capabilities type + - additionalPrinterColumns: + - description: Determines if a container can request to be run as privileged + jsonPath: .allowPrivilegedContainer + name: Priv + type: string + - description: A list of capabilities that can be requested to add to the container + jsonPath: .allowedCapabilities + name: Caps + type: string + - description: Strategy that will dictate what labels will be set in the SecurityContext + jsonPath: .seLinuxContext.type + name: SELinux + type: string + - description: Strategy that will dictate what RunAsUser is used in the SecurityContext + jsonPath: .runAsUser.type + name: RunAsUser + type: string + - description: Strategy that will dictate what fs group is used by the SecurityContext + jsonPath: .fsGroup.type + name: FSGroup + type: string + - description: Strategy that will dictate what supplemental groups are used by the SecurityContext + jsonPath: .supplementalGroups.type + name: SupGroup + type: string + - description: Sort order of SCCs + jsonPath: .priority + name: Priority + type: string + - description: Force containers to run with a read only root file system + jsonPath: .readOnlyRootFilesystem + name: ReadOnlyRootFS + type: string + - description: White list of allowed volume plugins + jsonPath: .volumes + name: Volumes + type: string + name: v1 + schema: + openAPIV3Schema: + description: "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - allowHostDirVolumePlugin + - allowHostIPC + - allowHostNetwork + - allowHostPID + - allowHostPorts + - allowPrivilegedContainer + - allowedCapabilities + - defaultAddCapabilities + - priority + - readOnlyRootFilesystem + - requiredDropCapabilities + - volumes + properties: + allowHostDirVolumePlugin: + description: AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin + type: boolean + allowHostIPC: + description: AllowHostIPC determines if the policy allows host ipc in the containers. + type: boolean + allowHostNetwork: + description: AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. + type: boolean + allowHostPID: + description: AllowHostPID determines if the policy allows host pid in the containers. + type: boolean + allowHostPorts: + description: AllowHostPorts determines if the policy allows host ports in the containers. + type: boolean + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true. + type: boolean + nullable: true + allowPrivilegedContainer: + description: AllowPrivilegedContainer determines if a container can request to be run as privileged. + type: boolean + allowedCapabilities: + description: AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + allowedFlexVolumes: + description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field. + type: array + items: + description: AllowedFlexVolume represents a single Flexvolume that is allowed to be used. + type: object + required: + - driver + properties: + driver: + description: Driver is the name of the Flexvolume driver. + type: string + nullable: true + allowedUnsafeSysctls: + description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." + type: array + items: + type: string + nullable: true + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - nullable: true - allowedFlexVolumes: - description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty - or nil indicates that all Flexvolumes may be used. This parameter is - effective only when the usage of the Flexvolumes is allowed in the "Volumes" - field. - type: array - items: - description: AllowedFlexVolume represents a single Flexvolume that is - allowed to be used. + defaultAddCapabilities: + description: DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities. + type: array + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + defaultAllowPrivilegeEscalation: + description: DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process. + type: boolean + nullable: true + forbiddenSysctls: + description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc." + type: array + items: + type: string + nullable: true + fsGroup: + description: FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. type: object - required: - - driver properties: - driver: - description: Driver is the name of the Flexvolume driver. + ranges: + description: Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. + type: array + items: + description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' + type: object + properties: + max: + description: Max is the end of the range, inclusive. + type: integer + format: int64 + min: + description: Min is the start of the range, inclusive. + type: integer + format: int64 + type: + description: Type is the strategy that will dictate what FSGroup is used in the SecurityContext. type: string - nullable: true - allowedUnsafeSysctls: - description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe - sysctls, defaults to none. Each entry is either a plain sysctl name - or ends in \"*\" in which case it is considered as a prefix of allowed - sysctls. Single * means all unsafe sysctls are allowed. Kubelet has - to whitelist all allowed unsafe sysctls explicitly to avoid rejection. - \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. - \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." - type: array - items: - type: string - nullable: true - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - defaultAddCapabilities: - description: DefaultAddCapabilities is the default set of capabilities - that will be added to the container unless the pod spec specifically - drops the capability. You may not list a capabiility in both DefaultAddCapabilities - and RequiredDropCapabilities. - type: array - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - defaultAllowPrivilegeEscalation: - description: DefaultAllowPrivilegeEscalation controls the default setting - for whether a process can gain more privileges than its parent process. - type: boolean - nullable: true - forbiddenSysctls: - description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, - defaults to none. Each entry is either a plain sysctl name or ends in - \"*\" in which case it is considered as a prefix of forbidden sysctls. - Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" - forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", - \"foo.baz\", etc." - type: array - items: - type: string - nullable: true - fsGroup: - description: FSGroup is the strategy that will dictate what fs group is - used by the SecurityContext. - type: object - properties: - ranges: - description: Ranges are the allowed ranges of fs groups. If you would - like to force a single fs group then supply a single range with - the same start and end. - type: array - items: - description: 'IDRange provides a min/max of an allowed range of - IDs. TODO: this could be reused for UIDs.' - type: object - properties: - max: - description: Max is the end of the range, inclusive. - type: integer - format: int64 - min: - description: Min is the start of the range, inclusive. - type: integer - format: int64 - type: - description: Type is the strategy that will dictate what FSGroup is - used in the SecurityContext. + nullable: true + groups: + description: The groups that have permission to use this security context constraints + type: array + items: type: string - nullable: true - groups: - description: The groups that have permission to use this security context - constraints - type: array - items: - type: string - nullable: true - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - priority: - description: Priority influences the sort order of SCCs when evaluating - which SCCs to try first for a given pod request based on access in the - Users and Groups fields. The higher the int, the higher priority. An - unset value is considered a 0 priority. If scores for multiple SCCs - are equal they will be sorted from most restrictive to least restrictive. - If both priorities and restrictions are equal the SCCs will be sorted - by name. - type: integer - format: int32 - nullable: true - readOnlyRootFilesystem: - description: ReadOnlyRootFilesystem when set to true will force containers - to run with a read only root file system. If the container specifically - requests to run with a non-read only root file system the SCC should - deny the pod. If set to false the container may run with a read only - root file system if it wishes but it will not be forced to. - type: boolean - requiredDropCapabilities: - description: RequiredDropCapabilities are the capabilities that will be - dropped from the container. These are required to be dropped and cannot - be added. - type: array - items: - description: Capability represent POSIX capabilities type + nullable: true + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - nullable: true - runAsUser: - description: RunAsUser is the strategy that will dictate what RunAsUser - is used in the SecurityContext. - type: object - properties: - type: - description: Type is the strategy that will dictate what RunAsUser - is used in the SecurityContext. - type: string - uid: - description: UID is the user id that containers must run as. Required - for the MustRunAs strategy if not using namespace/service account - allocated uids. - type: integer - format: int64 - uidRangeMax: - description: UIDRangeMax defines the max value for a strategy that - allocates by range. - type: integer - format: int64 - uidRangeMin: - description: UIDRangeMin defines the min value for a strategy that - allocates by range. - type: integer - format: int64 - nullable: true - seLinuxContext: - description: SELinuxContext is the strategy that will dictate what labels - will be set in the SecurityContext. - type: object - properties: - seLinuxOptions: - description: seLinuxOptions required to run as; required for MustRunAs - type: object - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: - description: Type is the strategy that will dictate what SELinux context - is used in the SecurityContext. + metadata: + type: object + priority: + description: Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name. + type: integer + format: int32 + nullable: true + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to. + type: boolean + requiredDropCapabilities: + description: RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added. + type: array + items: + description: Capability represent POSIX capabilities type type: string - nullable: true - seccompProfiles: - description: "SeccompProfiles lists the allowed profiles that may be set - for the pod or container's seccomp annotations. An unset (nil) or empty - value means that no profiles may be specifid by the pod or container.\tThe - wildcard '*' may be used to allow all profiles. When used to generate - a value for a pod the first non-wildcard profile will be used as the - default." - type: array - items: - type: string - nullable: true - supplementalGroups: - description: SupplementalGroups is the strategy that will dictate what - supplemental groups are used by the SecurityContext. - type: object - properties: - ranges: - description: Ranges are the allowed ranges of supplemental groups. If - you would like to force a single supplemental group then supply - a single range with the same start and end. - type: array - items: - description: 'IDRange provides a min/max of an allowed range of - IDs. TODO: this could be reused for UIDs.' + nullable: true + runAsUser: + description: RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext. + type: object + properties: + type: + description: Type is the strategy that will dictate what RunAsUser is used in the SecurityContext. + type: string + uid: + description: UID is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids. + type: integer + format: int64 + uidRangeMax: + description: UIDRangeMax defines the max value for a strategy that allocates by range. + type: integer + format: int64 + uidRangeMin: + description: UIDRangeMin defines the min value for a strategy that allocates by range. + type: integer + format: int64 + nullable: true + seLinuxContext: + description: SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext. + type: object + properties: + seLinuxOptions: + description: seLinuxOptions required to run as; required for MustRunAs type: object properties: - max: - description: Max is the end of the range, inclusive. - type: integer - format: int64 - min: - description: Min is the start of the range, inclusive. - type: integer - format: int64 - type: - description: Type is the strategy that will dictate what supplemental - groups is used in the SecurityContext. + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: + description: Type is the strategy that will dictate what SELinux context is used in the SecurityContext. + type: string + nullable: true + seccompProfiles: + description: "SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default." + type: array + items: type: string - nullable: true - users: - description: The users who have permissions to use this security context - constraints - type: array - items: - type: string - nullable: true - volumes: - description: Volumes is a white list of allowed volume plugins. FSType - corresponds directly with the field names of a VolumeSource (azureFile, - configMap, emptyDir). To allow all volumes you may use "*". To allow - no volumes, set to ["none"]. - type: array - items: - description: FS Type gives strong typing to different file systems that - are used by volumes. - type: string - nullable: true + nullable: true + supplementalGroups: + description: SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. + type: object + properties: + ranges: + description: Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. + type: array + items: + description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' + type: object + properties: + max: + description: Max is the end of the range, inclusive. + type: integer + format: int64 + min: + description: Min is the start of the range, inclusive. + type: integer + format: int64 + type: + description: Type is the strategy that will dictate what supplemental groups is used in the SecurityContext. + type: string + nullable: true + users: + description: The users who have permissions to use this security context constraints + type: array + items: + type: string + nullable: true + volumes: + description: Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". To allow no volumes, set to ["none"]. + type: array + items: + description: FS Type gives strong typing to different file systems that are used by volumes. + type: string + nullable: true + served: true + storage: true diff --git a/vendor/github.com/openshift/api/security/v1/generated.proto b/vendor/github.com/openshift/api/security/v1/generated.proto index 53534b569..7abbf1c2b 100644 --- a/vendor/github.com/openshift/api/security/v1/generated.proto +++ b/vendor/github.com/openshift/api/security/v1/generated.proto @@ -39,6 +39,9 @@ message IDRange { } // PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message PodSecurityPolicyReview { // spec is the PodSecurityPolicy to check. optional PodSecurityPolicyReviewSpec spec = 1; @@ -69,6 +72,9 @@ message PodSecurityPolicyReviewStatus { } // PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message PodSecurityPolicySelfSubjectReview { // spec defines specification the PodSecurityPolicySelfSubjectReview. optional PodSecurityPolicySelfSubjectReviewSpec spec = 1; @@ -84,6 +90,9 @@ message PodSecurityPolicySelfSubjectReviewSpec { } // PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message PodSecurityPolicySubjectReview { // spec defines specification for the PodSecurityPolicySubjectReview. optional PodSecurityPolicySubjectReviewSpec spec = 1; @@ -124,6 +133,9 @@ message PodSecurityPolicySubjectReviewStatus { } // RangeAllocation is used so we can easily expose a RangeAllocation typed for security group +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RangeAllocation { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -136,6 +148,9 @@ message RangeAllocation { } // RangeAllocationList is a list of RangeAllocations objects +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message RangeAllocationList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -174,6 +189,8 @@ message SELinuxContextStrategyOptions { // That exposure is deprecated and will be removed in a future release - users // should instead use the security.openshift.io group to manage // SecurityContextConstraints. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=`.allowPrivilegedContainer`,description="Determines if a container can request to be run as privileged" // +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=`.allowedCapabilities`,description="A list of capabilities that can be requested to add to the container" // +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=`.seLinuxContext.type`,description="Strategy that will dictate what labels will be set in the SecurityContext" @@ -184,6 +201,7 @@ message SELinuxContextStrategyOptions { // +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=`.readOnlyRootFilesystem`,description="Force containers to run with a read only root file system" // +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=`.volumes`,description="White list of allowed volume plugins" // +kubebuilder:singular=securitycontextconstraint +// +openshift:compatibility-gen:level=1 message SecurityContextConstraints { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -324,6 +342,9 @@ message SecurityContextConstraints { } // SecurityContextConstraintsList is a list of SecurityContextConstraints objects +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message SecurityContextConstraintsList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/security/v1/types.go b/vendor/github.com/openshift/api/security/v1/types.go index 8cf82cc5d..a9bcb5664 100644 --- a/vendor/github.com/openshift/api/security/v1/types.go +++ b/vendor/github.com/openshift/api/security/v1/types.go @@ -20,6 +20,8 @@ var AllowAllCapabilities corev1.Capability = "*" // That exposure is deprecated and will be removed in a future release - users // should instead use the security.openshift.io group to manage // SecurityContextConstraints. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=`.allowPrivilegedContainer`,description="Determines if a container can request to be run as privileged" // +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=`.allowedCapabilities`,description="A list of capabilities that can be requested to add to the container" // +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=`.seLinuxContext.type`,description="Strategy that will dictate what labels will be set in the SecurityContext" @@ -30,6 +32,7 @@ var AllowAllCapabilities corev1.Capability = "*" // +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=`.readOnlyRootFilesystem`,description="Force containers to run with a read only root file system" // +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=`.volumes`,description="White list of allowed volume plugins" // +kubebuilder:singular=securitycontextconstraint +// +openshift:compatibility-gen:level=1 type SecurityContextConstraints struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -287,6 +290,9 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // SecurityContextConstraintsList is a list of SecurityContextConstraints objects +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type SecurityContextConstraintsList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -300,6 +306,9 @@ type SecurityContextConstraintsList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type PodSecurityPolicySubjectReview struct { metav1.TypeMeta `json:",inline"` @@ -346,6 +355,9 @@ type PodSecurityPolicySubjectReviewStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type PodSecurityPolicySelfSubjectReview struct { metav1.TypeMeta `json:",inline"` @@ -367,6 +379,9 @@ type PodSecurityPolicySelfSubjectReviewSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type PodSecurityPolicyReview struct { metav1.TypeMeta `json:",inline"` @@ -411,6 +426,9 @@ type ServiceAccountPodSecurityPolicyReviewStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RangeAllocation is used so we can easily expose a RangeAllocation typed for security group +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RangeAllocation struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -426,6 +444,9 @@ type RangeAllocation struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // RangeAllocationList is a list of RangeAllocations objects +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type RangeAllocationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go index 1077c0401..d32864f17 100644 --- a/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go @@ -41,7 +41,7 @@ func (IDRange) SwaggerDoc() map[string]string { } var map_PodSecurityPolicyReview = map[string]string{ - "": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.", + "": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec is the PodSecurityPolicy to check.", "status": "status represents the current information/status for the PodSecurityPolicyReview.", } @@ -70,7 +70,7 @@ func (PodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string { } var map_PodSecurityPolicySelfSubjectReview = map[string]string{ - "": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec", + "": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec defines specification the PodSecurityPolicySelfSubjectReview.", "status": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview.", } @@ -89,7 +89,7 @@ func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc() map[string]string { } var map_PodSecurityPolicySubjectReview = map[string]string{ - "": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.", + "": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec defines specification for the PodSecurityPolicySubjectReview.", "status": "status represents the current information/status for the PodSecurityPolicySubjectReview.", } @@ -121,7 +121,7 @@ func (PodSecurityPolicySubjectReviewStatus) SwaggerDoc() map[string]string { } var map_RangeAllocation = map[string]string{ - "": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group", + "": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "range": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", "data": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", } @@ -131,7 +131,7 @@ func (RangeAllocation) SwaggerDoc() map[string]string { } var map_RangeAllocationList = map[string]string{ - "": "RangeAllocationList is a list of RangeAllocations objects", + "": "RangeAllocationList is a list of RangeAllocations objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "List of RangeAllocations.", } @@ -162,7 +162,7 @@ func (SELinuxContextStrategyOptions) SwaggerDoc() map[string]string { } var map_SecurityContextConstraints = map[string]string{ - "": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.", + "": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "priority": "Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.", "allowPrivilegedContainer": "AllowPrivilegedContainer determines if a container can request to be run as privileged.", "defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", @@ -194,7 +194,7 @@ func (SecurityContextConstraints) SwaggerDoc() map[string]string { } var map_SecurityContextConstraintsList = map[string]string{ - "": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects", + "": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "List of security context constraints.", } diff --git a/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/types.go b/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/types.go index dcae13acf..021124a17 100644 --- a/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/types.go +++ b/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/types.go @@ -11,6 +11,10 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCertSignerOperatorConfig provides information to configure an operator to manage the service cert signing controllers +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type ServiceCertSignerOperatorConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` @@ -30,6 +34,10 @@ type ServiceCertSignerOperatorConfigStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ServiceCertSignerOperatorConfigList is a collection of items +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +openshift:compatibility-gen:internal type ServiceCertSignerOperatorConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.swagger_doc_generated.go index d22bd46ef..fa607f1de 100644 --- a/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1alpha1 // AUTO-GENERATED FUNCTIONS START HERE var map_ServiceCertSignerOperatorConfig = map[string]string{ - "": "ServiceCertSignerOperatorConfig provides information to configure an operator to manage the service cert signing controllers", + "": "ServiceCertSignerOperatorConfig provides information to configure an operator to manage the service cert signing controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", } func (ServiceCertSignerOperatorConfig) SwaggerDoc() map[string]string { @@ -20,7 +20,7 @@ func (ServiceCertSignerOperatorConfig) SwaggerDoc() map[string]string { } var map_ServiceCertSignerOperatorConfigList = map[string]string{ - "": "ServiceCertSignerOperatorConfigList is a collection of items", + "": "ServiceCertSignerOperatorConfigList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "items": "Items contains the items", } diff --git a/vendor/github.com/openshift/api/template/v1/generated.proto b/vendor/github.com/openshift/api/template/v1/generated.proto index 793553b92..25566a4ee 100644 --- a/vendor/github.com/openshift/api/template/v1/generated.proto +++ b/vendor/github.com/openshift/api/template/v1/generated.proto @@ -15,6 +15,9 @@ option go_package = "v1"; // BrokerTemplateInstance holds the service broker-related state associated with // a TemplateInstance. BrokerTemplateInstance is part of an experimental API. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BrokerTemplateInstance { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -23,6 +26,9 @@ message BrokerTemplateInstance { } // BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message BrokerTemplateInstanceList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -99,6 +105,9 @@ message Parameter { } // Template contains the inputs needed to produce a Config. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Template { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -130,6 +139,9 @@ message Template { // TemplateInstance requests and records the instantiation of a Template. // TemplateInstance is part of an experimental API. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message TemplateInstance { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -164,6 +176,9 @@ message TemplateInstanceCondition { } // TemplateInstanceList is a list of TemplateInstance objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message TemplateInstanceList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -223,6 +238,9 @@ message TemplateInstanceStatus { } // TemplateList is a list of Template objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message TemplateList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/template/v1/types.go b/vendor/github.com/openshift/api/template/v1/types.go index 566c0af5f..15e094da5 100644 --- a/vendor/github.com/openshift/api/template/v1/types.go +++ b/vendor/github.com/openshift/api/template/v1/types.go @@ -12,6 +12,9 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Template contains the inputs needed to produce a Config. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Template struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -45,6 +48,9 @@ type Template struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // TemplateList is a list of Template objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type TemplateList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -103,6 +109,9 @@ type Parameter struct { // TemplateInstance requests and records the instantiation of a Template. // TemplateInstance is part of an experimental API. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type TemplateInstance struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -209,6 +218,9 @@ type TemplateInstanceObject struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // TemplateInstanceList is a list of TemplateInstance objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type TemplateInstanceList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -223,6 +235,9 @@ type TemplateInstanceList struct { // BrokerTemplateInstance holds the service broker-related state associated with // a TemplateInstance. BrokerTemplateInstance is part of an experimental API. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BrokerTemplateInstance struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -249,6 +264,9 @@ type BrokerTemplateInstanceSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type BrokerTemplateInstanceList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/template/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/template/v1/zz_generated.swagger_doc_generated.go index bbf815310..335308a82 100644 --- a/vendor/github.com/openshift/api/template/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/template/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_BrokerTemplateInstance = map[string]string{ - "": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.", + "": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec describes the state of this BrokerTemplateInstance.", } @@ -21,7 +21,7 @@ func (BrokerTemplateInstance) SwaggerDoc() map[string]string { } var map_BrokerTemplateInstanceList = map[string]string{ - "": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.", + "": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "items is a list of BrokerTemplateInstances", } @@ -56,7 +56,7 @@ func (Parameter) SwaggerDoc() map[string]string { } var map_Template = map[string]string{ - "": "Template contains the inputs needed to produce a Config.", + "": "Template contains the inputs needed to produce a Config.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "message": "message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.", "objects": "objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.", "parameters": "parameters is an optional array of Parameters used during the Template to Config transformation.", @@ -68,7 +68,7 @@ func (Template) SwaggerDoc() map[string]string { } var map_TemplateInstance = map[string]string{ - "": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.", + "": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "spec": "spec describes the desired state of this TemplateInstance.", "status": "status describes the current state of this TemplateInstance.", } @@ -91,7 +91,7 @@ func (TemplateInstanceCondition) SwaggerDoc() map[string]string { } var map_TemplateInstanceList = map[string]string{ - "": "TemplateInstanceList is a list of TemplateInstance objects.", + "": "TemplateInstanceList is a list of TemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "items is a list of Templateinstances", } @@ -142,7 +142,7 @@ func (TemplateInstanceStatus) SwaggerDoc() map[string]string { } var map_TemplateList = map[string]string{ - "": "TemplateList is a list of Template objects.", + "": "TemplateList is a list of Template objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is a list of templates", } diff --git a/vendor/github.com/openshift/api/user/v1/generated.proto b/vendor/github.com/openshift/api/user/v1/generated.proto index 0442844fa..d92efadd2 100644 --- a/vendor/github.com/openshift/api/user/v1/generated.proto +++ b/vendor/github.com/openshift/api/user/v1/generated.proto @@ -13,6 +13,9 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; option go_package = "v1"; // Group represents a referenceable set of Users +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Group { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -21,6 +24,9 @@ message Group { } // GroupList is a collection of Groups +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message GroupList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -33,6 +39,9 @@ message GroupList { // is then associated with a single user object. Multiple identities can reference a single // user. Information retrieved from the authentication provider is stored in the extra field // using a schema determined by the provider. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message Identity { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -51,6 +60,9 @@ message Identity { } // IdentityList is a collection of Identities +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message IdentityList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; @@ -72,6 +84,9 @@ message OptionalNames { // via the API. The user name is unique and is chosen based on the value provided by the // identity provider - if a user already exists with the incoming name, the user name may have // a number appended to it depending on the configuration of the system. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message User { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -89,6 +104,9 @@ message User { } // UserIdentityMapping maps a user to an identity +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message UserIdentityMapping { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -100,6 +118,9 @@ message UserIdentityMapping { } // UserList is a collection of Users +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 message UserList { optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/user/v1/types.go b/vendor/github.com/openshift/api/user/v1/types.go index 1e5362bca..7f666c0f1 100644 --- a/vendor/github.com/openshift/api/user/v1/types.go +++ b/vendor/github.com/openshift/api/user/v1/types.go @@ -16,6 +16,9 @@ import ( // via the API. The user name is unique and is chosen based on the value provided by the // identity provider - if a user already exists with the incoming name, the user name may have // a number appended to it depending on the configuration of the system. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type User struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -36,6 +39,9 @@ type User struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // UserList is a collection of Users +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type UserList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -53,6 +59,9 @@ type UserList struct { // is then associated with a single user object. Multiple identities can reference a single // user. Information retrieved from the authentication provider is stored in the extra field // using a schema determined by the provider. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Identity struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -74,6 +83,9 @@ type Identity struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // IdentityList is a collection of Identities +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type IdentityList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -88,6 +100,9 @@ type IdentityList struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // UserIdentityMapping maps a user to an identity +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type UserIdentityMapping struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -112,6 +127,9 @@ func (t OptionalNames) String() string { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Group represents a referenceable set of Users +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type Group struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` @@ -123,6 +141,9 @@ type Group struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // GroupList is a collection of Groups +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type GroupList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/user/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/user/v1/zz_generated.swagger_doc_generated.go index e034251f9..e2ff149ee 100644 --- a/vendor/github.com/openshift/api/user/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/user/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Group = map[string]string{ - "": "Group represents a referenceable set of Users", + "": "Group represents a referenceable set of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "users": "Users is the list of users in this group.", } @@ -21,7 +21,7 @@ func (Group) SwaggerDoc() map[string]string { } var map_GroupList = map[string]string{ - "": "GroupList is a collection of Groups", + "": "GroupList is a collection of Groups\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of groups", } @@ -30,7 +30,7 @@ func (GroupList) SwaggerDoc() map[string]string { } var map_Identity = map[string]string{ - "": "Identity records a successful authentication of a user with an identity provider. The information about the source of authentication is stored on the identity, and the identity is then associated with a single user object. Multiple identities can reference a single user. Information retrieved from the authentication provider is stored in the extra field using a schema determined by the provider.", + "": "Identity records a successful authentication of a user with an identity provider. The information about the source of authentication is stored on the identity, and the identity is then associated with a single user object. Multiple identities can reference a single user. Information retrieved from the authentication provider is stored in the extra field using a schema determined by the provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "providerName": "ProviderName is the source of identity information", "providerUserName": "ProviderUserName uniquely represents this identity in the scope of the provider", "user": "User is a reference to the user this identity is associated with Both Name and UID must be set", @@ -42,7 +42,7 @@ func (Identity) SwaggerDoc() map[string]string { } var map_IdentityList = map[string]string{ - "": "IdentityList is a collection of Identities", + "": "IdentityList is a collection of Identities\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of identities", } @@ -51,7 +51,7 @@ func (IdentityList) SwaggerDoc() map[string]string { } var map_User = map[string]string{ - "": "Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it depending on the configuration of the system.", + "": "Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it depending on the configuration of the system.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "fullName": "FullName is the full name of user", "identities": "Identities are the identities associated with this user", "groups": "Groups specifies group names this user is a member of. This field is deprecated and will be removed in a future release. Instead, create a Group object containing the name of this User.", @@ -62,7 +62,7 @@ func (User) SwaggerDoc() map[string]string { } var map_UserIdentityMapping = map[string]string{ - "": "UserIdentityMapping maps a user to an identity", + "": "UserIdentityMapping maps a user to an identity\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "identity": "Identity is a reference to an identity", "user": "User is a reference to a user", } @@ -72,7 +72,7 @@ func (UserIdentityMapping) SwaggerDoc() map[string]string { } var map_UserList = map[string]string{ - "": "UserList is a collection of Users", + "": "UserList is a collection of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "items": "Items is the list of users", } diff --git a/vendor/github.com/openshift/build-machinery-go/OWNERS b/vendor/github.com/openshift/build-machinery-go/OWNERS index 0446e677e..e016cc303 100644 --- a/vendor/github.com/openshift/build-machinery-go/OWNERS +++ b/vendor/github.com/openshift/build-machinery-go/OWNERS @@ -2,6 +2,7 @@ reviewers: - sttts - mfojtik - soltysh + - 2uasimojo approvers: - sttts - mfojtik diff --git a/vendor/github.com/openshift/build-machinery-go/make/default.example.mk.help.log b/vendor/github.com/openshift/build-machinery-go/make/default.example.mk.help.log index 39b697937..befafb1e2 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/default.example.mk.help.log +++ b/vendor/github.com/openshift/build-machinery-go/make/default.example.mk.help.log @@ -3,6 +3,7 @@ all build clean clean-binaries +ensure-imagebuilder help image-ocp-cli images diff --git a/vendor/github.com/openshift/build-machinery-go/make/default.mk b/vendor/github.com/openshift/build-machinery-go/make/default.mk index 30806edb1..08cd6a1ec 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/default.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/default.mk @@ -1,4 +1,10 @@ -self_dir := $(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + targets/openshift/deps.mk \ + targets/openshift/images.mk \ + targets/openshift/bindata.mk \ + targets/openshift/codegen.mk \ + golang.mk \ +) # We extend the default verify/update for Golang @@ -9,15 +15,3 @@ verify: verify-bindata update: update-codegen update: update-bindata .PHONY: update - - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - targets/openshift/deps.mk \ - targets/openshift/images.mk \ - targets/openshift/bindata.mk \ - targets/openshift/codegen.mk \ - golang.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/golang.mk b/vendor/github.com/openshift/build-machinery-go/make/golang.mk index 2c16ccafc..e0bb616d3 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/golang.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/golang.mk @@ -1,8 +1,10 @@ all: build .PHONY: all -self_dir := $(dir $(lastword $(MAKEFILE_LIST))) - +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + targets/help.mk \ + targets/golang/*.mk \ +) verify: verify-gofmt verify: verify-govet @@ -18,12 +20,3 @@ test: test-unit clean: clean-binaries .PHONY: clean - - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - targets/help.mk \ - targets/golang/*.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/operator.example.mk.help.log b/vendor/github.com/openshift/build-machinery-go/make/operator.example.mk.help.log index 834cfbb90..4c99d2901 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/operator.example.mk.help.log +++ b/vendor/github.com/openshift/build-machinery-go/make/operator.example.mk.help.log @@ -5,6 +5,7 @@ clean clean-binaries clean-yaml-patch clean-yq +ensure-imagebuilder ensure-yaml-patch ensure-yq help diff --git a/vendor/github.com/openshift/build-machinery-go/make/operator.mk b/vendor/github.com/openshift/build-machinery-go/make/operator.mk index d763df461..549c1f432 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/operator.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/operator.mk @@ -1,11 +1,4 @@ -self_dir := $(dir $(lastword $(MAKEFILE_LIST))) - - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ default.mk \ targets/openshift/operator/*.mk \ ) - diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/golang/build.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/golang/build.mk index ecd150941..e13028b76 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/golang/build.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/golang/build.mk @@ -1,4 +1,6 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ +) define build-package $(if $(GO_BUILD_BINDIR),mkdir -p '$(GO_BUILD_BINDIR)',) @@ -20,10 +22,3 @@ clean-binaries: clean: clean-binaries .PHONY: clean - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/golang/test-unit.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/golang/test-unit.mk index 344487e7e..5afb24af6 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/golang/test-unit.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/golang/test-unit.mk @@ -1,4 +1,6 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ +) test-unit: ifndef JUNITFILE @@ -10,10 +12,3 @@ endif set -o pipefail; $(GO) test $(GO_MOD_FLAGS) $(GO_TEST_FLAGS) -json $(GO_TEST_PACKAGES) | gotest2junit > $(JUNITFILE) endif .PHONY: test-unit - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/golang/verify-update.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/golang/verify-update.mk index abb541f9f..3b71e29dd 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/golang/verify-update.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/golang/verify-update.mk @@ -1,4 +1,6 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ +) go_files_count :=$(words $(GO_FILES)) @@ -26,11 +28,4 @@ verify-govet: verify-golint: $(GOLINT) $(GO_PACKAGES) -.PHONY: verify-govet - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ -) +.PHONY: verify-golint diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/golang/version.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/golang/version.mk index 7532dfcf9..f84ceb92e 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/golang/version.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/golang/version.mk @@ -1,8 +1,11 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ + ../../lib/tmp.mk \ +) .empty-golang-versions-files: @rm -f "$(PERMANENT_TMP)/golang-versions" "$(PERMANENT_TMP)/named-golang-versions" -.PHONE: .empty-golang-versions-files +.PHONY: .empty-golang-versions-files verify-golang-versions: @if [ -f "$(PERMANENT_TMP)/golang-versions" ]; then \ @@ -53,13 +56,3 @@ $(if $(1),$(call verify-Dockerfile-builder-golang-version,$(1))) \ $(if $(wildcard ./.ci-operator.yaml),$(if $(shell grep 'build_root_image:' .ci-operator.yaml 2>/dev/null),$(call verify-buildroot-golang-version))) \ $(if $(wildcard ./go.mod),$(call verify-go-mod-golang-version)) endef - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ -) -include $(addprefix $(self_dir), \ - ../../lib/tmp.mk \ -) \ No newline at end of file diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk index c8dc0ac46..d80c62c39 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk @@ -1,7 +1,26 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ + ../../lib/tmp.mk \ +) -CONTROLLER_GEN_VERSION ?=v0.2.5 -CONTROLLER_GEN ?=$(PERMANENT_TMP_GOPATH)/bin/controller-gen +# NOTE: The release binary specified here needs to be built properly so that +# `--version` works correctly. Just using `go build` will result in it +# reporting `(devel)`. To build for a given platform: +# GOOS=xxx GOARCH=yyy go install sigs.k8s.io/controller-tools/cmd/controller-gen@$version +# e.g. +# GOOS=darwin GOARCH=amd64 go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.0 +# +# If GOOS and GOARCH match your current go env, this will install the binary at +# $(go env GOPATH)/bin/controller-gen +# Otherwise (when cross-compiling) it will install the binary at +# $(go env GOPATH)/bin/${GOOS}_${GOARCH}/conroller-gen +# e.g. +# /home/efried/.gvm/pkgsets/go1.16/global/bin/darwin_amd64/controller-gen +CONTROLLER_GEN_VERSION ?=v0.6.0 +CONTROLLER_GEN ?=$(PERMANENT_TMP_GOPATH)/bin/controller-gen-$(CONTROLLER_GEN_VERSION) +ifneq "" "$(wildcard $(CONTROLLER_GEN))" +_controller_gen_installed_version = $(shell $(CONTROLLER_GEN) --version | awk '{print $$2}') +endif controller_gen_dir :=$(dir $(CONTROLLER_GEN)) ensure-controller-gen: @@ -12,20 +31,14 @@ ifeq "" "$(wildcard $(CONTROLLER_GEN))" chmod +x '$(CONTROLLER_GEN)'; else $(info Using existing controller-gen from "$(CONTROLLER_GEN)") + @[[ "$(_controller_gen_installed_version)" == $(CONTROLLER_GEN_VERSION) ]] || \ + echo "Warning: Installed controller-gen version $(_controller_gen_installed_version) does not match expected version $(CONTROLLER_GEN_VERSION)." endif .PHONY: ensure-controller-gen clean-controller-gen: - $(RM) '$(CONTROLLER_GEN)' + $(RM) $(controller_gen_dir)controller-gen* if [ -d '$(controller_gen_dir)' ]; then rmdir --ignore-fail-on-non-empty -p '$(controller_gen_dir)'; fi .PHONY: clean-controller-gen clean: clean-controller-gen - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ - ../../lib/tmp.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk index 25f92fe9a..11187f539 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk @@ -1,4 +1,10 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ + ../../lib/tmp.mk \ + ../../targets/openshift/controller-gen.mk \ + ../../targets/openshift/yq.mk \ + ../../targets/openshift/yaml-patch.mk \ +) # $1 - crd file # $2 - patch file @@ -76,15 +82,3 @@ verify: verify-generated define add-crd-gen $(eval $(call add-crd-gen-internal,$(1),$(2),$(3),$(4))) endef - - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ - ../../lib/tmp.mk \ - ../../targets/openshift/controller-gen.mk \ - ../../targets/openshift/yq.mk \ - ../../targets/openshift/yaml-patch.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps-glide.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps-glide.mk index fafa8f9da..c178d84c8 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps-glide.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps-glide.mk @@ -1,5 +1,4 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) -scripts_dir :=$(self_dir)/../../../scripts +scripts_dir :=$(dir $(lastword $(MAKEFILE_LIST)))/../../../scripts # We need to force localle so different envs sort files the same way for recursive traversals deps_diff :=LC_COLLATE=C diff --no-dereference -N diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps-gomod.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps-gomod.mk index 6b08b6cd9..9731e4d77 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps-gomod.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps-gomod.mk @@ -1,4 +1,6 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ +) # We need to force localle so different envs sort files the same way for recursive traversals deps_diff :=LC_COLLATE=C diff --no-dereference -N @@ -24,6 +26,7 @@ verify-deps: echo "If this is an intentional change (a carry patch) please update the 'deps.diff' using 'make update-deps-overrides'." && \ false \ ) + rm -rf $(tmp_dir) .PHONY: verify-deps update-deps-overrides: tmp_dir:=$(shell mktemp -d) @@ -31,11 +34,3 @@ update-deps-overrides: $(call restore-deps,$(tmp_dir)) cp "$(tmp_dir)"/{updated,current}/deps.diff .PHONY: update-deps-overrides - - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps.mk index 956698c2a..adb575b84 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/deps.mk @@ -1,8 +1,10 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +# Use a unique variable name to avoid conflicting with generic +# `self_dir` elsewhere. +_self_dir_openshift_deps :=$(dir $(lastword $(MAKEFILE_LIST))) -deps_gomod_mkfile := $(self_dir)/deps-gomod.mk -deps_glide_mkfile := $(self_dir)/deps-glide.mk -include $(addprefix $(self_dir), \ +deps_gomod_mkfile := $(_self_dir_openshift_deps)/deps-gomod.mk +deps_glide_mkfile := $(_self_dir_openshift_deps)/deps-glide.mk +include $(addprefix $(_self_dir_openshift_deps), \ ../../lib/golang.mk \ ) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/imagebuilder.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/imagebuilder.mk new file mode 100644 index 000000000..216315104 --- /dev/null +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/imagebuilder.mk @@ -0,0 +1,25 @@ +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ + ../../lib/tmp.mk \ +) + +IMAGEBUILDER_VERSION ?=1.2.1 + +IMAGEBUILDER ?= $(shell which imagebuilder 2>/dev/null) +ifneq "" "$(IMAGEBUILDER)" +_imagebuilder_installed_version = $(shell $(IMAGEBUILDER) --version) +endif + +# NOTE: We would like to +# go get github.com/openshift/imagebuilder/cmd/imagebuilder@v$(IMAGEBUILDER_VERSION) +# ...but `go get` is too unreliable. So instead we use this to make the +# "you don't have imagebuilder" error useful. +ensure-imagebuilder: +ifeq "" "$(IMAGEBUILDER)" + $(error imagebuilder not found! Get it with: `go get github.com/openshift/imagebuilder/cmd/imagebuilder@v$(IMAGEBUILDER_VERSION)`) +else + $(info Using existing imagebuilder from $(IMAGEBUILDER)) + @[[ "$(_imagebuilder_installed_version)" == $(IMAGEBUILDER_VERSION) ]] || \ + echo "Warning: Installed imagebuilder version $(_imagebuilder_installed_version) does not match expected version $(IMAGEBUILDER_VERSION)." +endif +.PHONY: ensure-imagebuilder diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/images.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/images.mk index 00e76ac26..47cc22794 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/images.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/images.mk @@ -9,7 +9,7 @@ IMAGE_BUILD_EXTRA_FLAGS ?= # $3 - Dockerfile path # $4 - context define build-image-internal -image-$(1): +image-$(1): ensure-imagebuilder $(strip \ imagebuilder \ $(IMAGE_BUILD_DEFAULT_FLAGS) \ diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/kustomize.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/kustomize.mk new file mode 100644 index 000000000..7ff64334c --- /dev/null +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/kustomize.mk @@ -0,0 +1,27 @@ +# We need to include this before we use PERMANENT_TMP_GOPATH +# (indirectly) from ifeq. +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/tmp.mk \ +) + +KUSTOMIZE_VERSION ?= 4.1.3 +KUSTOMIZE ?= $(PERMANENT_TMP_GOPATH)/bin/kustomize-$(KUSTOMIZE_VERSION) +kustomize_dir := $(dir $(KUSTOMIZE)) + +ensure-kustomize: +ifeq "" "$(wildcard $(KUSTOMIZE))" + $(info Installing kustomize into '$(KUSTOMIZE)') + mkdir -p '$(kustomize_dir)' + @# NOTE: Pinning script to a tag rather than `master` for security reasons + curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/kustomize/v$(KUSTOMIZE_VERSION)/hack/install_kustomize.sh" | bash -s $(KUSTOMIZE_VERSION) $(kustomize_dir) +else + $(info Using existing kustomize from "$(KUSTOMIZE)") +endif +.PHONY: ensure-kustomize + +clean-kustomize: + $(RM) $(kustomize_dir)kustomize* + if [ -d '$(kustomize_dir)' ]; then rmdir --ignore-fail-on-non-empty -p '$(kustomize_dir)'; fi +.PHONY: clean-kustomize + +clean: clean-kustomize diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/operator/profile-manifests.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/operator/profile-manifests.mk index a338831a9..96e05946d 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/operator/profile-manifests.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/operator/profile-manifests.mk @@ -1,12 +1,16 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../../lib/tmp.mk \ + ../yq.mk \ + ../yaml-patch.mk \ +) # Merge yaml patch using mikefarah/yq # $1 - patch file # $2 - manifest file # $3 - output file define patch-manifest-yq - $(YQ) m -x '$(2)' '$(1)' > '$(3)' - sed -i '$(3)' -e '1s/^/# *** AUTOMATICALLY GENERATED FILE - DO NOT EDIT ***\n/' + ( echo '# *** AUTOMATICALLY GENERATED FILE - DO NOT EDIT ***'; \ + $(YQ) m -x '$(2)' '$(1)' ) > '$(3)' endef @@ -15,8 +19,8 @@ endef # $2 - manifest file # $3 - output file define patch-manifest-yaml-patch - $(YAML_PATCH) -o '$(1)' < '$(2)' > '$(3)' - sed -i '$(3)' -e '1s/^/# *** AUTOMATICALLY GENERATED FILE - DO NOT EDIT ***\n/' + ( echo '# *** AUTOMATICALLY GENERATED FILE - DO NOT EDIT ***'; \ + $(YAML_PATCH) -o '$(1)' < '$(2)' ) > '$(3)' endef @@ -74,13 +78,3 @@ endef define add-profile-manifests $(eval $(call add-profile-manifests-internal,$(1),$(2),$(3))) endef - - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../../lib/tmp.mk \ - ../yq.mk \ - ../yaml-patch.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/operator/telepresence.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/operator/telepresence.mk index 966778b16..ef0b379ee 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/operator/telepresence.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/operator/telepresence.mk @@ -1,5 +1,4 @@ -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) -scripts_dir :=$(shell realpath $(self_dir)../../../../scripts) +scripts_dir :=$(shell realpath $(dir $(lastword $(MAKEFILE_LIST)))../../../../scripts) telepresence: $(info Running operator locally against a remote cluster using telepresence (https://telepresence.io)) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/rpm.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/rpm.mk index 3f20bb1ca..c444df8fb 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/rpm.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/rpm.mk @@ -1,3 +1,7 @@ +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ +) + RPM_OUTPUT_DIR ?=_output RPM_TOPDIR ?=$(abspath ./) RPM_BUILDDIR ?=$(RPM_TOPDIR) @@ -32,10 +36,3 @@ clean-rpms: .PHONY: clean-rpms clean: clean-rpms - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ -) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk index df23bec9f..1e62348a1 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk @@ -1,8 +1,13 @@ ifndef _YAML_PATCH_MK_ _YAML_PATCH_MK_ := defined -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) -YAML_PATCH ?=$(PERMANENT_TMP_GOPATH)/bin/yaml-patch +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ + ../../lib/tmp.mk \ +) + +YAML_PATCH_VERSION ?=v0.0.10 +YAML_PATCH ?=$(PERMANENT_TMP_GOPATH)/bin/yaml-patch-$(YAML_PATCH_VERSION) yaml_patch_dir :=$(dir $(YAML_PATCH)) @@ -10,7 +15,7 @@ ensure-yaml-patch: ifeq "" "$(wildcard $(YAML_PATCH))" $(info Installing yaml-patch into '$(YAML_PATCH)') mkdir -p '$(yaml_patch_dir)' - curl -s -f -L https://github.com/krishicks/yaml-patch/releases/download/v0.0.10/yaml_patch_$(GOHOSTOS) -o '$(YAML_PATCH)' + curl -s -f -L https://github.com/krishicks/yaml-patch/releases/download/$(YAML_PATCH_VERSION)/yaml_patch_$(GOHOSTOS) -o '$(YAML_PATCH)' chmod +x '$(YAML_PATCH)'; else $(info Using existing yaml-patch from "$(YAML_PATCH)") @@ -18,18 +23,10 @@ endif .PHONY: ensure-yaml-patch clean-yaml-patch: - $(RM) '$(YAML_PATCH)' + $(RM) $(yaml_patch_dir)yaml-patch* if [ -d '$(yaml_patch_dir)' ]; then rmdir --ignore-fail-on-non-empty -p '$(yaml_patch_dir)'; fi .PHONY: clean-yaml-patch clean: clean-yaml-patch - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ - ../../lib/tmp.mk \ -) endif diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yq.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yq.mk index 6615e6351..07726d87c 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yq.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yq.mk @@ -1,8 +1,13 @@ ifndef _YQ_MK_ _YQ_MK_ := defined -self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) -YQ ?=$(PERMANENT_TMP_GOPATH)/bin/yq +include $(addprefix $(dir $(lastword $(MAKEFILE_LIST))), \ + ../../lib/golang.mk \ + ../../lib/tmp.mk \ +) + +YQ_VERSION ?=2.4.0 +YQ ?=$(PERMANENT_TMP_GOPATH)/bin/yq-$(YQ_VERSION) yq_dir :=$(dir $(YQ)) @@ -10,7 +15,7 @@ ensure-yq: ifeq "" "$(wildcard $(YQ))" $(info Installing yq into '$(YQ)') mkdir -p '$(yq_dir)' - curl -s -f -L https://github.com/mikefarah/yq/releases/download/2.4.0/yq_$(GOHOSTOS)_$(GOHOSTARCH) -o '$(YQ)' + curl -s -f -L https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(GOHOSTOS)_$(GOHOSTARCH) -o '$(YQ)' chmod +x '$(YQ)'; else $(info Using existing yq from "$(YQ)") @@ -18,18 +23,10 @@ endif .PHONY: ensure-yq clean-yq: - $(RM) '$(YQ)' + $(RM) $(yq_dir)yq* if [ -d '$(yq_dir)' ]; then rmdir --ignore-fail-on-non-empty -p '$(yq_dir)'; fi .PHONY: clean-yq clean: clean-yq - -# We need to be careful to expand all the paths before any include is done -# or self_dir could be modified for the next include by the included file. -# Also doing this at the end of the file allows us to use self_dir before it could be modified. -include $(addprefix $(self_dir), \ - ../../lib/golang.mk \ - ../../lib/tmp.mk \ -) endif diff --git a/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go b/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go index ea3575819..fa5d8d79f 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go +++ b/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go @@ -84,14 +84,28 @@ func ToConfigMapLeaderElection(clientConfig *rest.Config, config configv1.Leader func LeaderElectionDefaulting(config configv1.LeaderElection, defaultNamespace, defaultName string) configv1.LeaderElection { ret := *(&config).DeepCopy() + // We want to be able to tolerate 60s of kube-apiserver disruption without causing pod restarts. + // We want the graceful lease re-acquisition fairly quick to avoid waits on new deployments and other rollouts. + // We want a single set of guidance for nearly every lease in openshift. If you're special, we'll let you know. + // 1. clock skew tolerance is leaseDuration-renewDeadline == 30s + // 2. kube-apiserver downtime tolerance is == 78s + // lastRetry=floor(renewDeadline/retryPeriod)*retryPeriod == 104 + // downtimeTolerance = lastRetry-retryPeriod == 78s + // 3. worst non-graceful lease acquisition is leaseDuration+retryPeriod == 163s + // 4. worst graceful lease acquisition is retryPeriod == 26s if ret.LeaseDuration.Duration == 0 { - ret.LeaseDuration.Duration = 60 * time.Second + ret.LeaseDuration.Duration = 137 * time.Second } + if ret.RenewDeadline.Duration == 0 { - ret.RenewDeadline.Duration = 35 * time.Second + // this gives 107/26=4 retries and allows for 137-107=30 seconds of clock skew + // if the kube-apiserver is unavailable for 60s starting just before t=26 (the first renew), + // then we will retry on 26s intervals until t=104 (kube-apiserver came back up at 86), and there will + // be 33 seconds of extra time before the lease is lost. + ret.RenewDeadline.Duration = 107 * time.Second } if ret.RetryPeriod.Duration == 0 { - ret.RetryPeriod.Duration = 10 * time.Second + ret.RetryPeriod.Duration = 26 * time.Second } if len(ret.Namespace) == 0 { if len(defaultNamespace) > 0 { diff --git a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go index a71cb9ff2..08c829c22 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go @@ -18,6 +18,7 @@ import ( "github.com/openshift/library-go/pkg/config/serving" "github.com/openshift/library-go/pkg/controller/fileobserver" "github.com/openshift/library-go/pkg/operator/events" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/version" @@ -69,6 +70,7 @@ type ControllerBuilder struct { fileObserver fileobserver.Observer fileObserverReactorFn func(file string, action fileobserver.ActionType) error eventRecorderOptions record.CorrelatorOptions + componentOwnerReference *corev1.ObjectReference startFunc StartFunc componentName string @@ -188,6 +190,12 @@ func (b *ControllerBuilder) WithEventRecorderOptions(options record.CorrelatorOp return b } +// WithComponentOwnerReference overrides controller reference resolution for event recording +func (b *ControllerBuilder) WithComponentOwnerReference(reference *corev1.ObjectReference) *ControllerBuilder { + b.componentOwnerReference = reference + return b +} + // Run starts your controller for you. It uses leader election if you asked, otherwise it directly calls you func (b *ControllerBuilder) Run(ctx context.Context, config *unstructured.Unstructured) error { clientConfig, err := b.getClientConfig() @@ -204,9 +212,13 @@ func (b *ControllerBuilder) Run(ctx context.Context, config *unstructured.Unstru if err != nil { klog.Warningf("unable to identify the current namespace for events: %v", err) } - controllerRef, err := events.GetControllerReferenceForCurrentPod(kubeClient, namespace, nil) - if err != nil { - klog.Warningf("unable to get owner reference (falling back to namespace): %v", err) + controllerRef := b.componentOwnerReference + + if controllerRef == nil { + controllerRef, err = events.GetControllerReferenceForCurrentPod(kubeClient, namespace, nil) + if err != nil { + klog.Warningf("unable to get owner reference (falling back to namespace): %v", err) + } } eventRecorder := events.NewKubeRecorderWithOptions(kubeClient.CoreV1().Events(namespace), b.eventRecorderOptions, b.componentName, controllerRef) diff --git a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go index 9b8cdd24d..5196e350a 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go @@ -11,6 +11,7 @@ import ( "github.com/spf13/cobra" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/sets" @@ -44,6 +45,8 @@ type ControllerCommandConfig struct { // DisableLeaderElection allows leader election to be suspended DisableLeaderElection bool + + ComponentOwnerReference *corev1.ObjectReference } // NewControllerConfig returns a new ControllerCommandConfig which can be used to wire up all the boiler plate of a controller @@ -61,6 +64,12 @@ func NewControllerCommandConfig(componentName string, version version.Info, star } } +// WithComponentOwnerReference overrides controller reference resolution for event recording +func (c *ControllerCommandConfig) WithComponentOwnerReference(reference *corev1.ObjectReference) *ControllerCommandConfig { + c.ComponentOwnerReference = reference + return c +} + // NewCommand returns a new command that a caller must set the Use and Descriptions on. It wires default log, profiling, // leader election and other "normal" behaviors. // Deprecated: Use the NewCommandWithContext instead, this is here to be less disturbing for existing usages. @@ -275,7 +284,8 @@ func (c *ControllerCommandConfig) StartController(ctx context.Context) error { WithLeaderElection(config.LeaderElection, c.basicFlags.Namespace, c.componentName+"-lock"). WithVersion(c.version). WithEventRecorderOptions(events.RecommendedClusterSingletonCorrelatorOptions()). - WithRestartOnChange(exitOnChangeReactorCh, startingFileContent, observedFiles...) + WithRestartOnChange(exitOnChangeReactorCh, startingFileContent, observedFiles...). + WithComponentOwnerReference(c.ComponentOwnerReference) if !c.DisableServing { builder = builder.WithServer(config.ServingInfo, config.Authentication, config.Authorization) diff --git a/vendor/github.com/openshift/library-go/pkg/controller/factory/base_controller.go b/vendor/github.com/openshift/library-go/pkg/controller/factory/base_controller.go index 9e75c5809..e12ae1bfc 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/factory/base_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/factory/base_controller.go @@ -8,6 +8,7 @@ import ( "time" "github.com/robfig/cron" + apierrors "k8s.io/apimachinery/pkg/api/errors" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/tools/cache" @@ -15,7 +16,7 @@ import ( "k8s.io/klog/v2" operatorv1 "github.com/openshift/api/operator/v1" - + "github.com/openshift/library-go/pkg/operator/management" "github.com/openshift/library-go/pkg/operator/v1helpers" operatorv1helpers "github.com/openshift/library-go/pkg/operator/v1helpers" ) @@ -202,7 +203,12 @@ func (c *baseController) runWorker(queueCtx context.Context) { // reconcile wraps the sync() call and if operator client is set, it handle the degraded condition if sync() returns an error. func (c *baseController) reconcile(ctx context.Context, syncCtx SyncContext) error { err := c.sync(ctx, syncCtx) - return c.reportDegraded(ctx, err) + degradedErr := c.reportDegraded(ctx, err) + if apierrors.IsNotFound(degradedErr) && management.IsOperatorRemovable() { + // The operator tolerates missing CR, therefore don't report it up. + return err + } + return degradedErr } // degradedPanicHandler will go degraded on failures, then we should catch potential panics and covert them into bad status. diff --git a/vendor/github.com/openshift/library-go/pkg/controller/factory/eventfilters.go b/vendor/github.com/openshift/library-go/pkg/controller/factory/eventfilters.go new file mode 100644 index 000000000..b70da9548 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/controller/factory/eventfilters.go @@ -0,0 +1,26 @@ +package factory + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/sets" +) + +func ObjectNameToKey(obj runtime.Object) string { + metaObj, ok := obj.(metav1.ObjectMetaAccessor) + if !ok { + return "" + } + return metaObj.GetObjectMeta().GetName() +} + +func NamesFilter(names ...string) EventFilterFunc { + nameSet := sets.NewString(names...) + return func(obj interface{}) bool { + metaObj, ok := obj.(metav1.ObjectMetaAccessor) + if !ok { + return false + } + return nameSet.Has(metaObj.GetObjectMeta().GetName()) + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/condition/condition.go b/vendor/github.com/openshift/library-go/pkg/operator/condition/condition.go deleted file mode 100644 index 1a522609a..000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/condition/condition.go +++ /dev/null @@ -1,72 +0,0 @@ -package condition - -const ( - // ManagementStateDegradedConditionType is true when the operator ManagementState is not "Managed".. - // Possible reasons are Unmanaged, Removed or Unknown. Any of these cases means the operator is not actively managing the operand. - // This condition is set to false when the ManagementState is set to back to "Managed". - ManagementStateDegradedConditionType = "ManagementStateDegraded" - - // UnsupportedConfigOverridesUpgradeableConditionType is true when operator unsupported config overrides is changed. - // When NoUnsupportedConfigOverrides reason is given it means there are no unsupported config overrides. - // When UnsupportedConfigOverridesSet reason is given it means the unsupported config overrides are set, which might impact the ability - // of operator to successfully upgrade its operand. - UnsupportedConfigOverridesUpgradeableConditionType = "UnsupportedConfigOverridesUpgradeable" - - // MonitoringResourceControllerDegradedConditionType is true when the operator is unable to create or reconcile the ServiceMonitor - // CR resource, which is required by monitoring operator to collect Prometheus data from the operator. When this condition is true and the ServiceMonitor - // is already created, it won't have impact on collecting metrics. However, if the ServiceMonitor was not created, the metrics won't be available for - // collection until this condition is set to false. - // The condition is set to false automatically when the operator successfully synchronize the ServiceMonitor resource. - MonitoringResourceControllerDegradedConditionType = "MonitoringResourceControllerDegraded" - - // BackingResourceControllerDegradedConditionType is true when the operator is unable to create or reconcile the resources needed - // to successfully run the installer pods (installer CRB and SA). If these were already created, this condition is not fatal, however if the resources - // were not created it means the installer pod creation will fail. - // This condition is set to false when the operator can successfully synchronize installer SA and CRB. - BackingResourceControllerDegradedConditionType = "BackingResourceControllerDegraded" - - // StaticPodsDegradedConditionType is true when the operator observe errors when installing the new revision static pods. - // This condition report Error reason when the pods are terminated or not ready or waiting during which the operand quality of service is degraded. - // This condition is set to False when the pods change state to running and are observed ready. - StaticPodsDegradedConditionType = "StaticPodsDegraded" - - // StaticPodsAvailableConditionType is true when the static pod is available on at least one node. - StaticPodsAvailableConditionType = "StaticPodsAvailable" - - // ConfigObservationDegradedConditionType is true when the operator failed to observe or process configuration change. - // This is not transient condition and normally a correction or manual intervention is required on the config custom resource. - ConfigObservationDegradedConditionType = "ConfigObservationDegraded" - - // ResourceSyncControllerDegradedConditionType is true when the operator failed to synchronize one or more secrets or config maps required - // to run the operand. Operand ability to provide service might be affected by this condition. - // This condition is set to false when the operator is able to create secrets and config maps. - ResourceSyncControllerDegradedConditionType = "ResourceSyncControllerDegraded" - - // CertRotationDegradedConditionTypeFmt is true when the operator failed to properly rotate one or more certificates required by the operand. - // The RotationError reason is given with message describing details of this failure. This condition can be fatal when ignored as the existing certificate(s) - // validity can expire and without rotating/renewing them manual recovery might be required to fix the cluster. - CertRotationDegradedConditionTypeFmt = "CertRotation_%s_Degraded" - - // InstallerControllerDegradedConditionType is true when the operator is not able to create new installer pods so the new revisions - // cannot be rolled out. This might happen when one or more required secrets or config maps does not exists. - // In case the missing secret or config map is available, this condition is automatically set to false. - InstallerControllerDegradedConditionType = "InstallerControllerDegraded" - - // NodeInstallerDegradedConditionType is true when the operator is not able to create new installer pods because there are no schedulable nodes - // available to run the installer pods. - // The AllNodesAtLatestRevision reason is set when all master nodes are updated to the latest revision. It is false when some masters are pending revision. - // ZeroNodesActive reason is set to True when no active master nodes are observed. Is set to False when there is at least one active master node. - NodeInstallerDegradedConditionType = "NodeInstallerDegraded" - - // NodeInstallerProgressingConditionType is true when the operator is moving nodes to a new revision. - NodeInstallerProgressingConditionType = "NodeInstallerProgressing" - - // RevisionControllerDegradedConditionType is true when the operator is not able to create new desired revision because an error occurred when - // the operator attempted to created required resource(s) (secrets, configmaps, ...). - // This condition mean no new revision will be created. - RevisionControllerDegradedConditionType = "RevisionControllerDegraded" - - // NodeControllerDegradedConditionType is true when the operator observed a master node that is not ready. - // Note that a node is not ready when its Condition.NodeReady wasn't set to true - NodeControllerDegradedConditionType = "NodeControllerDegraded" -) diff --git a/vendor/github.com/openshift/library-go/pkg/operator/genericoperatorclient/dynamic_operator_client.go b/vendor/github.com/openshift/library-go/pkg/operator/genericoperatorclient/dynamic_operator_client.go index 6b7cf510b..40bcef08f 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/genericoperatorclient/dynamic_operator_client.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/genericoperatorclient/dynamic_operator_client.go @@ -8,6 +8,7 @@ import ( "time" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/klog/v2" operatorv1 "github.com/openshift/api/operator/v1" "github.com/openshift/library-go/pkg/operator/v1helpers" @@ -39,7 +40,7 @@ func newClusterScopedOperatorClient(config *rest.Config, gvr schema.GroupVersion }, informers, nil } -func NewClusterScopedOperatorClient(config *rest.Config, gvr schema.GroupVersionResource) (v1helpers.OperatorClient, dynamicinformer.DynamicSharedInformerFactory, error) { +func NewClusterScopedOperatorClient(config *rest.Config, gvr schema.GroupVersionResource) (v1helpers.OperatorClientWithFinalizers, dynamicinformer.DynamicSharedInformerFactory, error) { d, informers, err := newClusterScopedOperatorClient(config, gvr) if err != nil { return nil, nil, err @@ -49,7 +50,7 @@ func NewClusterScopedOperatorClient(config *rest.Config, gvr schema.GroupVersion } -func NewClusterScopedOperatorClientWithConfigName(config *rest.Config, gvr schema.GroupVersionResource, configName string) (v1helpers.OperatorClient, dynamicinformer.DynamicSharedInformerFactory, error) { +func NewClusterScopedOperatorClientWithConfigName(config *rest.Config, gvr schema.GroupVersionResource, configName string) (v1helpers.OperatorClientWithFinalizers, dynamicinformer.DynamicSharedInformerFactory, error) { if len(configName) < 1 { return nil, nil, fmt.Errorf("config name cannot be empty") } @@ -156,6 +157,68 @@ func (c dynamicOperatorClient) UpdateOperatorStatus(resourceVersion string, stat return retStatus, nil } +func (c dynamicOperatorClient) EnsureFinalizer(finalizer string) error { + uncastInstance, err := c.informer.Lister().Get(c.configName) + if err != nil { + return err + } + + instance := uncastInstance.(*unstructured.Unstructured) + finalizers := instance.GetFinalizers() + for _, f := range finalizers { + if f == finalizer { + return nil + } + } + + // Change is needed + klog.V(4).Infof("Adding finalizer %q", finalizer) + newFinalizers := append(finalizers, finalizer) + err = c.saveFinalizers(instance, newFinalizers) + if err != nil { + return err + } + klog.V(2).Infof("Added finalizer %q", finalizer) + return err +} + +func (c dynamicOperatorClient) RemoveFinalizer(finalizer string) error { + uncastInstance, err := c.informer.Lister().Get(c.configName) + if err != nil { + return err + } + + instance := uncastInstance.(*unstructured.Unstructured) + finalizers := instance.GetFinalizers() + found := false + newFinalizers := make([]string, 0, len(finalizers)) + for _, f := range finalizers { + if f == finalizer { + found = true + continue + } + newFinalizers = append(newFinalizers, f) + } + if !found { + return nil + } + + klog.V(4).Infof("Removing finalizer %q: %v", finalizer, newFinalizers) + err = c.saveFinalizers(instance, newFinalizers) + if err != nil { + return err + } + klog.V(2).Infof("Removed finalizer %q", finalizer) + return nil +} + +func (c dynamicOperatorClient) saveFinalizers(instance *unstructured.Unstructured, finalizers []string) error { + clone := instance.DeepCopy() + clone.SetFinalizers(finalizers) + _, err := c.client.Update(context.TODO(), clone, metav1.UpdateOptions{}) + return err +} + func getObjectMetaFromUnstructured(obj map[string]interface{}) (*metav1.ObjectMeta, error) { uncastMeta, exists, err := unstructured.NestedMap(obj, "metadata") if !exists { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/loglevel/logging_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/loglevel/logging_controller.go index db4ed1734..5e3007bbb 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/loglevel/logging_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/loglevel/logging_controller.go @@ -6,7 +6,9 @@ import ( operatorv1 "github.com/openshift/api/operator/v1" "github.com/openshift/library-go/pkg/controller/factory" "github.com/openshift/library-go/pkg/operator/events" + "github.com/openshift/library-go/pkg/operator/management" operatorv1helpers "github.com/openshift/library-go/pkg/operator/v1helpers" + "k8s.io/apimachinery/pkg/api/errors" ) type LogLevelController struct { @@ -21,6 +23,8 @@ type LogLevelController struct { // NewClusterOperatorLoggingController sets a klog level for the operator based on the operator config. // If the loglevel is not set the default "Normal" level will be used. +// This controller supports removable operands, as configured in pkg/operator/management and uses level "Normal" +// if the operator CR is missing. func NewClusterOperatorLoggingController(operatorClient operatorv1helpers.OperatorClient, recorder events.Recorder) factory.Controller { return NewClusterOperatorLoggingControllerWithLogLevel(operatorClient, operatorv1.Normal, recorder) } @@ -40,6 +44,9 @@ func NewClusterOperatorLoggingControllerWithLogLevel(operatorClient operatorv1he // must be information that is logically "owned" by another component. func (c LogLevelController) sync(ctx context.Context, syncCtx factory.SyncContext) error { detailedSpec, _, _, err := c.operatorClient.GetOperatorState() + if errors.IsNotFound(err) && management.IsOperatorRemovable() { + return nil + } if err != nil { return err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/management/management_state.go b/vendor/github.com/openshift/library-go/pkg/operator/management/management_state.go index 78acc00d5..294770f3e 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/management/management_state.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/management/management_state.go @@ -1,7 +1,7 @@ package management import ( - "github.com/openshift/api/operator/v1" + v1 "github.com/openshift/api/operator/v1" ) var ( @@ -9,16 +9,6 @@ var ( allowOperatorRemovedState = true ) -// These are for unit testing -var ( - getAllowedOperatorUnmanaged = func() bool { - return allowOperatorUnmanagedState - } - getAllowedOperatorRemovedState = func() bool { - return allowOperatorRemovedState - } -) - // SetOperatorAlwaysManaged is one time choice when an operator want to opt-out from supporting the "unmanaged" state. // This is a case of control plane operators or operators that are required to always run otherwise the cluster will // get into unstable state or critical components will stop working. @@ -26,6 +16,12 @@ func SetOperatorAlwaysManaged() { allowOperatorUnmanagedState = false } +// SetOperatorUnmanageable is one time choice when an operator wants to support the "unmanaged" state. +// This is the default setting, provided here mostly for unit tests. +func SetOperatorUnmanageable() { + allowOperatorUnmanagedState = true +} + // SetOperatorNotRemovable is one time choice the operator author can make to indicate the operator does not support // removing of his operand. This makes sense for operators like kube-apiserver where removing operand will lead to a // bricked, non-automatically recoverable state. @@ -33,14 +29,26 @@ func SetOperatorNotRemovable() { allowOperatorRemovedState = false } +// SetOperatorRemovable is one time choice the operator author can make to indicate the operator supports +// removing of his operand. +// This is the default setting, provided here mostly for unit tests. +func SetOperatorRemovable() { + allowOperatorRemovedState = true +} + // IsOperatorAlwaysManaged means the operator can't be set to unmanaged state. func IsOperatorAlwaysManaged() bool { - return !getAllowedOperatorUnmanaged() + return !allowOperatorUnmanagedState } -// IsOperatorNotRemovable means the operator can't bet set to removed state. +// IsOperatorNotRemovable means the operator can't be set to removed state. func IsOperatorNotRemovable() bool { - return !getAllowedOperatorRemovedState() + return !allowOperatorRemovedState +} + +// IsOperatorRemovable means the operator can be set to removed state. +func IsOperatorRemovable() bool { + return allowOperatorRemovedState } func IsOperatorUnknownState(state v1.ManagementState) bool { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/management/management_state_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/management/management_state_controller.go deleted file mode 100644 index 1367ec162..000000000 --- a/vendor/github.com/openshift/library-go/pkg/operator/management/management_state_controller.go +++ /dev/null @@ -1,76 +0,0 @@ -package management - -import ( - "context" - "fmt" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - - operatorv1 "github.com/openshift/api/operator/v1" - - "github.com/openshift/library-go/pkg/controller/factory" - "github.com/openshift/library-go/pkg/operator/condition" - "github.com/openshift/library-go/pkg/operator/events" - "github.com/openshift/library-go/pkg/operator/v1helpers" - operatorv1helpers "github.com/openshift/library-go/pkg/operator/v1helpers" -) - -// ManagementStateController watches changes of `managementState` field and react in case that field is set to an unsupported value. -// As each operator can opt-out from supporting `unmanaged` or `removed` states, this controller will add failing condition when the -// value for this field is set to this values for those operators. -type ManagementStateController struct { - operatorName string - operatorClient operatorv1helpers.OperatorClient -} - -func NewOperatorManagementStateController( - name string, - operatorClient operatorv1helpers.OperatorClient, - recorder events.Recorder, -) factory.Controller { - c := &ManagementStateController{ - operatorName: name, - operatorClient: operatorClient, - } - return factory.New().WithInformers(operatorClient.Informer()).WithSync(c.sync).ResyncEvery(time.Minute).ToController("ManagementStateController", recorder.WithComponentSuffix("management-state-recorder")) -} - -func (c ManagementStateController) sync(ctx context.Context, syncContext factory.SyncContext) error { - detailedSpec, _, _, err := c.operatorClient.GetOperatorState() - if apierrors.IsNotFound(err) { - syncContext.Recorder().Warningf("StatusNotFound", "Unable to determine current operator status for %s", c.operatorName) - return nil - } - - cond := operatorv1.OperatorCondition{ - Type: condition.ManagementStateDegradedConditionType, - Status: operatorv1.ConditionFalse, - } - - if IsOperatorAlwaysManaged() && detailedSpec.ManagementState == operatorv1.Unmanaged { - cond.Status = operatorv1.ConditionTrue - cond.Reason = "Unmanaged" - cond.Message = fmt.Sprintf("Unmanaged is not supported for %s operator", c.operatorName) - } - - if IsOperatorNotRemovable() && detailedSpec.ManagementState == operatorv1.Removed { - cond.Status = operatorv1.ConditionTrue - cond.Reason = "Removed" - cond.Message = fmt.Sprintf("Removed is not supported for %s operator", c.operatorName) - } - - if IsOperatorUnknownState(detailedSpec.ManagementState) { - cond.Status = operatorv1.ConditionTrue - cond.Reason = "Unknown" - cond.Message = fmt.Sprintf("Unsupported management state %q for %s operator", detailedSpec.ManagementState, c.operatorName) - } - - if _, _, updateError := v1helpers.UpdateStatus(c.operatorClient, v1helpers.UpdateConditionFn(cond)); updateError != nil { - if err == nil { - return updateError - } - } - - return nil -} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go index 75d9d82a9..72a3642ba 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go @@ -20,7 +20,7 @@ import ( // mutatingwebhookconfiguration will be merged with the existing mutatingwebhookconfiguration // and an update performed if the mutatingwebhookconfiguration spec and metadata differ from // the previously required spec and metadata based on generation change. -func ApplyMutatingWebhookConfiguration(client admissionregistrationclientv1.MutatingWebhookConfigurationsGetter, recorder events.Recorder, +func ApplyMutatingWebhookConfiguration(ctx context.Context, client admissionregistrationclientv1.MutatingWebhookConfigurationsGetter, recorder events.Recorder, requiredOriginal *admissionregistrationv1.MutatingWebhookConfiguration, expectedGeneration int64) (*admissionregistrationv1.MutatingWebhookConfiguration, bool, error) { if requiredOriginal == nil { @@ -28,9 +28,9 @@ func ApplyMutatingWebhookConfiguration(client admissionregistrationclientv1.Muta } required := requiredOriginal.DeepCopy() - existing, err := client.MutatingWebhookConfigurations().Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + existing, err := client.MutatingWebhookConfigurations().Get(ctx, required.GetName(), metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.MutatingWebhookConfigurations().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.MutatingWebhookConfigurations().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) if err != nil { return nil, false, err @@ -54,7 +54,7 @@ func ApplyMutatingWebhookConfiguration(client admissionregistrationclientv1.Muta klog.V(4).Infof("MutatingWebhookConfiguration %q changes: %v", required.GetNamespace()+"/"+required.GetName(), JSONPatchNoError(existing, toWrite)) - actual, err := client.MutatingWebhookConfigurations().Update(context.TODO(), toWrite, metav1.UpdateOptions{}) + actual, err := client.MutatingWebhookConfigurations().Update(ctx, toWrite, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) if err != nil { return nil, false, err @@ -83,16 +83,16 @@ func copyMutatingWebhookCABundle(from, to *admissionregistrationv1.MutatingWebho // validatingwebhookconfiguration will be merged with the existing validatingwebhookconfiguration // and an update performed if the validatingwebhookconfiguration spec and metadata differ from // the previously required spec and metadata based on generation change. -func ApplyValidatingWebhookConfiguration(client admissionregistrationclientv1.ValidatingWebhookConfigurationsGetter, recorder events.Recorder, +func ApplyValidatingWebhookConfiguration(ctx context.Context, client admissionregistrationclientv1.ValidatingWebhookConfigurationsGetter, recorder events.Recorder, requiredOriginal *admissionregistrationv1.ValidatingWebhookConfiguration, expectedGeneration int64) (*admissionregistrationv1.ValidatingWebhookConfiguration, bool, error) { if requiredOriginal == nil { return nil, false, fmt.Errorf("Unexpected nil instead of an object") } required := requiredOriginal.DeepCopy() - existing, err := client.ValidatingWebhookConfigurations().Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + existing, err := client.ValidatingWebhookConfigurations().Get(ctx, required.GetName(), metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.ValidatingWebhookConfigurations().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.ValidatingWebhookConfigurations().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) if err != nil { return nil, false, err @@ -116,7 +116,7 @@ func ApplyValidatingWebhookConfiguration(client admissionregistrationclientv1.Va klog.V(4).Infof("ValidatingWebhookConfiguration %q changes: %v", required.GetNamespace()+"/"+required.GetName(), JSONPatchNoError(existing, toWrite)) - actual, err := client.ValidatingWebhookConfigurations().Update(context.TODO(), toWrite, metav1.UpdateOptions{}) + actual, err := client.ValidatingWebhookConfigurations().Update(ctx, toWrite, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) if err != nil { return nil, false, err diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiextensions.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiextensions.go index e98b2c469..635a42de3 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiextensions.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiextensions.go @@ -6,48 +6,17 @@ import ( "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" apiextclientv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" - apiextclientv1beta1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/klog/v2" ) -// ApplyCustomResourceDefinitionV1Beta1 applies the required CustomResourceDefinition to the cluster. -func ApplyCustomResourceDefinitionV1Beta1(client apiextclientv1beta1.CustomResourceDefinitionsGetter, recorder events.Recorder, required *apiextv1beta1.CustomResourceDefinition) (*apiextv1beta1.CustomResourceDefinition, bool, error) { - existing, err := client.CustomResourceDefinitions().Get(context.TODO(), required.Name, metav1.GetOptions{}) - if apierrors.IsNotFound(err) { - actual, err := client.CustomResourceDefinitions().Create(context.TODO(), required, metav1.CreateOptions{}) - reportCreateEvent(recorder, required, err) - return actual, true, err - } - if err != nil { - return nil, false, err - } - - modified := resourcemerge.BoolPtr(false) - existingCopy := existing.DeepCopy() - resourcemerge.EnsureCustomResourceDefinitionV1Beta1(modified, existingCopy, *required) - if !*modified { - return existing, false, nil - } - - if klog.V(4).Enabled() { - klog.Infof("CustomResourceDefinition %q changes: %s", existing.Name, JSONPatchNoError(existing, existingCopy)) - } - - actual, err := client.CustomResourceDefinitions().Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) - reportUpdateEvent(recorder, required, err) - - return actual, true, err -} - // ApplyCustomResourceDefinitionV1 applies the required CustomResourceDefinition to the cluster. -func ApplyCustomResourceDefinitionV1(client apiextclientv1.CustomResourceDefinitionsGetter, recorder events.Recorder, required *apiextensionsv1.CustomResourceDefinition) (*apiextensionsv1.CustomResourceDefinition, bool, error) { - existing, err := client.CustomResourceDefinitions().Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyCustomResourceDefinitionV1(ctx context.Context, client apiextclientv1.CustomResourceDefinitionsGetter, recorder events.Recorder, required *apiextensionsv1.CustomResourceDefinition) (*apiextensionsv1.CustomResourceDefinition, bool, error) { + existing, err := client.CustomResourceDefinitions().Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.CustomResourceDefinitions().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.CustomResourceDefinitions().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -66,7 +35,7 @@ func ApplyCustomResourceDefinitionV1(client apiextclientv1.CustomResourceDefinit klog.Infof("CustomResourceDefinition %q changes: %s", existing.Name, JSONPatchNoError(existing, existingCopy)) } - actual, err := client.CustomResourceDefinitions().Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.CustomResourceDefinitions().Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiregistration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiregistration.go index 6231050a2..db0cd2098 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiregistration.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiregistration.go @@ -15,10 +15,10 @@ import ( ) // ApplyAPIService merges objectmeta and requires apiservice coordinates. It does not touch CA bundles, which should be managed via service CA controller. -func ApplyAPIService(client apiregistrationv1client.APIServicesGetter, recorder events.Recorder, required *apiregistrationv1.APIService) (*apiregistrationv1.APIService, bool, error) { - existing, err := client.APIServices().Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyAPIService(ctx context.Context, client apiregistrationv1client.APIServicesGetter, recorder events.Recorder, required *apiregistrationv1.APIService) (*apiregistrationv1.APIService, bool, error) { + existing, err := client.APIServices().Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.APIServices().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.APIServices().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -43,7 +43,7 @@ func ApplyAPIService(client apiregistrationv1client.APIServicesGetter, recorder if klog.V(4).Enabled() { klog.Infof("APIService %q changes: %s", existing.Name, JSONPatchNoError(existing, existingCopy)) } - actual, err := client.APIServices().Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.APIServices().Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apps.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apps.go index 782a21825..e83ee2561 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apps.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apps.go @@ -88,7 +88,7 @@ func SetSpecHashAnnotation(objMeta *metav1.ObjectMeta, spec interface{}) error { // // - Update the call to use ApplyDeploymentWithForce. This is available as a temporary measure // but the method is deprecated and will be removed in 4.6. -func ApplyDeployment(client appsclientv1.DeploymentsGetter, recorder events.Recorder, +func ApplyDeployment(ctx context.Context, client appsclientv1.DeploymentsGetter, recorder events.Recorder, requiredOriginal *appsv1.Deployment, expectedGeneration int64) (*appsv1.Deployment, bool, error) { required := requiredOriginal.DeepCopy() @@ -97,13 +97,13 @@ func ApplyDeployment(client appsclientv1.DeploymentsGetter, recorder events.Reco return nil, false, err } - return ApplyDeploymentWithForce(client, recorder, required, expectedGeneration, false) + return ApplyDeploymentWithForce(ctx, client, recorder, required, expectedGeneration, false) } // ApplyDeploymentWithForce merges objectmeta and requires matching generation. It returns the final Object, whether any change as made, and an error. // // DEPRECATED - This method will be removed in 4.6 and callers will need to migrate to ApplyDeployment before then. -func ApplyDeploymentWithForce(client appsclientv1.DeploymentsGetter, recorder events.Recorder, requiredOriginal *appsv1.Deployment, expectedGeneration int64, +func ApplyDeploymentWithForce(ctx context.Context, client appsclientv1.DeploymentsGetter, recorder events.Recorder, requiredOriginal *appsv1.Deployment, expectedGeneration int64, forceRollout bool) (*appsv1.Deployment, bool, error) { required := requiredOriginal.DeepCopy() @@ -115,9 +115,9 @@ func ApplyDeploymentWithForce(client appsclientv1.DeploymentsGetter, recorder ev // pull-spec annotation to be applied. required.Annotations["operator.openshift.io/pull-spec"] = required.Spec.Template.Spec.Containers[0].Image } - existing, err := client.Deployments(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) + existing, err := client.Deployments(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.Deployments(required.Namespace).Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.Deployments(required.Namespace).Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -154,7 +154,7 @@ func ApplyDeploymentWithForce(client appsclientv1.DeploymentsGetter, recorder ev klog.Infof("Deployment %q changes: %v", required.Namespace+"/"+required.Name, JSONPatchNoError(existing, toWrite)) } - actual, err := client.Deployments(required.Namespace).Update(context.TODO(), toWrite, metav1.UpdateOptions{}) + actual, err := client.Deployments(required.Namespace).Update(ctx, toWrite, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } @@ -178,7 +178,7 @@ func ApplyDeploymentWithForce(client appsclientv1.DeploymentsGetter, recorder ev // // - Update the call to use ApplyDaemonSetWithForce. This is available as a temporary measure // but the method is deprecated and will be removed in 4.6. -func ApplyDaemonSet(client appsclientv1.DaemonSetsGetter, recorder events.Recorder, +func ApplyDaemonSet(ctx context.Context, client appsclientv1.DaemonSetsGetter, recorder events.Recorder, requiredOriginal *appsv1.DaemonSet, expectedGeneration int64) (*appsv1.DaemonSet, bool, error) { required := requiredOriginal.DeepCopy() @@ -187,12 +187,12 @@ func ApplyDaemonSet(client appsclientv1.DaemonSetsGetter, recorder events.Record return nil, false, err } - return ApplyDaemonSetWithForce(client, recorder, required, expectedGeneration, false) + return ApplyDaemonSetWithForce(ctx, client, recorder, required, expectedGeneration, false) } // ApplyDaemonSetWithForce merges objectmeta and requires matching generation. It returns the final Object, whether any change as made, and an error // DEPRECATED - This method will be removed in 4.6 and callers will need to migrate to ApplyDaemonSet before then. -func ApplyDaemonSetWithForce(client appsclientv1.DaemonSetsGetter, recorder events.Recorder, requiredOriginal *appsv1.DaemonSet, expectedGeneration int64, forceRollout bool) (*appsv1.DaemonSet, bool, error) { +func ApplyDaemonSetWithForce(ctx context.Context, client appsclientv1.DaemonSetsGetter, recorder events.Recorder, requiredOriginal *appsv1.DaemonSet, expectedGeneration int64, forceRollout bool) (*appsv1.DaemonSet, bool, error) { required := requiredOriginal.DeepCopy() if required.Annotations == nil { required.Annotations = map[string]string{} @@ -202,9 +202,9 @@ func ApplyDaemonSetWithForce(client appsclientv1.DaemonSetsGetter, recorder even // pull-spec annotation to be applied. required.Annotations["operator.openshift.io/pull-spec"] = required.Spec.Template.Spec.Containers[0].Image } - existing, err := client.DaemonSets(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) + existing, err := client.DaemonSets(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.DaemonSets(required.Namespace).Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.DaemonSets(required.Namespace).Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -240,7 +240,7 @@ func ApplyDaemonSetWithForce(client appsclientv1.DaemonSetsGetter, recorder even if klog.V(4).Enabled() { klog.Infof("DaemonSet %q changes: %v", required.Namespace+"/"+required.Name, JSONPatchNoError(existing, toWrite)) } - actual, err := client.DaemonSets(required.Namespace).Update(context.TODO(), toWrite, metav1.UpdateOptions{}) + actual, err := client.DaemonSets(required.Namespace).Update(ctx, toWrite, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go index a8e5f25f1..365b1b655 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go @@ -13,6 +13,7 @@ import ( "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/sets" coreclientv1 "k8s.io/client-go/kubernetes/typed/core/v1" "github.com/openshift/library-go/pkg/operator/events" @@ -20,12 +21,12 @@ import ( ) // ApplyNamespace merges objectmeta, does not worry about anything else -func ApplyNamespace(client coreclientv1.NamespacesGetter, recorder events.Recorder, required *corev1.Namespace) (*corev1.Namespace, bool, error) { - existing, err := client.Namespaces().Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyNamespace(ctx context.Context, client coreclientv1.NamespacesGetter, recorder events.Recorder, required *corev1.Namespace) (*corev1.Namespace, bool, error) { + existing, err := client.Namespaces().Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { requiredCopy := required.DeepCopy() actual, err := client.Namespaces(). - Create(context.TODO(), resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Namespace), metav1.CreateOptions{}) + Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Namespace), metav1.CreateOptions{}) reportCreateEvent(recorder, requiredCopy, err) return actual, true, err } @@ -45,7 +46,7 @@ func ApplyNamespace(client coreclientv1.NamespacesGetter, recorder events.Record klog.Infof("Namespace %q changes: %v", required.Name, JSONPatchNoError(existing, existingCopy)) } - actual, err := client.Namespaces().Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.Namespaces().Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } @@ -53,12 +54,12 @@ func ApplyNamespace(client coreclientv1.NamespacesGetter, recorder events.Record // ApplyService merges objectmeta and requires // TODO, since this cannot determine whether changes are due to legitimate actors (api server) or illegitimate ones (users), we cannot update // TODO I've special cased the selector for now -func ApplyService(client coreclientv1.ServicesGetter, recorder events.Recorder, required *corev1.Service) (*corev1.Service, bool, error) { - existing, err := client.Services(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyService(ctx context.Context, client coreclientv1.ServicesGetter, recorder events.Recorder, required *corev1.Service) (*corev1.Service, bool, error) { + existing, err := client.Services(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { requiredCopy := required.DeepCopy() actual, err := client.Services(requiredCopy.Namespace). - Create(context.TODO(), resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Service), metav1.CreateOptions{}) + Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Service), metav1.CreateOptions{}) reportCreateEvent(recorder, requiredCopy, err) return actual, true, err } @@ -90,18 +91,18 @@ func ApplyService(client coreclientv1.ServicesGetter, recorder events.Recorder, klog.Infof("Service %q changes: %v", required.Namespace+"/"+required.Name, JSONPatchNoError(existing, required)) } - actual, err := client.Services(required.Namespace).Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.Services(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } // ApplyPod merges objectmeta, does not worry about anything else -func ApplyPod(client coreclientv1.PodsGetter, recorder events.Recorder, required *corev1.Pod) (*corev1.Pod, bool, error) { - existing, err := client.Pods(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyPod(ctx context.Context, client coreclientv1.PodsGetter, recorder events.Recorder, required *corev1.Pod) (*corev1.Pod, bool, error) { + existing, err := client.Pods(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { requiredCopy := required.DeepCopy() actual, err := client.Pods(requiredCopy.Namespace). - Create(context.TODO(), resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Pod), metav1.CreateOptions{}) + Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Pod), metav1.CreateOptions{}) reportCreateEvent(recorder, requiredCopy, err) return actual, true, err } @@ -121,18 +122,18 @@ func ApplyPod(client coreclientv1.PodsGetter, recorder events.Recorder, required klog.Infof("Pod %q changes: %v", required.Namespace+"/"+required.Name, JSONPatchNoError(existing, required)) } - actual, err := client.Pods(required.Namespace).Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.Pods(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } // ApplyServiceAccount merges objectmeta, does not worry about anything else -func ApplyServiceAccount(client coreclientv1.ServiceAccountsGetter, recorder events.Recorder, required *corev1.ServiceAccount) (*corev1.ServiceAccount, bool, error) { - existing, err := client.ServiceAccounts(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyServiceAccount(ctx context.Context, client coreclientv1.ServiceAccountsGetter, recorder events.Recorder, required *corev1.ServiceAccount) (*corev1.ServiceAccount, bool, error) { + existing, err := client.ServiceAccounts(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { requiredCopy := required.DeepCopy() actual, err := client.ServiceAccounts(requiredCopy.Namespace). - Create(context.TODO(), resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.ServiceAccount), metav1.CreateOptions{}) + Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.ServiceAccount), metav1.CreateOptions{}) reportCreateEvent(recorder, requiredCopy, err) return actual, true, err } @@ -150,18 +151,18 @@ func ApplyServiceAccount(client coreclientv1.ServiceAccountsGetter, recorder eve if klog.V(4).Enabled() { klog.Infof("ServiceAccount %q changes: %v", required.Namespace+"/"+required.Name, JSONPatchNoError(existing, required)) } - actual, err := client.ServiceAccounts(required.Namespace).Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.ServiceAccounts(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } // ApplyConfigMap merges objectmeta, requires data -func ApplyConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Recorder, required *corev1.ConfigMap) (*corev1.ConfigMap, bool, error) { - existing, err := client.ConfigMaps(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, recorder events.Recorder, required *corev1.ConfigMap) (*corev1.ConfigMap, bool, error) { + existing, err := client.ConfigMaps(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { requiredCopy := required.DeepCopy() actual, err := client.ConfigMaps(requiredCopy.Namespace). - Create(context.TODO(), resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.ConfigMap), metav1.CreateOptions{}) + Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.ConfigMap), metav1.CreateOptions{}) reportCreateEvent(recorder, requiredCopy, err) return actual, true, err } @@ -219,7 +220,7 @@ func ApplyConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Record existingCopy.Data["ca-bundle.crt"] = existingCABundle } - actual, err := client.ConfigMaps(required.Namespace).Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.ConfigMaps(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) var details string if !dataSame { @@ -234,7 +235,7 @@ func ApplyConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Record } // ApplySecret merges objectmeta, requires data -func ApplySecret(client coreclientv1.SecretsGetter, recorder events.Recorder, requiredInput *corev1.Secret) (*corev1.Secret, bool, error) { +func ApplySecret(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, requiredInput *corev1.Secret) (*corev1.Secret, bool, error) { // copy the stringData to data. Error on a data content conflict inside required. This is usually a bug. required := requiredInput.DeepCopy() if required.Data == nil { @@ -250,11 +251,11 @@ func ApplySecret(client coreclientv1.SecretsGetter, recorder events.Recorder, re } required.StringData = nil - existing, err := client.Secrets(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) + existing, err := client.Secrets(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { requiredCopy := required.DeepCopy() actual, err := client.Secrets(requiredCopy.Namespace). - Create(context.TODO(), resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Secret), metav1.CreateOptions{}) + Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*corev1.Secret), metav1.CreateOptions{}) reportCreateEvent(recorder, requiredCopy, err) return actual, true, err } @@ -304,7 +305,7 @@ func ApplySecret(client coreclientv1.SecretsGetter, recorder events.Recorder, re * We need to explicitly opt for delete+create in that case. */ if existingCopy.Type == existing.Type { - actual, err = client.Secrets(required.Namespace).Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err = client.Secrets(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, existingCopy, err) if err == nil { @@ -316,60 +317,85 @@ func ApplySecret(client coreclientv1.SecretsGetter, recorder events.Recorder, re } // if the field was immutable on a secret, we're going to be stuck until we delete it. Try to delete and then create - deleteErr := client.Secrets(required.Namespace).Delete(context.TODO(), existingCopy.Name, metav1.DeleteOptions{}) + deleteErr := client.Secrets(required.Namespace).Delete(ctx, existingCopy.Name, metav1.DeleteOptions{}) reportDeleteEvent(recorder, existingCopy, deleteErr) // clear the RV and track the original actual and error for the return like our create value. existingCopy.ResourceVersion = "" - actual, err = client.Secrets(required.Namespace).Create(context.TODO(), existingCopy, metav1.CreateOptions{}) + actual, err = client.Secrets(required.Namespace).Create(ctx, existingCopy, metav1.CreateOptions{}) reportCreateEvent(recorder, existingCopy, err) return actual, true, err } -func SyncConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, ownerRefs []metav1.OwnerReference) (*corev1.ConfigMap, bool, error) { - source, err := client.ConfigMaps(sourceNamespace).Get(context.TODO(), sourceName, metav1.GetOptions{}) +// SyncConfigMap applies a ConfigMap from a location `sourceNamespace/sourceName` to `targetNamespace/targetName` +func SyncConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, ownerRefs []metav1.OwnerReference) (*corev1.ConfigMap, bool, error) { + return SyncPartialConfigMap(ctx, client, recorder, sourceNamespace, sourceName, targetNamespace, targetName, nil, ownerRefs) +} + +// SyncPartialConfigMap does what SyncConfigMap does but it only synchronizes a subset of keys given by `syncedKeys`. +// SyncPartialConfigMap will delete the target if `syncedKeys` are set but the source does not contain any of these keys. +func SyncPartialConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, syncedKeys sets.String, ownerRefs []metav1.OwnerReference) (*corev1.ConfigMap, bool, error) { + source, err := client.ConfigMaps(sourceNamespace).Get(ctx, sourceName, metav1.GetOptions{}) switch { case apierrors.IsNotFound(err): - deleteErr := client.ConfigMaps(targetNamespace).Delete(context.TODO(), targetName, metav1.DeleteOptions{}) - if _, getErr := client.ConfigMaps(targetNamespace).Get(context.TODO(), targetName, metav1.GetOptions{}); getErr != nil && apierrors.IsNotFound(getErr) { - return nil, true, nil - } - if apierrors.IsNotFound(deleteErr) { - return nil, false, nil - } - if deleteErr == nil { - recorder.Eventf("TargetConfigDeleted", "Deleted target configmap %s/%s because source config does not exist", targetNamespace, targetName) - return nil, true, nil - } - return nil, false, deleteErr + modified, err := deleteConfigMapSyncTarget(ctx, client, recorder, targetNamespace, targetName) + return nil, modified, err case err != nil: return nil, false, err default: + if len(syncedKeys) > 0 { + for sourceKey := range source.Data { + if !syncedKeys.Has(sourceKey) { + delete(source.Data, sourceKey) + } + } + for sourceKey := range source.BinaryData { + if !syncedKeys.Has(sourceKey) { + delete(source.BinaryData, sourceKey) + } + } + + // remove the synced CM if the requested fields are not present in source + if len(source.Data)+len(source.BinaryData) == 0 { + modified, err := deleteConfigMapSyncTarget(ctx, client, recorder, targetNamespace, targetName) + return nil, modified, err + } + } + source.Namespace = targetNamespace source.Name = targetName source.ResourceVersion = "" source.OwnerReferences = ownerRefs - return ApplyConfigMap(client, recorder, source) + return ApplyConfigMap(ctx, client, recorder, source) + } +} + +func deleteConfigMapSyncTarget(ctx context.Context, client coreclientv1.ConfigMapsGetter, recorder events.Recorder, targetNamespace, targetName string) (bool, error) { + err := client.ConfigMaps(targetNamespace).Delete(ctx, targetName, metav1.DeleteOptions{}) + if apierrors.IsNotFound(err) { + return false, nil + } + if err == nil { + recorder.Eventf("TargetConfigDeleted", "Deleted target configmap %s/%s because source config does not exist", targetNamespace, targetName) + return true, nil } + return false, err } -func SyncSecret(client coreclientv1.SecretsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, ownerRefs []metav1.OwnerReference) (*corev1.Secret, bool, error) { - source, err := client.Secrets(sourceNamespace).Get(context.TODO(), sourceName, metav1.GetOptions{}) +// SyncSecret applies a Secret from a location `sourceNamespace/sourceName` to `targetNamespace/targetName` +func SyncSecret(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, ownerRefs []metav1.OwnerReference) (*corev1.Secret, bool, error) { + return SyncPartialSecret(ctx, client, recorder, sourceNamespace, sourceName, targetNamespace, targetName, nil, ownerRefs) +} + +// SyncPartialSecret does what SyncSecret does but it only synchronizes a subset of keys given by `syncedKeys`. +// SyncPartialSecret will delete the target if `syncedKeys` are set but the source does not contain any of these keys. +func SyncPartialSecret(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, syncedKeys sets.String, ownerRefs []metav1.OwnerReference) (*corev1.Secret, bool, error) { + source, err := client.Secrets(sourceNamespace).Get(ctx, sourceName, metav1.GetOptions{}) switch { case apierrors.IsNotFound(err): - if _, getErr := client.Secrets(targetNamespace).Get(context.TODO(), targetName, metav1.GetOptions{}); getErr != nil && apierrors.IsNotFound(getErr) { - return nil, true, nil - } - deleteErr := client.Secrets(targetNamespace).Delete(context.TODO(), targetName, metav1.DeleteOptions{}) - if apierrors.IsNotFound(deleteErr) { - return nil, false, nil - } - if deleteErr == nil { - recorder.Eventf("TargetSecretDeleted", "Deleted target secret %s/%s because source config does not exist", targetNamespace, targetName) - return nil, true, nil - } - return nil, false, deleteErr + modified, err := deleteSecretSyncTarget(ctx, client, recorder, targetNamespace, targetName) + return nil, modified, err case err != nil: return nil, false, err default: @@ -391,10 +417,41 @@ func SyncSecret(client coreclientv1.SecretsGetter, recorder events.Recorder, sou source.Type = corev1.SecretTypeOpaque } + if len(syncedKeys) > 0 { + for sourceKey := range source.Data { + if !syncedKeys.Has(sourceKey) { + delete(source.Data, sourceKey) + } + } + for sourceKey := range source.StringData { + if !syncedKeys.Has(sourceKey) { + delete(source.StringData, sourceKey) + } + } + + // remove the synced secret if the requested fields are not present in source + if len(source.Data)+len(source.StringData) == 0 { + modified, err := deleteSecretSyncTarget(ctx, client, recorder, targetNamespace, targetName) + return nil, modified, err + } + } + source.Namespace = targetNamespace source.Name = targetName source.ResourceVersion = "" source.OwnerReferences = ownerRefs - return ApplySecret(client, recorder, source) + return ApplySecret(ctx, client, recorder, source) + } +} + +func deleteSecretSyncTarget(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, targetNamespace, targetName string) (bool, error) { + err := client.Secrets(targetNamespace).Delete(ctx, targetName, metav1.DeleteOptions{}) + if apierrors.IsNotFound(err) { + return false, nil + } + if err == nil { + recorder.Eventf("TargetSecretDeleted", "Deleted target secret %s/%s because source config does not exist", targetNamespace, targetName) + return true, nil } + return false, err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/credentialsrequest.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/credentialsrequest.go index 45031f9d5..2de8136a8 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/credentialsrequest.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/credentialsrequest.go @@ -44,6 +44,7 @@ func AddCredentialsRequestHash(cr *unstructured.Unstructured) error { } func ApplyCredentialsRequest( + ctx context.Context, client dynamic.Interface, recorder events.Recorder, required *unstructured.Unstructured, @@ -58,9 +59,9 @@ func ApplyCredentialsRequest( } crClient := client.Resource(credentialsRequestResourceGVR).Namespace(required.GetNamespace()) - existing, err := crClient.Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + existing, err := crClient.Get(ctx, required.GetName(), metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := crClient.Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := crClient.Create(ctx, required, metav1.CreateOptions{}) if err == nil { recorder.Eventf( fmt.Sprintf("%sCreated", required.GetKind()), @@ -97,7 +98,7 @@ func ApplyCredentialsRequest( requiredCopy := required.DeepCopy() existing.Object["spec"] = requiredCopy.Object["spec"] - actual, err := crClient.Update(context.TODO(), existing, metav1.UpdateOptions{}) + actual, err := crClient.Update(ctx, existing, metav1.UpdateOptions{}) if err != nil { return nil, false, err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go index b13453923..c827cd410 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/generic.go @@ -1,9 +1,12 @@ package resourceapply import ( + "context" "fmt" + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" + policyv1 "k8s.io/api/policy/v1" rbacv1 "k8s.io/api/rbac/v1" storagev1 "k8s.io/api/storage/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -17,8 +20,11 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes/scheme" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + migrationv1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1" + migrationclient "sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset" "github.com/openshift/api" + "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/v1helpers" ) @@ -33,7 +39,10 @@ func init() { utilruntime.Must(api.InstallKube(genericScheme)) utilruntime.Must(apiextensionsv1beta1.AddToScheme(genericScheme)) utilruntime.Must(apiextensionsv1.AddToScheme(genericScheme)) - + utilruntime.Must(migrationv1alpha1.AddToScheme(genericScheme)) + utilruntime.Must(admissionregistrationv1.AddToScheme(genericScheme)) + // TODO: remove once openshift/api/pull/929 is merged + utilruntime.Must(policyv1.AddToScheme(genericScheme)) } type AssetFunc func(name string) ([]byte, error) @@ -51,6 +60,7 @@ type ClientHolder struct { apiExtensionsClient apiextensionsclient.Interface kubeInformers v1helpers.KubeInformersForNamespaces dynamicClient dynamic.Interface + migrationClient migrationclient.Interface } func NewClientHolder() *ClientHolder { @@ -81,8 +91,13 @@ func (c *ClientHolder) WithDynamicClient(client dynamic.Interface) *ClientHolder return c } +func (c *ClientHolder) WithMigrationClient(client migrationclient.Interface) *ClientHolder { + c.migrationClient = client + return c +} + // ApplyDirectly applies the given manifest files to API server. -func ApplyDirectly(clients *ClientHolder, recorder events.Recorder, manifests AssetFunc, files ...string) []ApplyResult { +func ApplyDirectly(ctx context.Context, clients *ClientHolder, recorder events.Recorder, manifests AssetFunc, files ...string) []ApplyResult { ret := []ApplyResult{} for _, file := range files { @@ -107,93 +122,111 @@ func ApplyDirectly(clients *ClientHolder, recorder events.Recorder, manifests As if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyNamespace(clients.kubeClient.CoreV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyNamespace(ctx, clients.kubeClient.CoreV1(), recorder, t) } case *corev1.Service: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyService(clients.kubeClient.CoreV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyService(ctx, clients.kubeClient.CoreV1(), recorder, t) } case *corev1.Pod: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyPod(clients.kubeClient.CoreV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyPod(ctx, clients.kubeClient.CoreV1(), recorder, t) } case *corev1.ServiceAccount: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyServiceAccount(clients.kubeClient.CoreV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyServiceAccount(ctx, clients.kubeClient.CoreV1(), recorder, t) } case *corev1.ConfigMap: client := clients.configMapsGetter() if client == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyConfigMap(client, recorder, t) + result.Result, result.Changed, result.Error = ApplyConfigMap(ctx, client, recorder, t) } case *corev1.Secret: client := clients.secretsGetter() if client == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplySecret(client, recorder, t) + result.Result, result.Changed, result.Error = ApplySecret(ctx, client, recorder, t) } case *rbacv1.ClusterRole: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyClusterRole(clients.kubeClient.RbacV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyClusterRole(ctx, clients.kubeClient.RbacV1(), recorder, t) } case *rbacv1.ClusterRoleBinding: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyClusterRoleBinding(clients.kubeClient.RbacV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyClusterRoleBinding(ctx, clients.kubeClient.RbacV1(), recorder, t) } case *rbacv1.Role: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyRole(clients.kubeClient.RbacV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyRole(ctx, clients.kubeClient.RbacV1(), recorder, t) } case *rbacv1.RoleBinding: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyRoleBinding(clients.kubeClient.RbacV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyRoleBinding(ctx, clients.kubeClient.RbacV1(), recorder, t) } - case *apiextensionsv1beta1.CustomResourceDefinition: - if clients.apiExtensionsClient == nil { - result.Error = fmt.Errorf("missing apiExtensionsClient") + case *policyv1.PodDisruptionBudget: + if clients.kubeClient == nil { + result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyCustomResourceDefinitionV1Beta1(clients.apiExtensionsClient.ApiextensionsV1beta1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyPodDisruptionBudget(ctx, clients.kubeClient.PolicyV1(), recorder, t) } case *apiextensionsv1.CustomResourceDefinition: if clients.apiExtensionsClient == nil { result.Error = fmt.Errorf("missing apiExtensionsClient") } else { - result.Result, result.Changed, result.Error = ApplyCustomResourceDefinitionV1(clients.apiExtensionsClient.ApiextensionsV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyCustomResourceDefinitionV1(ctx, clients.apiExtensionsClient.ApiextensionsV1(), recorder, t) } case *storagev1.StorageClass: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyStorageClass(clients.kubeClient.StorageV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyStorageClass(ctx, clients.kubeClient.StorageV1(), recorder, t) + } + case *admissionregistrationv1.ValidatingWebhookConfiguration: + if clients.kubeClient == nil { + result.Error = fmt.Errorf("missing kubeClient") + } else { + result.Result, result.Changed, result.Error = ApplyValidatingWebhookConfiguration(ctx, clients.kubeClient.AdmissionregistrationV1(), recorder, t, -1) + } + case *admissionregistrationv1.MutatingWebhookConfiguration: + if clients.kubeClient == nil { + result.Error = fmt.Errorf("missing kubeClient") + } else { + result.Result, result.Changed, result.Error = ApplyMutatingWebhookConfiguration(ctx, clients.kubeClient.AdmissionregistrationV1(), recorder, t, -1) } case *storagev1.CSIDriver: if clients.kubeClient == nil { result.Error = fmt.Errorf("missing kubeClient") } else { - result.Result, result.Changed, result.Error = ApplyCSIDriver(clients.kubeClient.StorageV1(), recorder, t) + result.Result, result.Changed, result.Error = ApplyCSIDriver(ctx, clients.kubeClient.StorageV1(), recorder, t) + } + case *migrationv1alpha1.StorageVersionMigration: + if clients.migrationClient == nil { + result.Error = fmt.Errorf("missing migrationClient") + } else { + result.Result, result.Changed, result.Error = ApplyStorageVersionMigration(ctx, clients.migrationClient, recorder, t) } case *unstructured.Unstructured: if clients.dynamicClient == nil { result.Error = fmt.Errorf("missing dynamicClient") } else { - result.Result, result.Changed, result.Error = ApplyKnownUnstructured(clients.dynamicClient, recorder, t) + result.Result, result.Changed, result.Error = ApplyKnownUnstructured(ctx, clients.dynamicClient, recorder, t) } default: result.Error = fmt.Errorf("unhandled type %T", requiredObj) diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/migration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/migration.go new file mode 100644 index 000000000..cf3b82269 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/migration.go @@ -0,0 +1,46 @@ +package resourceapply + +import ( + "context" + "reflect" + + "github.com/openshift/library-go/pkg/operator/events" + "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/klog/v2" + "sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1" + migrationv1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1" + migrationclientv1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset" +) + +// ApplyStorageVersionMigration merges objectmeta and required data. +func ApplyStorageVersionMigration(ctx context.Context, client migrationclientv1alpha1.Interface, recorder events.Recorder, required *migrationv1alpha1.StorageVersionMigration) (*migrationv1alpha1.StorageVersionMigration, bool, error) { + clientInterface := client.MigrationV1alpha1().StorageVersionMigrations() + existing, err := clientInterface.Get(ctx, required.Name, metav1.GetOptions{}) + if apierrors.IsNotFound(err) { + requiredCopy := required.DeepCopy() + actual, err := clientInterface.Create(ctx, resourcemerge.WithCleanLabelsAndAnnotations(requiredCopy).(*v1alpha1.StorageVersionMigration), metav1.CreateOptions{}) + reportCreateEvent(recorder, requiredCopy, err) + return actual, true, err + } + if err != nil { + return nil, false, err + } + + modified := resourcemerge.BoolPtr(false) + existingCopy := existing.DeepCopy() + resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + if !*modified && reflect.DeepEqual(existingCopy.Spec, required.Spec) { + return existingCopy, false, nil + } + + if klog.V(4).Enabled() { + klog.Infof("StorageVersionMigration %q changes: %v", required.Name, JSONPatchNoError(existing, required)) + } + + required.Spec.Resource.DeepCopyInto(&existingCopy.Spec.Resource) + actual, err := clientInterface.Update(ctx, existingCopy, metav1.UpdateOptions{}) + reportUpdateEvent(recorder, required, err) + return actual, true, err +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go index 4f333b8ad..d74352f51 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go @@ -3,23 +3,22 @@ package resourceapply import ( "context" - "github.com/imdario/mergo" - "k8s.io/klog/v2" - + "github.com/openshift/library-go/pkg/operator/events" "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/dynamic" - - "github.com/openshift/library-go/pkg/operator/events" + "k8s.io/klog/v2" ) var serviceMonitorGVR = schema.GroupVersionResource{Group: "monitoring.coreos.com", Version: "v1", Resource: "servicemonitors"} -func ensureGenericSpec(required, existing *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { - requiredSpec, _, err := unstructured.NestedMap(required.UnstructuredContent(), "spec") +func ensureGenericSpec(required, existing *unstructured.Unstructured, mimicDefaultingFn mimicDefaultingFunc, equalityChecker equalityChecker) (*unstructured.Unstructured, bool, error) { + requiredCopy := required.DeepCopy() + mimicDefaultingFn(requiredCopy) + requiredSpec, _, err := unstructured.NestedMap(requiredCopy.UnstructuredContent(), "spec") if err != nil { return nil, false, err } @@ -28,29 +27,40 @@ func ensureGenericSpec(required, existing *unstructured.Unstructured) (*unstruct return nil, false, err } - if err := mergo.Merge(&existingSpec, &requiredSpec); err != nil { - return nil, false, err - } - - if equality.Semantic.DeepEqual(existingSpec, requiredSpec) { + if equalityChecker.DeepEqual(existingSpec, requiredSpec) { return existing, false, nil } existingCopy := existing.DeepCopy() - if err := unstructured.SetNestedMap(existingCopy.UnstructuredContent(), existingSpec, "spec"); err != nil { + if err := unstructured.SetNestedMap(existingCopy.UnstructuredContent(), requiredSpec, "spec"); err != nil { return nil, true, err } return existingCopy, true, nil } +// mimicDefaultingFunc is used to set fields that are defaulted. This allows for sparse manifests to apply correctly. +// For instance, if field .spec.foo is set to 10 if not set, then a function of this type could be used to set +// the field to 10 to match the comparison. This is soemtimes (often?) easier than updating the semantic equality. +// We often see this in places like RBAC and CRD. Logically it can happen generically too. +type mimicDefaultingFunc func(obj *unstructured.Unstructured) + +func noDefaulting(obj *unstructured.Unstructured) {} + +// equalityChecker allows for custom equality comparisons. This can be used to allow equality checks to skip certain +// operator managed fields. This capability allows something like .spec.scale to be specified or changed by a component +// like HPA. Use this capability sparingly. Most places ought to just use `equality.Semantic` +type equalityChecker interface { + DeepEqual(a1, a2 interface{}) bool +} + // ApplyServiceMonitor applies the Prometheus service monitor. -func ApplyServiceMonitor(client dynamic.Interface, recorder events.Recorder, required *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { +func ApplyServiceMonitor(ctx context.Context, client dynamic.Interface, recorder events.Recorder, required *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { namespace := required.GetNamespace() - existing, err := client.Resource(serviceMonitorGVR).Namespace(namespace).Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + existing, err := client.Resource(serviceMonitorGVR).Namespace(namespace).Get(ctx, required.GetName(), metav1.GetOptions{}) if errors.IsNotFound(err) { - newObj, createErr := client.Resource(serviceMonitorGVR).Namespace(namespace).Create(context.TODO(), required, metav1.CreateOptions{}) + newObj, createErr := client.Resource(serviceMonitorGVR).Namespace(namespace).Create(ctx, required, metav1.CreateOptions{}) if createErr != nil { recorder.Warningf("ServiceMonitorCreateFailed", "Failed to create ServiceMonitor.monitoring.coreos.com/v1: %v", createErr) return nil, true, createErr @@ -64,20 +74,20 @@ func ApplyServiceMonitor(client dynamic.Interface, recorder events.Recorder, req existingCopy := existing.DeepCopy() - updated, endpointsModified, err := ensureGenericSpec(required, existingCopy) + toUpdate, modified, err := ensureGenericSpec(required, existingCopy, noDefaulting, equality.Semantic) if err != nil { return nil, false, err } - if !endpointsModified { + if !modified { return nil, false, nil } if klog.V(4).Enabled() { - klog.Infof("ServiceMonitor %q changes: %v", namespace+"/"+required.GetName(), JSONPatchNoError(existing, existingCopy)) + klog.Infof("ServiceMonitor %q changes: %v", namespace+"/"+required.GetName(), JSONPatchNoError(existing, toUpdate)) } - newObj, err := client.Resource(serviceMonitorGVR).Namespace(namespace).Update(context.TODO(), updated, metav1.UpdateOptions{}) + newObj, err := client.Resource(serviceMonitorGVR).Namespace(namespace).Update(ctx, toUpdate, metav1.UpdateOptions{}) if err != nil { recorder.Warningf("ServiceMonitorUpdateFailed", "Failed to update ServiceMonitor.monitoring.coreos.com/v1: %v", err) return nil, true, err @@ -90,12 +100,12 @@ func ApplyServiceMonitor(client dynamic.Interface, recorder events.Recorder, req var prometheusRuleGVR = schema.GroupVersionResource{Group: "monitoring.coreos.com", Version: "v1", Resource: "prometheusrules"} // ApplyPrometheusRule applies the PrometheusRule -func ApplyPrometheusRule(client dynamic.Interface, recorder events.Recorder, required *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { +func ApplyPrometheusRule(ctx context.Context, client dynamic.Interface, recorder events.Recorder, required *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { namespace := required.GetNamespace() - existing, err := client.Resource(prometheusRuleGVR).Namespace(namespace).Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + existing, err := client.Resource(prometheusRuleGVR).Namespace(namespace).Get(ctx, required.GetName(), metav1.GetOptions{}) if errors.IsNotFound(err) { - newObj, createErr := client.Resource(prometheusRuleGVR).Namespace(namespace).Create(context.TODO(), required, metav1.CreateOptions{}) + newObj, createErr := client.Resource(prometheusRuleGVR).Namespace(namespace).Create(ctx, required, metav1.CreateOptions{}) if createErr != nil { recorder.Warningf("PrometheusRuleCreateFailed", "Failed to create PrometheusRule.monitoring.coreos.com/v1: %v", createErr) return nil, true, createErr @@ -109,20 +119,20 @@ func ApplyPrometheusRule(client dynamic.Interface, recorder events.Recorder, req existingCopy := existing.DeepCopy() - updated, endpointsModified, err := ensureGenericSpec(required, existingCopy) + toUpdate, modified, err := ensureGenericSpec(required, existingCopy, noDefaulting, equality.Semantic) if err != nil { return nil, false, err } - if !endpointsModified { + if !modified { return nil, false, nil } if klog.V(4).Enabled() { - klog.Infof("PrometheusRule %q changes: %v", namespace+"/"+required.GetName(), JSONPatchNoError(existing, existingCopy)) + klog.Infof("PrometheusRule %q changes: %v", namespace+"/"+required.GetName(), JSONPatchNoError(existing, toUpdate)) } - newObj, err := client.Resource(prometheusRuleGVR).Namespace(namespace).Update(context.TODO(), updated, metav1.UpdateOptions{}) + newObj, err := client.Resource(prometheusRuleGVR).Namespace(namespace).Update(ctx, toUpdate, metav1.UpdateOptions{}) if err != nil { recorder.Warningf("PrometheusRuleUpdateFailed", "Failed to update PrometheusRule.monitoring.coreos.com/v1: %v", err) return nil, true, err diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/policy.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/policy.go new file mode 100644 index 000000000..cf9138ee6 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/policy.go @@ -0,0 +1,47 @@ +package resourceapply + +import ( + "context" + + policyv1 "k8s.io/api/policy/v1" + "k8s.io/klog/v2" + + "k8s.io/apimachinery/pkg/api/equality" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + policyclientv1 "k8s.io/client-go/kubernetes/typed/policy/v1" + + "github.com/openshift/library-go/pkg/operator/events" + "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" +) + +func ApplyPodDisruptionBudget(ctx context.Context, client policyclientv1.PodDisruptionBudgetsGetter, recorder events.Recorder, required *policyv1.PodDisruptionBudget) (*policyv1.PodDisruptionBudget, bool, error) { + existing, err := client.PodDisruptionBudgets(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) + if apierrors.IsNotFound(err) { + actual, err := client.PodDisruptionBudgets(required.Namespace).Create(ctx, required, metav1.CreateOptions{}) + reportCreateEvent(recorder, required, err) + return actual, true, err + } + if err != nil { + return nil, false, err + } + + modified := resourcemerge.BoolPtr(false) + existingCopy := existing.DeepCopy() + + resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + contentSame := equality.Semantic.DeepEqual(existingCopy.Spec, required.Spec) + if contentSame && !*modified { + return existingCopy, false, nil + } + + existingCopy.Spec = required.Spec + + if klog.V(4).Enabled() { + klog.Infof("PodDisruptionBudget %q changes: %v", required.Name, JSONPatchNoError(existing, existingCopy)) + } + + actual, err := client.PodDisruptionBudgets(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) + reportUpdateEvent(recorder, required, err) + return actual, true, err +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/rbac.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/rbac.go index 567362ace..4cab004a4 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/rbac.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/rbac.go @@ -17,14 +17,14 @@ import ( ) // ApplyClusterRole merges objectmeta, requires rules, aggregation rules are not allowed for now. -func ApplyClusterRole(client rbacclientv1.ClusterRolesGetter, recorder events.Recorder, required *rbacv1.ClusterRole) (*rbacv1.ClusterRole, bool, error) { +func ApplyClusterRole(ctx context.Context, client rbacclientv1.ClusterRolesGetter, recorder events.Recorder, required *rbacv1.ClusterRole) (*rbacv1.ClusterRole, bool, error) { if required.AggregationRule != nil && len(required.AggregationRule.ClusterRoleSelectors) != 0 { return nil, false, fmt.Errorf("cannot create an aggregated cluster role") } - existing, err := client.ClusterRoles().Get(context.TODO(), required.Name, metav1.GetOptions{}) + existing, err := client.ClusterRoles().Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.ClusterRoles().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.ClusterRoles().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -48,17 +48,17 @@ func ApplyClusterRole(client rbacclientv1.ClusterRolesGetter, recorder events.Re klog.Infof("ClusterRole %q changes: %v", required.Name, JSONPatchNoError(existing, existingCopy)) } - actual, err := client.ClusterRoles().Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.ClusterRoles().Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } // ApplyClusterRoleBinding merges objectmeta, requires subjects and role refs // TODO on non-matching roleref, delete and recreate -func ApplyClusterRoleBinding(client rbacclientv1.ClusterRoleBindingsGetter, recorder events.Recorder, required *rbacv1.ClusterRoleBinding) (*rbacv1.ClusterRoleBinding, bool, error) { - existing, err := client.ClusterRoleBindings().Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyClusterRoleBinding(ctx context.Context, client rbacclientv1.ClusterRoleBindingsGetter, recorder events.Recorder, required *rbacv1.ClusterRoleBinding) (*rbacv1.ClusterRoleBinding, bool, error) { + existing, err := client.ClusterRoleBindings().Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.ClusterRoleBindings().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.ClusterRoleBindings().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -101,16 +101,16 @@ func ApplyClusterRoleBinding(client rbacclientv1.ClusterRoleBindingsGetter, reco klog.Infof("ClusterRoleBinding %q changes: %v", requiredCopy.Name, JSONPatchNoError(existing, existingCopy)) } - actual, err := client.ClusterRoleBindings().Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.ClusterRoleBindings().Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, requiredCopy, err) return actual, true, err } // ApplyRole merges objectmeta, requires rules -func ApplyRole(client rbacclientv1.RolesGetter, recorder events.Recorder, required *rbacv1.Role) (*rbacv1.Role, bool, error) { - existing, err := client.Roles(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyRole(ctx context.Context, client rbacclientv1.RolesGetter, recorder events.Recorder, required *rbacv1.Role) (*rbacv1.Role, bool, error) { + existing, err := client.Roles(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.Roles(required.Namespace).Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.Roles(required.Namespace).Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -132,17 +132,17 @@ func ApplyRole(client rbacclientv1.RolesGetter, recorder events.Recorder, requir if klog.V(4).Enabled() { klog.Infof("Role %q changes: %v", required.Namespace+"/"+required.Name, JSONPatchNoError(existing, existingCopy)) } - actual, err := client.Roles(required.Namespace).Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.Roles(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } // ApplyRoleBinding merges objectmeta, requires subjects and role refs // TODO on non-matching roleref, delete and recreate -func ApplyRoleBinding(client rbacclientv1.RoleBindingsGetter, recorder events.Recorder, required *rbacv1.RoleBinding) (*rbacv1.RoleBinding, bool, error) { - existing, err := client.RoleBindings(required.Namespace).Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyRoleBinding(ctx context.Context, client rbacclientv1.RoleBindingsGetter, recorder events.Recorder, required *rbacv1.RoleBinding) (*rbacv1.RoleBinding, bool, error) { + existing, err := client.RoleBindings(required.Namespace).Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.RoleBindings(required.Namespace).Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.RoleBindings(required.Namespace).Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -185,7 +185,7 @@ func ApplyRoleBinding(client rbacclientv1.RoleBindingsGetter, recorder events.Re klog.Infof("RoleBinding %q changes: %v", requiredCopy.Namespace+"/"+requiredCopy.Name, JSONPatchNoError(existing, existingCopy)) } - actual, err := client.RoleBindings(requiredCopy.Namespace).Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.RoleBindings(requiredCopy.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, requiredCopy, err) return actual, true, err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go index ff728c2cd..1d3fc30c6 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go @@ -18,11 +18,11 @@ import ( ) // ApplyStorageClass merges objectmeta, tries to write everything else -func ApplyStorageClass(client storageclientv1.StorageClassesGetter, recorder events.Recorder, required *storagev1.StorageClass) (*storagev1.StorageClass, bool, +func ApplyStorageClass(ctx context.Context, client storageclientv1.StorageClassesGetter, recorder events.Recorder, required *storagev1.StorageClass) (*storagev1.StorageClass, bool, error) { - existing, err := client.StorageClasses().Get(context.TODO(), required.Name, metav1.GetOptions{}) + existing, err := client.StorageClasses().Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.StorageClasses().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.StorageClasses().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -52,16 +52,16 @@ func ApplyStorageClass(client storageclientv1.StorageClassesGetter, recorder eve } // TODO if provisioner, parameters, reclaimpolicy, or volumebindingmode are different, update will fail so delete and recreate - actual, err := client.StorageClasses().Update(context.TODO(), requiredCopy, metav1.UpdateOptions{}) + actual, err := client.StorageClasses().Update(ctx, requiredCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } // ApplyCSIDriverV1Beta1 merges objectmeta, does not worry about anything else -func ApplyCSIDriverV1Beta1(client storageclientv1beta1.CSIDriversGetter, recorder events.Recorder, required *storagev1beta1.CSIDriver) (*storagev1beta1.CSIDriver, bool, error) { - existing, err := client.CSIDrivers().Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyCSIDriverV1Beta1(ctx context.Context, client storageclientv1beta1.CSIDriversGetter, recorder events.Recorder, required *storagev1beta1.CSIDriver) (*storagev1beta1.CSIDriver, bool, error) { + existing, err := client.CSIDrivers().Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.CSIDrivers().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.CSIDrivers().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -81,16 +81,16 @@ func ApplyCSIDriverV1Beta1(client storageclientv1beta1.CSIDriversGetter, recorde klog.Infof("CSIDriver %q changes: %v", required.Name, JSONPatchNoError(existing, existingCopy)) } - actual, err := client.CSIDrivers().Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.CSIDrivers().Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } // ApplyCSIDriver merges objectmeta, does not worry about anything else -func ApplyCSIDriver(client storageclientv1.CSIDriversGetter, recorder events.Recorder, required *storagev1.CSIDriver) (*storagev1.CSIDriver, bool, error) { - existing, err := client.CSIDrivers().Get(context.TODO(), required.Name, metav1.GetOptions{}) +func ApplyCSIDriver(ctx context.Context, client storageclientv1.CSIDriversGetter, recorder events.Recorder, required *storagev1.CSIDriver) (*storagev1.CSIDriver, bool, error) { + existing, err := client.CSIDrivers().Get(ctx, required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - actual, err := client.CSIDrivers().Create(context.TODO(), required, metav1.CreateOptions{}) + actual, err := client.CSIDrivers().Create(ctx, required, metav1.CreateOptions{}) reportCreateEvent(recorder, required, err) return actual, true, err } @@ -111,7 +111,7 @@ func ApplyCSIDriver(client storageclientv1.CSIDriversGetter, recorder events.Rec } // TODO: Spec is read-only, so this will fail if user changes it. Should we simply ignore it? - actual, err := client.CSIDrivers().Update(context.TODO(), existingCopy, metav1.UpdateOptions{}) + actual, err := client.CSIDrivers().Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, required, err) return actual, true, err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/unstructured.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/unstructured.go index 9c095e495..9774a675f 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/unstructured.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/unstructured.go @@ -1,6 +1,7 @@ package resourceapply import ( + "context" "fmt" "github.com/openshift/library-go/pkg/operator/events" @@ -11,12 +12,14 @@ import ( // ApplyKnownUnstructured applies few selected Unstructured types, where it semantic knowledge // to merge existing & required objects intelligently. Feel free to add more. -func ApplyKnownUnstructured(client dynamic.Interface, recorder events.Recorder, obj *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { +func ApplyKnownUnstructured(ctx context.Context, client dynamic.Interface, recorder events.Recorder, obj *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { switch obj.GetObjectKind().GroupVersionKind().GroupKind() { case schema.GroupKind{Group: "monitoring.coreos.com", Kind: "ServiceMonitor"}: - return ApplyServiceMonitor(client, recorder, obj) + return ApplyServiceMonitor(ctx, client, recorder, obj) case schema.GroupKind{Group: "monitoring.coreos.com", Kind: "PrometheusRule"}: - return ApplyPrometheusRule(client, recorder, obj) + return ApplyPrometheusRule(ctx, client, recorder, obj) + case schema.GroupKind{Group: "snapshot.storage.k8s.io", Kind: "VolumeSnapshotClass"}: + return ApplyVolumeSnapshotClass(ctx, client, recorder, obj) } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/volumesnapshotclass.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/volumesnapshotclass.go new file mode 100644 index 000000000..d439d4ec0 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/volumesnapshotclass.go @@ -0,0 +1,116 @@ +package resourceapply + +import ( + "context" + + "k8s.io/klog/v2" + + "k8s.io/apimachinery/pkg/api/equality" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/dynamic" + + "github.com/openshift/library-go/pkg/operator/events" +) + +const ( + VolumeSnapshotClassGroup = "snapshot.storage.k8s.io" + VolumeSnapshotClassVersion = "v1" + VolumeSnapshotClassResource = "volumesnapshotclasses" +) + +var volumeSnapshotClassResourceGVR schema.GroupVersionResource = schema.GroupVersionResource{ + Group: VolumeSnapshotClassGroup, + Version: VolumeSnapshotClassVersion, + Resource: VolumeSnapshotClassResource, +} + +func ensureGenericVolumeSnapshotClass(required, existing *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { + var existingCopy *unstructured.Unstructured + + // Apply "parameters" + requiredParameters, _, err := unstructured.NestedMap(required.UnstructuredContent(), "parameters") + if err != nil { + return nil, false, err + } + existingParameters, _, err := unstructured.NestedMap(existing.UnstructuredContent(), "parameters") + if err != nil { + return nil, false, err + } + if !equality.Semantic.DeepEqual(existingParameters, requiredParameters) { + if existingCopy == nil { + existingCopy = existing.DeepCopy() + } + if err := unstructured.SetNestedMap(existingCopy.UnstructuredContent(), requiredParameters, "parameters"); err != nil { + return nil, true, err + } + } + + // Apply "driver" and "deletionPolicy" + for _, fieldName := range []string{"driver", "deletionPolicy"} { + requiredField, _, err := unstructured.NestedString(required.UnstructuredContent(), fieldName) + if err != nil { + return nil, false, err + } + existingField, _, err := unstructured.NestedString(existing.UnstructuredContent(), fieldName) + if err != nil { + return nil, false, err + } + if requiredField != existingField { + if existingCopy == nil { + existingCopy = existing.DeepCopy() + } + if err := unstructured.SetNestedField(existingCopy.UnstructuredContent(), requiredField, fieldName); err != nil { + return nil, true, err + } + } + } + + // If existingCopy is not nil, then the object has been modified + if existingCopy != nil { + return existingCopy, true, nil + } + + return existing, false, nil +} + +// ApplyVolumeSnapshotClass applies Volume Snapshot Class. +func ApplyVolumeSnapshotClass(ctx context.Context, client dynamic.Interface, recorder events.Recorder, required *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { + existing, err := client.Resource(volumeSnapshotClassResourceGVR).Get(ctx, required.GetName(), metav1.GetOptions{}) + if errors.IsNotFound(err) { + newObj, createErr := client.Resource(volumeSnapshotClassResourceGVR).Create(ctx, required, metav1.CreateOptions{}) + if createErr != nil { + recorder.Warningf("VolumeSnapshotClassCreateFailed", "Failed to create VolumeSnapshotClass.snapshot.storage.k8s.io/v1: %v", createErr) + return nil, true, createErr + } + recorder.Eventf("VolumeSnapshotClassCreated", "Created VolumeSnapshotClass.snapshot.storage.k8s.io/v1 because it was missing") + return newObj, true, nil + } + if err != nil { + return nil, false, err + } + + toUpdate, modified, err := ensureGenericVolumeSnapshotClass(required, existing) + if err != nil { + return nil, false, err + } + + if !modified { + return existing, false, nil + } + + if klog.V(4).Enabled() { + klog.Infof("VolumeSnapshotClass %q changes: %v", required.GetName(), JSONPatchNoError(existing, toUpdate)) + } + + newObj, err := client.Resource(volumeSnapshotClassResourceGVR).Update(ctx, toUpdate, metav1.UpdateOptions{}) + if err != nil { + recorder.Warningf("VolumeSnapshotClassFailed", "Failed to update VolumeSnapshotClass.snapshot.storage.k8s.io/v1: %v", err) + return nil, true, err + } + + recorder.Eventf("VolumeSnapshotClassUpdated", "Updated VolumeSnapshotClass.snapshot.storage.k8s.io/v1 because it changed") + return newObj, true, err +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go index 06e4743f4..754a5aabe 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go @@ -1,9 +1,12 @@ package resourcemerge import ( + "strings" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apimachinery/pkg/api/equality" + utilpointer "k8s.io/utils/pointer" ) // EnsureCustomResourceDefinitionV1Beta1 ensures that the existing matches the required. @@ -23,9 +26,43 @@ func EnsureCustomResourceDefinitionV1Beta1(modified *bool, existing *apiextensio func EnsureCustomResourceDefinitionV1(modified *bool, existing *apiextensionsv1.CustomResourceDefinition, required apiextensionsv1.CustomResourceDefinition) { EnsureObjectMeta(modified, &existing.ObjectMeta, required.ObjectMeta) + // we need to match defaults + mimicCRDV1Defaulting(&required) // we stomp everything if !equality.Semantic.DeepEqual(existing.Spec, required.Spec) { *modified = true existing.Spec = required.Spec } } + +func mimicCRDV1Defaulting(required *apiextensionsv1.CustomResourceDefinition) { + crd_SetDefaults_CustomResourceDefinitionSpec(&required.Spec) + + if required.Spec.Conversion != nil && + required.Spec.Conversion.Webhook != nil && + required.Spec.Conversion.Webhook.ClientConfig != nil && + required.Spec.Conversion.Webhook.ClientConfig.Service != nil { + crd_SetDefaults_ServiceReference(required.Spec.Conversion.Webhook.ClientConfig.Service) + } +} + +// lifted from https://github.com/kubernetes/kubernetes/blob/v1.21.0/staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/defaults.go#L42-L61 +func crd_SetDefaults_CustomResourceDefinitionSpec(obj *apiextensionsv1.CustomResourceDefinitionSpec) { + if len(obj.Names.Singular) == 0 { + obj.Names.Singular = strings.ToLower(obj.Names.Kind) + } + if len(obj.Names.ListKind) == 0 && len(obj.Names.Kind) > 0 { + obj.Names.ListKind = obj.Names.Kind + "List" + } + if obj.Conversion == nil { + obj.Conversion = &apiextensionsv1.CustomResourceConversion{ + Strategy: apiextensionsv1.NoneConverter, + } + } +} + +func crd_SetDefaults_ServiceReference(obj *apiextensionsv1.ServiceReference) { + if obj.Port == nil { + obj.Port = utilpointer.Int32Ptr(443) + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/migration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/migration.go new file mode 100644 index 000000000..71b6074c9 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/migration.go @@ -0,0 +1,26 @@ +package resourceread + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + migrationv1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1" +) + +var ( + migrationScheme = runtime.NewScheme() + migrationCodecs = serializer.NewCodecFactory(migrationScheme) +) + +func init() { + if err := migrationv1alpha1.AddToScheme(migrationScheme); err != nil { + panic(err) + } +} + +func ReadStorageVersionMigrationV1Alpha1OrDie(objBytes []byte) *migrationv1alpha1.StorageVersionMigration { + requiredObj, err := runtime.Decode(migrationCodecs.UniversalDecoder(migrationv1alpha1.SchemeGroupVersion), objBytes) + if err != nil { + panic(err) + } + return requiredObj.(*migrationv1alpha1.StorageVersionMigration) +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/policy.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/policy.go new file mode 100644 index 000000000..fe058fdc6 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/policy.go @@ -0,0 +1,25 @@ +package resourceread + +import ( + policyv1 "k8s.io/api/policy/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" +) + +var ( + policyScheme = runtime.NewScheme() + policyCodecs = serializer.NewCodecFactory(policyScheme) +) + +func init() { + utilruntime.Must(policyv1.AddToScheme(policyScheme)) +} + +func ReadPodDisruptionBudgetV1OrDie(objBytes []byte) *policyv1.PodDisruptionBudget { + requiredObj, err := runtime.Decode(policyCodecs.UniversalDecoder(policyv1.SchemeGroupVersion), objBytes) + if err != nil { + panic(err) + } + return requiredObj.(*policyv1.PodDisruptionBudget) +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go index 40a46f96d..1a332f7dc 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go @@ -3,6 +3,7 @@ package v1helpers import ( "errors" "fmt" + "os" "sort" "strings" "time" @@ -234,6 +235,40 @@ func UpdateStaticPodConditionFn(cond operatorv1.OperatorCondition) UpdateStaticP } } +// EnsureFinalizer adds a new finalizer to the operator CR, if it does not exists. No-op otherwise. +// The finalizer name is computed from the controller name and operator name ($OPERATOR_NAME or os.Args[0]) +// It re-tries on conflicts. +func EnsureFinalizer(client OperatorClientWithFinalizers, controllerName string) error { + finalizer := getFinalizerName(controllerName) + err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { + return client.EnsureFinalizer(finalizer) + }) + return err +} + +// RemoveFinalizer removes a finalizer from the operator CR, if it is there. No-op otherwise. +// The finalizer name is computed from the controller name and operator name ($OPERATOR_NAME or os.Args[0]) +// It re-tries on conflicts. +func RemoveFinalizer(client OperatorClientWithFinalizers, controllerName string) error { + finalizer := getFinalizerName(controllerName) + err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { + return client.RemoveFinalizer(finalizer) + }) + return err +} + +// getFinalizerName computes a nice finalizer name from controllerName and the operator name ($OPERATOR_NAME or os.Args[0]). +func getFinalizerName(controllerName string) string { + return fmt.Sprintf("%s.operator.openshift.io/%s", getOperatorName(), controllerName) +} + +func getOperatorName() string { + if name := os.Getenv("OPERATOR_NAME"); name != "" { + return name + } + return os.Args[0] +} + type aggregate []error var _ utilerrors.Aggregate = aggregate{} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/interfaces.go b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/interfaces.go index 2c89bf081..f5d60d9cf 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/interfaces.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/interfaces.go @@ -31,3 +31,11 @@ type StaticPodOperatorClient interface { // UpdateStaticPodOperatorSpec updates the spec, assuming the given resource version. UpdateStaticPodOperatorSpec(resourceVersion string, in *operatorv1.StaticPodOperatorSpec) (out *operatorv1.StaticPodOperatorSpec, newResourceVersion string, err error) } + +type OperatorClientWithFinalizers interface { + OperatorClient + // EnsureFinalizer adds a new finalizer to the operator CR, if it does not exists. No-op otherwise. + EnsureFinalizer(finalizer string) error + // RemoveFinalizer removes a finalizer from the operator CR, if it is there. No-op otherwise. + RemoveFinalizer(finalizer string) error +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/test_helpers.go b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/test_helpers.go index 612c5566c..4c3a604c7 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/test_helpers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/test_helpers.go @@ -189,10 +189,15 @@ func (n *fakeNodeLister) Get(name string) (*corev1.Node, error) { } // NewFakeOperatorClient returns a fake operator client suitable to use in static pod controller unit tests. -func NewFakeOperatorClient(spec *operatorv1.OperatorSpec, status *operatorv1.OperatorStatus, triggerErr func(rv string, status *operatorv1.OperatorStatus) error) OperatorClient { +func NewFakeOperatorClient(spec *operatorv1.OperatorSpec, status *operatorv1.OperatorStatus, triggerErr func(rv string, status *operatorv1.OperatorStatus) error) OperatorClientWithFinalizers { + return NewFakeOperatorClientWithObjectMeta(nil, spec, status, triggerErr) +} + +func NewFakeOperatorClientWithObjectMeta(meta *metav1.ObjectMeta, spec *operatorv1.OperatorSpec, status *operatorv1.OperatorStatus, triggerErr func(rv string, status *operatorv1.OperatorStatus) error) OperatorClientWithFinalizers { return &fakeOperatorClient{ fakeOperatorSpec: spec, fakeOperatorStatus: status, + fakeObjectMeta: meta, resourceVersion: "0", triggerStatusUpdateError: triggerErr, } @@ -201,6 +206,7 @@ func NewFakeOperatorClient(spec *operatorv1.OperatorSpec, status *operatorv1.Ope type fakeOperatorClient struct { fakeOperatorSpec *operatorv1.OperatorSpec fakeOperatorStatus *operatorv1.OperatorStatus + fakeObjectMeta *metav1.ObjectMeta resourceVersion string triggerStatusUpdateError func(rv string, status *operatorv1.OperatorStatus) error } @@ -210,7 +216,11 @@ func (c *fakeOperatorClient) Informer() cache.SharedIndexInformer { } func (c *fakeOperatorClient) GetObjectMeta() (*metav1.ObjectMeta, error) { - panic("not supported") + if c.fakeObjectMeta == nil { + return &metav1.ObjectMeta{}, nil + } + + return c.fakeObjectMeta, nil } func (c *fakeOperatorClient) GetOperatorState() (*operatorv1.OperatorSpec, *operatorv1.OperatorStatus, string, error) { @@ -247,3 +257,32 @@ func (c *fakeOperatorClient) UpdateOperatorSpec(resourceVersion string, spec *op c.fakeOperatorSpec = spec return c.fakeOperatorSpec, c.resourceVersion, nil } + +func (c *fakeOperatorClient) EnsureFinalizer(finalizer string) error { + if c.fakeObjectMeta == nil { + c.fakeObjectMeta = &metav1.ObjectMeta{} + } + for _, f := range c.fakeObjectMeta.Finalizers { + if f == finalizer { + return nil + } + } + c.fakeObjectMeta.Finalizers = append(c.fakeObjectMeta.Finalizers, finalizer) + return nil +} + +func (c *fakeOperatorClient) RemoveFinalizer(finalizer string) error { + newFinalizers := []string{} + for _, f := range c.fakeObjectMeta.Finalizers { + if f == finalizer { + continue + } + newFinalizers = append(newFinalizers, f) + } + c.fakeObjectMeta.Finalizers = newFinalizers + return nil +} + +func (c *fakeOperatorClient) SetObjectMeta(meta *metav1.ObjectMeta) { + c.fakeObjectMeta = meta +} diff --git a/vendor/k8s.io/api/core/v1/annotation_key_constants.go b/vendor/k8s.io/api/core/v1/annotation_key_constants.go index 612f6aa74..22476b2bd 100644 --- a/vendor/k8s.io/api/core/v1/annotation_key_constants.go +++ b/vendor/k8s.io/api/core/v1/annotation_key_constants.go @@ -148,7 +148,7 @@ const ( PodDeletionCost = "controller.kubernetes.io/pod-deletion-cost" // AnnotationTopologyAwareHints can be used to enable or disable Topology - // Aware Hints for a Service. This may be set to "auto" or "disabled". Any - // other value is treated as "disabled". + // Aware Hints for a Service. This may be set to "Auto" or "Disabled". Any + // other value is treated as "Disabled". AnnotationTopologyAwareHints = "service.kubernetes.io/topology-aware-hints" ) diff --git a/vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.go b/vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.go index f89ca163c..3e0cdb10d 100644 --- a/vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.go +++ b/vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.go @@ -166,7 +166,7 @@ func (m *Quantity) Unmarshal(data []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthGenerated } if (iNdEx + skippy) > l { diff --git a/vendor/modules.txt b/vendor/modules.txt index 5a25488c4..e77dd82ca 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -90,7 +90,7 @@ github.com/modern-go/concurrent github.com/modern-go/reflect2 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 github.com/munnerz/goautoneg -# github.com/openshift/api v0.0.0-20210423140644-156ca80f8d83 +# github.com/openshift/api v0.0.0-20210726144523-6fcabc0010ca github.com/openshift/api github.com/openshift/api/apiserver github.com/openshift/api/apiserver/v1 @@ -147,7 +147,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e +# github.com/openshift/build-machinery-go v0.0.0-20210712174854-1bb7fd1518d3 github.com/openshift/build-machinery-go github.com/openshift/build-machinery-go/make github.com/openshift/build-machinery-go/make/lib @@ -156,7 +156,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20210422153130-25c8450d1535 +# github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142 github.com/openshift/client-go/config/clientset/versioned github.com/openshift/client-go/config/clientset/versioned/scheme github.com/openshift/client-go/config/clientset/versioned/typed/config/v1 @@ -167,7 +167,7 @@ github.com/openshift/client-go/config/informers/externalversions/internalinterfa github.com/openshift/client-go/config/listers/config/v1 github.com/openshift/client-go/operator/clientset/versioned/scheme github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1 -# github.com/openshift/library-go v0.0.0-20210420183610-0e395da73318 +# github.com/openshift/library-go v0.0.0-20210728105326-4a78e9dddb00 github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer github.com/openshift/library-go/pkg/config/client github.com/openshift/library-go/pkg/config/clusteroperator/v1helpers @@ -180,7 +180,6 @@ github.com/openshift/library-go/pkg/controller/fileobserver github.com/openshift/library-go/pkg/controller/metrics github.com/openshift/library-go/pkg/crypto github.com/openshift/library-go/pkg/network -github.com/openshift/library-go/pkg/operator/condition github.com/openshift/library-go/pkg/operator/events github.com/openshift/library-go/pkg/operator/genericoperatorclient github.com/openshift/library-go/pkg/operator/loglevel @@ -377,7 +376,7 @@ gopkg.in/inf.v0 gopkg.in/natefinch/lumberjack.v2 # gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v2 -# k8s.io/api v0.21.0 +# k8s.io/api v0.21.1 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 k8s.io/api/admissionregistration/v1 @@ -424,7 +423,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.21.0 +# k8s.io/apiextensions-apiserver v0.21.1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1 @@ -432,7 +431,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1 -# k8s.io/apimachinery v0.21.0 +# k8s.io/apimachinery v0.21.1 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -486,7 +485,7 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.21.0 => github.com/openshift/kubernetes-apiserver v0.0.0-20210419140141-620426e63a99 +# k8s.io/apiserver v0.21.1 => github.com/openshift/kubernetes-apiserver v0.0.0-20210419140141-620426e63a99 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration k8s.io/apiserver/pkg/admission/initializer @@ -610,7 +609,7 @@ k8s.io/apiserver/plugin/pkg/audit/truncate k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/client-go v0.21.0 +# k8s.io/client-go v0.21.1 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1 k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1 @@ -828,7 +827,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.21.0 +# k8s.io/component-base v0.21.1 k8s.io/component-base/cli/flag k8s.io/component-base/featuregate k8s.io/component-base/logs @@ -844,7 +843,7 @@ k8s.io/component-base/version k8s.io/klog # k8s.io/klog/v2 v2.8.0 k8s.io/klog/v2 -# k8s.io/kube-aggregator v0.21.0 +# k8s.io/kube-aggregator v0.21.1 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1 @@ -869,6 +868,10 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client # sigs.k8s.io/kube-storage-version-migrator v0.0.5-0.20210421184352-acdee30ced21 => github.com/openshift/kube-storage-version-migrator v0.0.3-0.20210503105529-901a6d221d1c sigs.k8s.io/kube-storage-version-migrator/manifests +sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1 +sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset +sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme +sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1 # sigs.k8s.io/structured-merge-diff/v4 v4.1.0 sigs.k8s.io/structured-merge-diff/v4/fieldpath sigs.k8s.io/structured-merge-diff/v4/merge diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/doc.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/doc.go new file mode 100644 index 000000000..da6d19a24 --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package + +// +groupName=migration.k8s.io +package v1alpha1 diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/register.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/register.go new file mode 100644 index 000000000..f400f747e --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/register.go @@ -0,0 +1,54 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the group name use in this package +const GroupName = "migration.k8s.io" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &StorageVersionMigration{}, + &StorageVersionMigrationList{}, + &StorageState{}, + &StorageStateList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/types.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/types.go new file mode 100644 index 000000000..427350b1e --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/types.go @@ -0,0 +1,186 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient:nonNamespaced + +// StorageVersionMigration represents a migration of stored data to the latest +// storage version. +type StorageVersionMigration struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the migration. + // +optional + Spec StorageVersionMigrationSpec `json:"spec,omitempty"` + // Status of the migration. + // +optional + Status StorageVersionMigrationStatus `json:"status,omitempty"` +} + +// The names of the group, the version, and the resource. +type GroupVersionResource struct { + // The name of the group. + Group string `json:"group,omitempty"` + // The name of the version. + Version string `json:"version,omitempty"` + // The name of the resource. + Resource string `json:"resource,omitempty"` +} + +// Spec of the storage version migration. +type StorageVersionMigrationSpec struct { + // The resource that is being migrated. The migrator sends requests to + // the endpoint serving the resource. + // Immutable. + Resource GroupVersionResource `json:"resource"` + // The token used in the list options to get the next chunk of objects + // to migrate. When the .status.conditions indicates the migration is + // "Running", users can use this token to check the progress of the + // migration. + // +optional + ContinueToken string `json:"continueToken,omitempty"` + // TODO: consider recording the storage version hash when the migration + // is created. It can avoid races. +} + +type MigrationConditionType string + +const ( + // Indicates that the migration is running. + MigrationRunning MigrationConditionType = "Running" + // Indicates that the migration has completed successfully. + MigrationSucceeded MigrationConditionType = "Succeeded" + // Indicates that the migration has failed. + MigrationFailed MigrationConditionType = "Failed" +) + +// Describes the state of a migration at a certain point. +type MigrationCondition struct { + // Type of the condition. + Type MigrationConditionType `json:"type"` + // Status of the condition, one of True, False, Unknown. + Status corev1.ConditionStatus `json:"status"` + // The last time this condition was updated. + // +optional + LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"` + // The reason for the condition's last transition. + // +optional + Reason string `json:"reason,omitempty"` + // A human readable message indicating details about the transition. + // +optional + Message string `json:"message,omitempty"` +} + +// Status of the storage version migration. +type StorageVersionMigrationStatus struct { + // The latest available observations of the migration's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + Conditions []MigrationCondition `json:"conditions,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// StorageVersionMigrationList is a collection of storage version migrations. +type StorageVersionMigrationList struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + // Items is the list of StorageVersionMigration + Items []StorageVersionMigration `json:"items"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +genclient:nonNamespaced + +// The state of the storage of a specific resource. +type StorageState struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + // Specification of the storage state. + // +optional + Spec StorageStateSpec `json:"spec,omitempty"` + // Status of the storage state. + // +optional + Status StorageStateStatus `json:"status,omitempty"` +} + +// The names of the group and the resource. +type GroupResource struct { + // The name of the group. + Group string `json:"group,omitempty"` + // The name of the resource. + Resource string `json:"resource,omitempty"` +} + +// Specification of the storage state. +type StorageStateSpec struct { + // The resource this storageState is about. + Resource GroupResource `json:"resource,omitempty"` +} + +// Unknown is a valid value in persistedStorageVersionHashes. +const Unknown = "Unknown" + +// Status of the storage state. +type StorageStateStatus struct { + // The hash values of storage versions that persisted instances of + // spec.resource might still be encoded in. + // "Unknown" is a valid value in the list, and is the default value. + // It is not safe to upgrade or downgrade to an apiserver binary that does not + // support all versions listed in this field, or if "Unknown" is listed. + // Once the storage version migration for this resource has completed, the + // value of this field is refined to only contain the + // currentStorageVersionHash. + // Once the apiserver has changed the storage version, the new storage version + // is appended to the list. + // +optional + PersistedStorageVersionHashes []string `json:"persistedStorageVersionHashes,omitempty"` + // The hash value of the current storage version, as shown in the discovery + // document served by the API server. + // Storage Version is the version to which objects are converted to + // before persisted. + // +optional + CurrentStorageVersionHash string `json:"currentStorageVersionHash,omitempty"` + // LastHeartbeatTime is the last time the storage migration triggering + // controller checks the storage version hash of this resource in the + // discovery document and updates this field. + // +optional + LastHeartbeatTime metav1.Time `json:"lastHeartbeatTime,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// StorageStateList is a collection of storage state. +type StorageStateList struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + // Items is the list of StorageState + Items []StorageState `json:"items"` +} diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 000000000..5d6374d60 --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,275 @@ +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupResource) DeepCopyInto(out *GroupResource) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResource. +func (in *GroupResource) DeepCopy() *GroupResource { + if in == nil { + return nil + } + out := new(GroupResource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupVersionResource) DeepCopyInto(out *GroupVersionResource) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupVersionResource. +func (in *GroupVersionResource) DeepCopy() *GroupVersionResource { + if in == nil { + return nil + } + out := new(GroupVersionResource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MigrationCondition) DeepCopyInto(out *MigrationCondition) { + *out = *in + in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MigrationCondition. +func (in *MigrationCondition) DeepCopy() *MigrationCondition { + if in == nil { + return nil + } + out := new(MigrationCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageState) DeepCopyInto(out *StorageState) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageState. +func (in *StorageState) DeepCopy() *StorageState { + if in == nil { + return nil + } + out := new(StorageState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *StorageState) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageStateList) DeepCopyInto(out *StorageStateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]StorageState, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageStateList. +func (in *StorageStateList) DeepCopy() *StorageStateList { + if in == nil { + return nil + } + out := new(StorageStateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *StorageStateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageStateSpec) DeepCopyInto(out *StorageStateSpec) { + *out = *in + out.Resource = in.Resource + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageStateSpec. +func (in *StorageStateSpec) DeepCopy() *StorageStateSpec { + if in == nil { + return nil + } + out := new(StorageStateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageStateStatus) DeepCopyInto(out *StorageStateStatus) { + *out = *in + if in.PersistedStorageVersionHashes != nil { + in, out := &in.PersistedStorageVersionHashes, &out.PersistedStorageVersionHashes + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.LastHeartbeatTime.DeepCopyInto(&out.LastHeartbeatTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageStateStatus. +func (in *StorageStateStatus) DeepCopy() *StorageStateStatus { + if in == nil { + return nil + } + out := new(StorageStateStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageVersionMigration) DeepCopyInto(out *StorageVersionMigration) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersionMigration. +func (in *StorageVersionMigration) DeepCopy() *StorageVersionMigration { + if in == nil { + return nil + } + out := new(StorageVersionMigration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *StorageVersionMigration) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageVersionMigrationList) DeepCopyInto(out *StorageVersionMigrationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]StorageVersionMigration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersionMigrationList. +func (in *StorageVersionMigrationList) DeepCopy() *StorageVersionMigrationList { + if in == nil { + return nil + } + out := new(StorageVersionMigrationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *StorageVersionMigrationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageVersionMigrationSpec) DeepCopyInto(out *StorageVersionMigrationSpec) { + *out = *in + out.Resource = in.Resource + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersionMigrationSpec. +func (in *StorageVersionMigrationSpec) DeepCopy() *StorageVersionMigrationSpec { + if in == nil { + return nil + } + out := new(StorageVersionMigrationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StorageVersionMigrationStatus) DeepCopyInto(out *StorageVersionMigrationStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]MigrationCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageVersionMigrationStatus. +func (in *StorageVersionMigrationStatus) DeepCopy() *StorageVersionMigrationStatus { + if in == nil { + return nil + } + out := new(StorageVersionMigrationStatus) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/clientset.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/clientset.go new file mode 100644 index 000000000..d8f4f36dd --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/clientset.go @@ -0,0 +1,97 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package clientset + +import ( + "fmt" + + discovery "k8s.io/client-go/discovery" + rest "k8s.io/client-go/rest" + flowcontrol "k8s.io/client-go/util/flowcontrol" + migrationv1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1" +) + +type Interface interface { + Discovery() discovery.DiscoveryInterface + MigrationV1alpha1() migrationv1alpha1.MigrationV1alpha1Interface +} + +// Clientset contains the clients for groups. Each group has exactly one +// version included in a Clientset. +type Clientset struct { + *discovery.DiscoveryClient + migrationV1alpha1 *migrationv1alpha1.MigrationV1alpha1Client +} + +// MigrationV1alpha1 retrieves the MigrationV1alpha1Client +func (c *Clientset) MigrationV1alpha1() migrationv1alpha1.MigrationV1alpha1Interface { + return c.migrationV1alpha1 +} + +// Discovery retrieves the DiscoveryClient +func (c *Clientset) Discovery() discovery.DiscoveryInterface { + if c == nil { + return nil + } + return c.DiscoveryClient +} + +// NewForConfig creates a new Clientset for the given config. +// If config's RateLimiter is not set and QPS and Burst are acceptable, +// NewForConfig will generate a rate-limiter in configShallowCopy. +func NewForConfig(c *rest.Config) (*Clientset, error) { + configShallowCopy := *c + if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { + if configShallowCopy.Burst <= 0 { + return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") + } + configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) + } + var cs Clientset + var err error + cs.migrationV1alpha1, err = migrationv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } + + cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) + if err != nil { + return nil, err + } + return &cs, nil +} + +// NewForConfigOrDie creates a new Clientset for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *Clientset { + var cs Clientset + cs.migrationV1alpha1 = migrationv1alpha1.NewForConfigOrDie(c) + + cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) + return &cs +} + +// New creates a new Clientset for the given RESTClient. +func New(c rest.Interface) *Clientset { + var cs Clientset + cs.migrationV1alpha1 = migrationv1alpha1.New(c) + + cs.DiscoveryClient = discovery.NewDiscoveryClient(c) + return &cs +} diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/doc.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/doc.go new file mode 100644 index 000000000..ee865e56d --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/doc.go @@ -0,0 +1,20 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated clientset. +package clientset diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme/doc.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme/doc.go new file mode 100644 index 000000000..7dc375616 --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme/doc.go @@ -0,0 +1,20 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package contains the scheme of the automatically generated clientset. +package scheme diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme/register.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme/register.go new file mode 100644 index 000000000..93f2b6e2e --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme/register.go @@ -0,0 +1,56 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package scheme + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + serializer "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + migrationv1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1" +) + +var Scheme = runtime.NewScheme() +var Codecs = serializer.NewCodecFactory(Scheme) +var ParameterCodec = runtime.NewParameterCodec(Scheme) +var localSchemeBuilder = runtime.SchemeBuilder{ + migrationv1alpha1.AddToScheme, +} + +// AddToScheme adds all types of this clientset into the given scheme. This allows composition +// of clientsets, like in: +// +// import ( +// "k8s.io/client-go/kubernetes" +// clientsetscheme "k8s.io/client-go/kubernetes/scheme" +// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" +// ) +// +// kclientset, _ := kubernetes.NewForConfig(c) +// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) +// +// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types +// correctly. +var AddToScheme = localSchemeBuilder.AddToScheme + +func init() { + v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) + utilruntime.Must(AddToScheme(Scheme)) +} diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/doc.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/doc.go new file mode 100644 index 000000000..df51baa4d --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/generated_expansion.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/generated_expansion.go new file mode 100644 index 000000000..3ce4f5753 --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/generated_expansion.go @@ -0,0 +1,23 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type StorageStateExpansion interface{} + +type StorageVersionMigrationExpansion interface{} diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/migration_client.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/migration_client.go new file mode 100644 index 000000000..097a331f0 --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/migration_client.go @@ -0,0 +1,94 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + rest "k8s.io/client-go/rest" + v1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1" + "sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme" +) + +type MigrationV1alpha1Interface interface { + RESTClient() rest.Interface + StorageStatesGetter + StorageVersionMigrationsGetter +} + +// MigrationV1alpha1Client is used to interact with features provided by the migration.k8s.io group. +type MigrationV1alpha1Client struct { + restClient rest.Interface +} + +func (c *MigrationV1alpha1Client) StorageStates() StorageStateInterface { + return newStorageStates(c) +} + +func (c *MigrationV1alpha1Client) StorageVersionMigrations() StorageVersionMigrationInterface { + return newStorageVersionMigrations(c) +} + +// NewForConfig creates a new MigrationV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*MigrationV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &MigrationV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new MigrationV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *MigrationV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new MigrationV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *MigrationV1alpha1Client { + return &MigrationV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *MigrationV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/storagestate.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/storagestate.go new file mode 100644 index 000000000..8345b3619 --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/storagestate.go @@ -0,0 +1,184 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1" + scheme "sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme" +) + +// StorageStatesGetter has a method to return a StorageStateInterface. +// A group's client should implement this interface. +type StorageStatesGetter interface { + StorageStates() StorageStateInterface +} + +// StorageStateInterface has methods to work with StorageState resources. +type StorageStateInterface interface { + Create(ctx context.Context, storageState *v1alpha1.StorageState, opts v1.CreateOptions) (*v1alpha1.StorageState, error) + Update(ctx context.Context, storageState *v1alpha1.StorageState, opts v1.UpdateOptions) (*v1alpha1.StorageState, error) + UpdateStatus(ctx context.Context, storageState *v1alpha1.StorageState, opts v1.UpdateOptions) (*v1alpha1.StorageState, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.StorageState, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.StorageStateList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.StorageState, err error) + StorageStateExpansion +} + +// storageStates implements StorageStateInterface +type storageStates struct { + client rest.Interface +} + +// newStorageStates returns a StorageStates +func newStorageStates(c *MigrationV1alpha1Client) *storageStates { + return &storageStates{ + client: c.RESTClient(), + } +} + +// Get takes name of the storageState, and returns the corresponding storageState object, and an error if there is any. +func (c *storageStates) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.StorageState, err error) { + result = &v1alpha1.StorageState{} + err = c.client.Get(). + Resource("storagestates"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of StorageStates that match those selectors. +func (c *storageStates) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.StorageStateList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.StorageStateList{} + err = c.client.Get(). + Resource("storagestates"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested storageStates. +func (c *storageStates) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("storagestates"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a storageState and creates it. Returns the server's representation of the storageState, and an error, if there is any. +func (c *storageStates) Create(ctx context.Context, storageState *v1alpha1.StorageState, opts v1.CreateOptions) (result *v1alpha1.StorageState, err error) { + result = &v1alpha1.StorageState{} + err = c.client.Post(). + Resource("storagestates"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(storageState). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a storageState and updates it. Returns the server's representation of the storageState, and an error, if there is any. +func (c *storageStates) Update(ctx context.Context, storageState *v1alpha1.StorageState, opts v1.UpdateOptions) (result *v1alpha1.StorageState, err error) { + result = &v1alpha1.StorageState{} + err = c.client.Put(). + Resource("storagestates"). + Name(storageState.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(storageState). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *storageStates) UpdateStatus(ctx context.Context, storageState *v1alpha1.StorageState, opts v1.UpdateOptions) (result *v1alpha1.StorageState, err error) { + result = &v1alpha1.StorageState{} + err = c.client.Put(). + Resource("storagestates"). + Name(storageState.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(storageState). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the storageState and deletes it. Returns an error if one occurs. +func (c *storageStates) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("storagestates"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *storageStates) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("storagestates"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched storageState. +func (c *storageStates) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.StorageState, err error) { + result = &v1alpha1.StorageState{} + err = c.client.Patch(pt). + Resource("storagestates"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/storageversionmigration.go b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/storageversionmigration.go new file mode 100644 index 000000000..34fa3a987 --- /dev/null +++ b/vendor/sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/typed/migration/v1alpha1/storageversionmigration.go @@ -0,0 +1,184 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" + v1alpha1 "sigs.k8s.io/kube-storage-version-migrator/pkg/apis/migration/v1alpha1" + scheme "sigs.k8s.io/kube-storage-version-migrator/pkg/clients/clientset/scheme" +) + +// StorageVersionMigrationsGetter has a method to return a StorageVersionMigrationInterface. +// A group's client should implement this interface. +type StorageVersionMigrationsGetter interface { + StorageVersionMigrations() StorageVersionMigrationInterface +} + +// StorageVersionMigrationInterface has methods to work with StorageVersionMigration resources. +type StorageVersionMigrationInterface interface { + Create(ctx context.Context, storageVersionMigration *v1alpha1.StorageVersionMigration, opts v1.CreateOptions) (*v1alpha1.StorageVersionMigration, error) + Update(ctx context.Context, storageVersionMigration *v1alpha1.StorageVersionMigration, opts v1.UpdateOptions) (*v1alpha1.StorageVersionMigration, error) + UpdateStatus(ctx context.Context, storageVersionMigration *v1alpha1.StorageVersionMigration, opts v1.UpdateOptions) (*v1alpha1.StorageVersionMigration, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.StorageVersionMigration, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.StorageVersionMigrationList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.StorageVersionMigration, err error) + StorageVersionMigrationExpansion +} + +// storageVersionMigrations implements StorageVersionMigrationInterface +type storageVersionMigrations struct { + client rest.Interface +} + +// newStorageVersionMigrations returns a StorageVersionMigrations +func newStorageVersionMigrations(c *MigrationV1alpha1Client) *storageVersionMigrations { + return &storageVersionMigrations{ + client: c.RESTClient(), + } +} + +// Get takes name of the storageVersionMigration, and returns the corresponding storageVersionMigration object, and an error if there is any. +func (c *storageVersionMigrations) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.StorageVersionMigration, err error) { + result = &v1alpha1.StorageVersionMigration{} + err = c.client.Get(). + Resource("storageversionmigrations"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of StorageVersionMigrations that match those selectors. +func (c *storageVersionMigrations) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.StorageVersionMigrationList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.StorageVersionMigrationList{} + err = c.client.Get(). + Resource("storageversionmigrations"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested storageVersionMigrations. +func (c *storageVersionMigrations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("storageversionmigrations"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a storageVersionMigration and creates it. Returns the server's representation of the storageVersionMigration, and an error, if there is any. +func (c *storageVersionMigrations) Create(ctx context.Context, storageVersionMigration *v1alpha1.StorageVersionMigration, opts v1.CreateOptions) (result *v1alpha1.StorageVersionMigration, err error) { + result = &v1alpha1.StorageVersionMigration{} + err = c.client.Post(). + Resource("storageversionmigrations"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(storageVersionMigration). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a storageVersionMigration and updates it. Returns the server's representation of the storageVersionMigration, and an error, if there is any. +func (c *storageVersionMigrations) Update(ctx context.Context, storageVersionMigration *v1alpha1.StorageVersionMigration, opts v1.UpdateOptions) (result *v1alpha1.StorageVersionMigration, err error) { + result = &v1alpha1.StorageVersionMigration{} + err = c.client.Put(). + Resource("storageversionmigrations"). + Name(storageVersionMigration.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(storageVersionMigration). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *storageVersionMigrations) UpdateStatus(ctx context.Context, storageVersionMigration *v1alpha1.StorageVersionMigration, opts v1.UpdateOptions) (result *v1alpha1.StorageVersionMigration, err error) { + result = &v1alpha1.StorageVersionMigration{} + err = c.client.Put(). + Resource("storageversionmigrations"). + Name(storageVersionMigration.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(storageVersionMigration). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the storageVersionMigration and deletes it. Returns an error if one occurs. +func (c *storageVersionMigrations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("storageversionmigrations"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *storageVersionMigrations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("storageversionmigrations"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched storageVersionMigration. +func (c *storageVersionMigrations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.StorageVersionMigration, err error) { + result = &v1alpha1.StorageVersionMigration{} + err = c.client.Patch(pt). + Resource("storageversionmigrations"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} From f2f8ec43c015929af5b2c4520c64ab01e984cac6 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Wed, 28 Jul 2021 16:10:59 +0200 Subject: [PATCH 2/3] bump klog to v2 --- go.mod | 2 +- pkg/operator/targetcontroller/controller.go | 2 +- vendor/k8s.io/klog/.travis.yml | 16 - vendor/k8s.io/klog/CONTRIBUTING.md | 22 - vendor/k8s.io/klog/LICENSE | 191 --- vendor/k8s.io/klog/OWNERS | 19 - vendor/k8s.io/klog/README.md | 97 -- vendor/k8s.io/klog/RELEASE.md | 9 - vendor/k8s.io/klog/SECURITY_CONTACTS | 20 - vendor/k8s.io/klog/code-of-conduct.md | 3 - vendor/k8s.io/klog/go.mod | 5 - vendor/k8s.io/klog/go.sum | 2 - vendor/k8s.io/klog/klog.go | 1308 ------------------- vendor/k8s.io/klog/klog_file.go | 139 -- vendor/modules.txt | 2 - 15 files changed, 2 insertions(+), 1835 deletions(-) delete mode 100644 vendor/k8s.io/klog/.travis.yml delete mode 100644 vendor/k8s.io/klog/CONTRIBUTING.md delete mode 100644 vendor/k8s.io/klog/LICENSE delete mode 100644 vendor/k8s.io/klog/OWNERS delete mode 100644 vendor/k8s.io/klog/README.md delete mode 100644 vendor/k8s.io/klog/RELEASE.md delete mode 100644 vendor/k8s.io/klog/SECURITY_CONTACTS delete mode 100644 vendor/k8s.io/klog/code-of-conduct.md delete mode 100644 vendor/k8s.io/klog/go.mod delete mode 100644 vendor/k8s.io/klog/go.sum delete mode 100644 vendor/k8s.io/klog/klog.go delete mode 100644 vendor/k8s.io/klog/klog_file.go diff --git a/go.mod b/go.mod index ca6e7be06..01e158d6c 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( k8s.io/apimachinery v0.21.1 k8s.io/client-go v0.21.1 k8s.io/component-base v0.21.1 - k8s.io/klog v1.0.0 + k8s.io/klog/v2 v2.8.0 sigs.k8s.io/kube-storage-version-migrator v0.0.5-0.20210421184352-acdee30ced21 ) diff --git a/pkg/operator/targetcontroller/controller.go b/pkg/operator/targetcontroller/controller.go index 4aeedd3ab..ad5af0f3a 100644 --- a/pkg/operator/targetcontroller/controller.go +++ b/pkg/operator/targetcontroller/controller.go @@ -14,7 +14,7 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" "k8s.io/client-go/util/workqueue" - "k8s.io/klog" + "k8s.io/klog/v2" operatorv1 "github.com/openshift/api/operator/v1" operatorv1client "github.com/openshift/client-go/operator/clientset/versioned/typed/operator/v1" diff --git a/vendor/k8s.io/klog/.travis.yml b/vendor/k8s.io/klog/.travis.yml deleted file mode 100644 index 5677664c2..000000000 --- a/vendor/k8s.io/klog/.travis.yml +++ /dev/null @@ -1,16 +0,0 @@ -language: go -go_import_path: k8s.io/klog -dist: xenial -go: - - 1.9.x - - 1.10.x - - 1.11.x - - 1.12.x -script: - - go get -t -v ./... - - diff -u <(echo -n) <(gofmt -d .) - - diff -u <(echo -n) <(golint $(go list -e ./...)) - - go tool vet . || go vet . - - go test -v -race ./... -install: - - go get golang.org/x/lint/golint diff --git a/vendor/k8s.io/klog/CONTRIBUTING.md b/vendor/k8s.io/klog/CONTRIBUTING.md deleted file mode 100644 index 574a56abb..000000000 --- a/vendor/k8s.io/klog/CONTRIBUTING.md +++ /dev/null @@ -1,22 +0,0 @@ -# Contributing Guidelines - -Welcome to Kubernetes. We are excited about the prospect of you joining our [community](https://github.com/kubernetes/community)! The Kubernetes community abides by the CNCF [code of conduct](code-of-conduct.md). Here is an excerpt: - -_As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities._ - -## Getting Started - -We have full documentation on how to get started contributing here: - -- [Contributor License Agreement](https://git.k8s.io/community/CLA.md) Kubernetes projects require that you sign a Contributor License Agreement (CLA) before we can accept your pull requests -- [Kubernetes Contributor Guide](http://git.k8s.io/community/contributors/guide) - Main contributor documentation, or you can just jump directly to the [contributing section](http://git.k8s.io/community/contributors/guide#contributing) -- [Contributor Cheat Sheet](https://git.k8s.io/community/contributors/guide/contributor-cheatsheet.md) - Common resources for existing developers - -## Mentorship - -- [Mentoring Initiatives](https://git.k8s.io/community/mentoring) - We have a diverse set of mentorship programs available that are always looking for volunteers! - -## Contact Information - -- [Slack](https://kubernetes.slack.com/messages/sig-architecture) -- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-architecture) diff --git a/vendor/k8s.io/klog/LICENSE b/vendor/k8s.io/klog/LICENSE deleted file mode 100644 index 37ec93a14..000000000 --- a/vendor/k8s.io/klog/LICENSE +++ /dev/null @@ -1,191 +0,0 @@ -Apache License -Version 2.0, January 2004 -http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - -"License" shall mean the terms and conditions for use, reproduction, and -distribution as defined by Sections 1 through 9 of this document. - -"Licensor" shall mean the copyright owner or entity authorized by the copyright -owner that is granting the License. - -"Legal Entity" shall mean the union of the acting entity and all other entities -that control, are controlled by, or are under common control with that entity. -For the purposes of this definition, "control" means (i) the power, direct or -indirect, to cause the direction or management of such entity, whether by -contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the -outstanding shares, or (iii) beneficial ownership of such entity. - -"You" (or "Your") shall mean an individual or Legal Entity exercising -permissions granted by this License. - -"Source" form shall mean the preferred form for making modifications, including -but not limited to software source code, documentation source, and configuration -files. - -"Object" form shall mean any form resulting from mechanical transformation or -translation of a Source form, including but not limited to compiled object code, -generated documentation, and conversions to other media types. - -"Work" shall mean the work of authorship, whether in Source or Object form, made -available under the License, as indicated by a copyright notice that is included -in or attached to the work (an example is provided in the Appendix below). - -"Derivative Works" shall mean any work, whether in Source or Object form, that -is based on (or derived from) the Work and for which the editorial revisions, -annotations, elaborations, or other modifications represent, as a whole, an -original work of authorship. For the purposes of this License, Derivative Works -shall not include works that remain separable from, or merely link (or bind by -name) to the interfaces of, the Work and Derivative Works thereof. - -"Contribution" shall mean any work of authorship, including the original version -of the Work and any modifications or additions to that Work or Derivative Works -thereof, that is intentionally submitted to Licensor for inclusion in the Work -by the copyright owner or by an individual or Legal Entity authorized to submit -on behalf of the copyright owner. For the purposes of this definition, -"submitted" means any form of electronic, verbal, or written communication sent -to the Licensor or its representatives, including but not limited to -communication on electronic mailing lists, source code control systems, and -issue tracking systems that are managed by, or on behalf of, the Licensor for -the purpose of discussing and improving the Work, but excluding communication -that is conspicuously marked or otherwise designated in writing by the copyright -owner as "Not a Contribution." - -"Contributor" shall mean Licensor and any individual or Legal Entity on behalf -of whom a Contribution has been received by Licensor and subsequently -incorporated within the Work. - -2. Grant of Copyright License. - -Subject to the terms and conditions of this License, each Contributor hereby -grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, -irrevocable copyright license to reproduce, prepare Derivative Works of, -publicly display, publicly perform, sublicense, and distribute the Work and such -Derivative Works in Source or Object form. - -3. Grant of Patent License. - -Subject to the terms and conditions of this License, each Contributor hereby -grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, -irrevocable (except as stated in this section) patent license to make, have -made, use, offer to sell, sell, import, and otherwise transfer the Work, where -such license applies only to those patent claims licensable by such Contributor -that are necessarily infringed by their Contribution(s) alone or by combination -of their Contribution(s) with the Work to which such Contribution(s) was -submitted. If You institute patent litigation against any entity (including a -cross-claim or counterclaim in a lawsuit) alleging that the Work or a -Contribution incorporated within the Work constitutes direct or contributory -patent infringement, then any patent licenses granted to You under this License -for that Work shall terminate as of the date such litigation is filed. - -4. Redistribution. - -You may reproduce and distribute copies of the Work or Derivative Works thereof -in any medium, with or without modifications, and in Source or Object form, -provided that You meet the following conditions: - -You must give any other recipients of the Work or Derivative Works a copy of -this License; and -You must cause any modified files to carry prominent notices stating that You -changed the files; and -You must retain, in the Source form of any Derivative Works that You distribute, -all copyright, patent, trademark, and attribution notices from the Source form -of the Work, excluding those notices that do not pertain to any part of the -Derivative Works; and -If the Work includes a "NOTICE" text file as part of its distribution, then any -Derivative Works that You distribute must include a readable copy of the -attribution notices contained within such NOTICE file, excluding those notices -that do not pertain to any part of the Derivative Works, in at least one of the -following places: within a NOTICE text file distributed as part of the -Derivative Works; within the Source form or documentation, if provided along -with the Derivative Works; or, within a display generated by the Derivative -Works, if and wherever such third-party notices normally appear. The contents of -the NOTICE file are for informational purposes only and do not modify the -License. You may add Your own attribution notices within Derivative Works that -You distribute, alongside or as an addendum to the NOTICE text from the Work, -provided that such additional attribution notices cannot be construed as -modifying the License. -You may add Your own copyright statement to Your modifications and may provide -additional or different license terms and conditions for use, reproduction, or -distribution of Your modifications, or for any such Derivative Works as a whole, -provided Your use, reproduction, and distribution of the Work otherwise complies -with the conditions stated in this License. - -5. Submission of Contributions. - -Unless You explicitly state otherwise, any Contribution intentionally submitted -for inclusion in the Work by You to the Licensor shall be under the terms and -conditions of this License, without any additional terms or conditions. -Notwithstanding the above, nothing herein shall supersede or modify the terms of -any separate license agreement you may have executed with Licensor regarding -such Contributions. - -6. Trademarks. - -This License does not grant permission to use the trade names, trademarks, -service marks, or product names of the Licensor, except as required for -reasonable and customary use in describing the origin of the Work and -reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. - -Unless required by applicable law or agreed to in writing, Licensor provides the -Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, -including, without limitation, any warranties or conditions of TITLE, -NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are -solely responsible for determining the appropriateness of using or -redistributing the Work and assume any risks associated with Your exercise of -permissions under this License. - -8. Limitation of Liability. - -In no event and under no legal theory, whether in tort (including negligence), -contract, or otherwise, unless required by applicable law (such as deliberate -and grossly negligent acts) or agreed to in writing, shall any Contributor be -liable to You for damages, including any direct, indirect, special, incidental, -or consequential damages of any character arising as a result of this License or -out of the use or inability to use the Work (including but not limited to -damages for loss of goodwill, work stoppage, computer failure or malfunction, or -any and all other commercial damages or losses), even if such Contributor has -been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. - -While redistributing the Work or Derivative Works thereof, You may choose to -offer, and charge a fee for, acceptance of support, warranty, indemnity, or -other liability obligations and/or rights consistent with this License. However, -in accepting such obligations, You may act only on Your own behalf and on Your -sole responsibility, not on behalf of any other Contributor, and only if You -agree to indemnify, defend, and hold each Contributor harmless for any liability -incurred by, or claims asserted against, such Contributor by reason of your -accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work - -To apply the Apache License to your work, attach the following boilerplate -notice, with the fields enclosed by brackets "[]" replaced with your own -identifying information. (Don't include the brackets!) The text should be -enclosed in the appropriate comment syntax for the file format. We also -recommend that a file or class name and description of purpose be included on -the same "printed page" as the copyright notice for easier identification within -third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/k8s.io/klog/OWNERS b/vendor/k8s.io/klog/OWNERS deleted file mode 100644 index 380e514f2..000000000 --- a/vendor/k8s.io/klog/OWNERS +++ /dev/null @@ -1,19 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners -reviewers: - - jayunit100 - - hoegaarden - - andyxning - - neolit123 - - pohly - - yagonobre - - vincepri - - detiber -approvers: - - dims - - thockin - - justinsb - - tallclair - - piosz - - brancz - - DirectXMan12 - - lavalamp diff --git a/vendor/k8s.io/klog/README.md b/vendor/k8s.io/klog/README.md deleted file mode 100644 index 841468b4b..000000000 --- a/vendor/k8s.io/klog/README.md +++ /dev/null @@ -1,97 +0,0 @@ -klog -==== - -klog is a permanent fork of https://github.com/golang/glog. - -## Why was klog created? - -The decision to create klog was one that wasn't made lightly, but it was necessary due to some -drawbacks that are present in [glog](https://github.com/golang/glog). Ultimately, the fork was created due to glog not being under active development; this can be seen in the glog README: - -> The code in this repo [...] is not itself under development - -This makes us unable to solve many use cases without a fork. The factors that contributed to needing feature development are listed below: - - * `glog` [presents a lot "gotchas"](https://github.com/kubernetes/kubernetes/issues/61006) and introduces challenges in containerized environments, all of which aren't well documented. - * `glog` doesn't provide an easy way to test logs, which detracts from the stability of software using it - * A long term goal is to implement a logging interface that allows us to add context, change output format, etc. - -Historical context is available here: - - * https://github.com/kubernetes/kubernetes/issues/61006 - * https://github.com/kubernetes/kubernetes/issues/70264 - * https://groups.google.com/forum/#!msg/kubernetes-sig-architecture/wCWiWf3Juzs/hXRVBH90CgAJ - * https://groups.google.com/forum/#!msg/kubernetes-dev/7vnijOMhLS0/1oRiNtigBgAJ - ----- - -How to use klog -=============== -- Replace imports for `github.com/golang/glog` with `k8s.io/klog` -- Use `klog.InitFlags(nil)` explicitly for initializing global flags as we no longer use `init()` method to register the flags -- You can now use `log-file` instead of `log-dir` for logging to a single file (See `examples/log_file/usage_log_file.go`) -- If you want to redirect everything logged using klog somewhere else (say syslog!), you can use `klog.SetOutput()` method and supply a `io.Writer`. (See `examples/set_output/usage_set_output.go`) -- For more logging conventions (See [Logging Conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md)) - -### Coexisting with glog -This package can be used side by side with glog. [This example](examples/coexist_glog/coexist_glog.go) shows how to initialize and syncronize flags from the global `flag.CommandLine` FlagSet. In addition, the example makes use of stderr as combined output by setting `alsologtostderr` (or `logtostderr`) to `true`. - -## Community, discussion, contribution, and support - -Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/). - -You can reach the maintainers of this project at: - -- [Slack](https://kubernetes.slack.com/messages/sig-architecture) -- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-architecture) - -### Code of conduct - -Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md). - ----- - -glog -==== - -Leveled execution logs for Go. - -This is an efficient pure Go implementation of leveled logs in the -manner of the open source C++ package - https://github.com/google/glog - -By binding methods to booleans it is possible to use the log package -without paying the expense of evaluating the arguments to the log. -Through the -vmodule flag, the package also provides fine-grained -control over logging at the file level. - -The comment from glog.go introduces the ideas: - - Package glog implements logging analogous to the Google-internal - C++ INFO/ERROR/V setup. It provides functions Info, Warning, - Error, Fatal, plus formatting variants such as Infof. It - also provides V-style logging controlled by the -v and - -vmodule=file=2 flags. - - Basic examples: - - glog.Info("Prepare to repel boarders") - - glog.Fatalf("Initialization failed: %s", err) - - See the documentation for the V function for an explanation - of these examples: - - if glog.V(2) { - glog.Info("Starting transaction...") - } - - glog.V(2).Infoln("Processed", nItems, "elements") - - -The repository contains an open source version of the log package -used inside Google. The master copy of the source lives inside -Google, not here. The code in this repo is for export only and is not itself -under development. Feature requests will be ignored. - -Send bug reports to golang-nuts@googlegroups.com. diff --git a/vendor/k8s.io/klog/RELEASE.md b/vendor/k8s.io/klog/RELEASE.md deleted file mode 100644 index b53eb960c..000000000 --- a/vendor/k8s.io/klog/RELEASE.md +++ /dev/null @@ -1,9 +0,0 @@ -# Release Process - -The `klog` is released on an as-needed basis. The process is as follows: - -1. An issue is proposing a new release with a changelog since the last release -1. All [OWNERS](OWNERS) must LGTM this release -1. An OWNER runs `git tag -s $VERSION` and inserts the changelog and pushes the tag with `git push $VERSION` -1. The release issue is closed -1. An announcement email is sent to `kubernetes-dev@googlegroups.com` with the subject `[ANNOUNCE] kubernetes-template-project $VERSION is released` diff --git a/vendor/k8s.io/klog/SECURITY_CONTACTS b/vendor/k8s.io/klog/SECURITY_CONTACTS deleted file mode 100644 index 6128a5869..000000000 --- a/vendor/k8s.io/klog/SECURITY_CONTACTS +++ /dev/null @@ -1,20 +0,0 @@ -# Defined below are the security contacts for this repo. -# -# They are the contact point for the Product Security Committee to reach out -# to for triaging and handling of incoming issues. -# -# The below names agree to abide by the -# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) -# and will be removed and replaced if they violate that agreement. -# -# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE -# INSTRUCTIONS AT https://kubernetes.io/security/ - -dims -thockin -justinsb -tallclair -piosz -brancz -DirectXMan12 -lavalamp diff --git a/vendor/k8s.io/klog/code-of-conduct.md b/vendor/k8s.io/klog/code-of-conduct.md deleted file mode 100644 index 0d15c00cf..000000000 --- a/vendor/k8s.io/klog/code-of-conduct.md +++ /dev/null @@ -1,3 +0,0 @@ -# Kubernetes Community Code of Conduct - -Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) diff --git a/vendor/k8s.io/klog/go.mod b/vendor/k8s.io/klog/go.mod deleted file mode 100644 index 3877d8546..000000000 --- a/vendor/k8s.io/klog/go.mod +++ /dev/null @@ -1,5 +0,0 @@ -module k8s.io/klog - -go 1.12 - -require github.com/go-logr/logr v0.1.0 diff --git a/vendor/k8s.io/klog/go.sum b/vendor/k8s.io/klog/go.sum deleted file mode 100644 index fb64d277a..000000000 --- a/vendor/k8s.io/klog/go.sum +++ /dev/null @@ -1,2 +0,0 @@ -github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= diff --git a/vendor/k8s.io/klog/klog.go b/vendor/k8s.io/klog/klog.go deleted file mode 100644 index 2712ce0af..000000000 --- a/vendor/k8s.io/klog/klog.go +++ /dev/null @@ -1,1308 +0,0 @@ -// Go support for leveled logs, analogous to https://code.google.com/p/google-glog/ -// -// Copyright 2013 Google Inc. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Package klog implements logging analogous to the Google-internal C++ INFO/ERROR/V setup. -// It provides functions Info, Warning, Error, Fatal, plus formatting variants such as -// Infof. It also provides V-style logging controlled by the -v and -vmodule=file=2 flags. -// -// Basic examples: -// -// klog.Info("Prepare to repel boarders") -// -// klog.Fatalf("Initialization failed: %s", err) -// -// See the documentation for the V function for an explanation of these examples: -// -// if klog.V(2) { -// klog.Info("Starting transaction...") -// } -// -// klog.V(2).Infoln("Processed", nItems, "elements") -// -// Log output is buffered and written periodically using Flush. Programs -// should call Flush before exiting to guarantee all log output is written. -// -// By default, all log statements write to standard error. -// This package provides several flags that modify this behavior. -// As a result, flag.Parse must be called before any logging is done. -// -// -logtostderr=true -// Logs are written to standard error instead of to files. -// -alsologtostderr=false -// Logs are written to standard error as well as to files. -// -stderrthreshold=ERROR -// Log events at or above this severity are logged to standard -// error as well as to files. -// -log_dir="" -// Log files will be written to this directory instead of the -// default temporary directory. -// -// Other flags provide aids to debugging. -// -// -log_backtrace_at="" -// When set to a file and line number holding a logging statement, -// such as -// -log_backtrace_at=gopherflakes.go:234 -// a stack trace will be written to the Info log whenever execution -// hits that statement. (Unlike with -vmodule, the ".go" must be -// present.) -// -v=0 -// Enable V-leveled logging at the specified level. -// -vmodule="" -// The syntax of the argument is a comma-separated list of pattern=N, -// where pattern is a literal file name (minus the ".go" suffix) or -// "glob" pattern and N is a V level. For instance, -// -vmodule=gopher*=3 -// sets the V level to 3 in all Go files whose names begin "gopher". -// -package klog - -import ( - "bufio" - "bytes" - "errors" - "flag" - "fmt" - "io" - stdLog "log" - "math" - "os" - "path/filepath" - "runtime" - "strconv" - "strings" - "sync" - "sync/atomic" - "time" -) - -// severity identifies the sort of log: info, warning etc. It also implements -// the flag.Value interface. The -stderrthreshold flag is of type severity and -// should be modified only through the flag.Value interface. The values match -// the corresponding constants in C++. -type severity int32 // sync/atomic int32 - -// These constants identify the log levels in order of increasing severity. -// A message written to a high-severity log file is also written to each -// lower-severity log file. -const ( - infoLog severity = iota - warningLog - errorLog - fatalLog - numSeverity = 4 -) - -const severityChar = "IWEF" - -var severityName = []string{ - infoLog: "INFO", - warningLog: "WARNING", - errorLog: "ERROR", - fatalLog: "FATAL", -} - -// get returns the value of the severity. -func (s *severity) get() severity { - return severity(atomic.LoadInt32((*int32)(s))) -} - -// set sets the value of the severity. -func (s *severity) set(val severity) { - atomic.StoreInt32((*int32)(s), int32(val)) -} - -// String is part of the flag.Value interface. -func (s *severity) String() string { - return strconv.FormatInt(int64(*s), 10) -} - -// Get is part of the flag.Value interface. -func (s *severity) Get() interface{} { - return *s -} - -// Set is part of the flag.Value interface. -func (s *severity) Set(value string) error { - var threshold severity - // Is it a known name? - if v, ok := severityByName(value); ok { - threshold = v - } else { - v, err := strconv.ParseInt(value, 10, 32) - if err != nil { - return err - } - threshold = severity(v) - } - logging.stderrThreshold.set(threshold) - return nil -} - -func severityByName(s string) (severity, bool) { - s = strings.ToUpper(s) - for i, name := range severityName { - if name == s { - return severity(i), true - } - } - return 0, false -} - -// OutputStats tracks the number of output lines and bytes written. -type OutputStats struct { - lines int64 - bytes int64 -} - -// Lines returns the number of lines written. -func (s *OutputStats) Lines() int64 { - return atomic.LoadInt64(&s.lines) -} - -// Bytes returns the number of bytes written. -func (s *OutputStats) Bytes() int64 { - return atomic.LoadInt64(&s.bytes) -} - -// Stats tracks the number of lines of output and number of bytes -// per severity level. Values must be read with atomic.LoadInt64. -var Stats struct { - Info, Warning, Error OutputStats -} - -var severityStats = [numSeverity]*OutputStats{ - infoLog: &Stats.Info, - warningLog: &Stats.Warning, - errorLog: &Stats.Error, -} - -// Level is exported because it appears in the arguments to V and is -// the type of the v flag, which can be set programmatically. -// It's a distinct type because we want to discriminate it from logType. -// Variables of type level are only changed under logging.mu. -// The -v flag is read only with atomic ops, so the state of the logging -// module is consistent. - -// Level is treated as a sync/atomic int32. - -// Level specifies a level of verbosity for V logs. *Level implements -// flag.Value; the -v flag is of type Level and should be modified -// only through the flag.Value interface. -type Level int32 - -// get returns the value of the Level. -func (l *Level) get() Level { - return Level(atomic.LoadInt32((*int32)(l))) -} - -// set sets the value of the Level. -func (l *Level) set(val Level) { - atomic.StoreInt32((*int32)(l), int32(val)) -} - -// String is part of the flag.Value interface. -func (l *Level) String() string { - return strconv.FormatInt(int64(*l), 10) -} - -// Get is part of the flag.Value interface. -func (l *Level) Get() interface{} { - return *l -} - -// Set is part of the flag.Value interface. -func (l *Level) Set(value string) error { - v, err := strconv.ParseInt(value, 10, 32) - if err != nil { - return err - } - logging.mu.Lock() - defer logging.mu.Unlock() - logging.setVState(Level(v), logging.vmodule.filter, false) - return nil -} - -// moduleSpec represents the setting of the -vmodule flag. -type moduleSpec struct { - filter []modulePat -} - -// modulePat contains a filter for the -vmodule flag. -// It holds a verbosity level and a file pattern to match. -type modulePat struct { - pattern string - literal bool // The pattern is a literal string - level Level -} - -// match reports whether the file matches the pattern. It uses a string -// comparison if the pattern contains no metacharacters. -func (m *modulePat) match(file string) bool { - if m.literal { - return file == m.pattern - } - match, _ := filepath.Match(m.pattern, file) - return match -} - -func (m *moduleSpec) String() string { - // Lock because the type is not atomic. TODO: clean this up. - logging.mu.Lock() - defer logging.mu.Unlock() - var b bytes.Buffer - for i, f := range m.filter { - if i > 0 { - b.WriteRune(',') - } - fmt.Fprintf(&b, "%s=%d", f.pattern, f.level) - } - return b.String() -} - -// Get is part of the (Go 1.2) flag.Getter interface. It always returns nil for this flag type since the -// struct is not exported. -func (m *moduleSpec) Get() interface{} { - return nil -} - -var errVmoduleSyntax = errors.New("syntax error: expect comma-separated list of filename=N") - -// Syntax: -vmodule=recordio=2,file=1,gfs*=3 -func (m *moduleSpec) Set(value string) error { - var filter []modulePat - for _, pat := range strings.Split(value, ",") { - if len(pat) == 0 { - // Empty strings such as from a trailing comma can be ignored. - continue - } - patLev := strings.Split(pat, "=") - if len(patLev) != 2 || len(patLev[0]) == 0 || len(patLev[1]) == 0 { - return errVmoduleSyntax - } - pattern := patLev[0] - v, err := strconv.ParseInt(patLev[1], 10, 32) - if err != nil { - return errors.New("syntax error: expect comma-separated list of filename=N") - } - if v < 0 { - return errors.New("negative value for vmodule level") - } - if v == 0 { - continue // Ignore. It's harmless but no point in paying the overhead. - } - // TODO: check syntax of filter? - filter = append(filter, modulePat{pattern, isLiteral(pattern), Level(v)}) - } - logging.mu.Lock() - defer logging.mu.Unlock() - logging.setVState(logging.verbosity, filter, true) - return nil -} - -// isLiteral reports whether the pattern is a literal string, that is, has no metacharacters -// that require filepath.Match to be called to match the pattern. -func isLiteral(pattern string) bool { - return !strings.ContainsAny(pattern, `\*?[]`) -} - -// traceLocation represents the setting of the -log_backtrace_at flag. -type traceLocation struct { - file string - line int -} - -// isSet reports whether the trace location has been specified. -// logging.mu is held. -func (t *traceLocation) isSet() bool { - return t.line > 0 -} - -// match reports whether the specified file and line matches the trace location. -// The argument file name is the full path, not the basename specified in the flag. -// logging.mu is held. -func (t *traceLocation) match(file string, line int) bool { - if t.line != line { - return false - } - if i := strings.LastIndex(file, "/"); i >= 0 { - file = file[i+1:] - } - return t.file == file -} - -func (t *traceLocation) String() string { - // Lock because the type is not atomic. TODO: clean this up. - logging.mu.Lock() - defer logging.mu.Unlock() - return fmt.Sprintf("%s:%d", t.file, t.line) -} - -// Get is part of the (Go 1.2) flag.Getter interface. It always returns nil for this flag type since the -// struct is not exported -func (t *traceLocation) Get() interface{} { - return nil -} - -var errTraceSyntax = errors.New("syntax error: expect file.go:234") - -// Syntax: -log_backtrace_at=gopherflakes.go:234 -// Note that unlike vmodule the file extension is included here. -func (t *traceLocation) Set(value string) error { - if value == "" { - // Unset. - t.line = 0 - t.file = "" - } - fields := strings.Split(value, ":") - if len(fields) != 2 { - return errTraceSyntax - } - file, line := fields[0], fields[1] - if !strings.Contains(file, ".") { - return errTraceSyntax - } - v, err := strconv.Atoi(line) - if err != nil { - return errTraceSyntax - } - if v <= 0 { - return errors.New("negative or zero value for level") - } - logging.mu.Lock() - defer logging.mu.Unlock() - t.line = v - t.file = file - return nil -} - -// flushSyncWriter is the interface satisfied by logging destinations. -type flushSyncWriter interface { - Flush() error - Sync() error - io.Writer -} - -// init sets up the defaults and runs flushDaemon. -func init() { - logging.stderrThreshold = errorLog // Default stderrThreshold is ERROR. - logging.setVState(0, nil, false) - logging.logDir = "" - logging.logFile = "" - logging.logFileMaxSizeMB = 1800 - logging.toStderr = true - logging.alsoToStderr = false - logging.skipHeaders = false - logging.addDirHeader = false - logging.skipLogHeaders = false - go logging.flushDaemon() -} - -// InitFlags is for explicitly initializing the flags. -func InitFlags(flagset *flag.FlagSet) { - if flagset == nil { - flagset = flag.CommandLine - } - - flagset.StringVar(&logging.logDir, "log_dir", logging.logDir, "If non-empty, write log files in this directory") - flagset.StringVar(&logging.logFile, "log_file", logging.logFile, "If non-empty, use this log file") - flagset.Uint64Var(&logging.logFileMaxSizeMB, "log_file_max_size", logging.logFileMaxSizeMB, - "Defines the maximum size a log file can grow to. Unit is megabytes. "+ - "If the value is 0, the maximum file size is unlimited.") - flagset.BoolVar(&logging.toStderr, "logtostderr", logging.toStderr, "log to standard error instead of files") - flagset.BoolVar(&logging.alsoToStderr, "alsologtostderr", logging.alsoToStderr, "log to standard error as well as files") - flagset.Var(&logging.verbosity, "v", "number for the log level verbosity") - flagset.BoolVar(&logging.skipHeaders, "add_dir_header", logging.addDirHeader, "If true, adds the file directory to the header") - flagset.BoolVar(&logging.skipHeaders, "skip_headers", logging.skipHeaders, "If true, avoid header prefixes in the log messages") - flagset.BoolVar(&logging.skipLogHeaders, "skip_log_headers", logging.skipLogHeaders, "If true, avoid headers when opening log files") - flagset.Var(&logging.stderrThreshold, "stderrthreshold", "logs at or above this threshold go to stderr") - flagset.Var(&logging.vmodule, "vmodule", "comma-separated list of pattern=N settings for file-filtered logging") - flagset.Var(&logging.traceLocation, "log_backtrace_at", "when logging hits line file:N, emit a stack trace") -} - -// Flush flushes all pending log I/O. -func Flush() { - logging.lockAndFlushAll() -} - -// loggingT collects all the global state of the logging setup. -type loggingT struct { - // Boolean flags. Not handled atomically because the flag.Value interface - // does not let us avoid the =true, and that shorthand is necessary for - // compatibility. TODO: does this matter enough to fix? Seems unlikely. - toStderr bool // The -logtostderr flag. - alsoToStderr bool // The -alsologtostderr flag. - - // Level flag. Handled atomically. - stderrThreshold severity // The -stderrthreshold flag. - - // freeList is a list of byte buffers, maintained under freeListMu. - freeList *buffer - // freeListMu maintains the free list. It is separate from the main mutex - // so buffers can be grabbed and printed to without holding the main lock, - // for better parallelization. - freeListMu sync.Mutex - - // mu protects the remaining elements of this structure and is - // used to synchronize logging. - mu sync.Mutex - // file holds writer for each of the log types. - file [numSeverity]flushSyncWriter - // pcs is used in V to avoid an allocation when computing the caller's PC. - pcs [1]uintptr - // vmap is a cache of the V Level for each V() call site, identified by PC. - // It is wiped whenever the vmodule flag changes state. - vmap map[uintptr]Level - // filterLength stores the length of the vmodule filter chain. If greater - // than zero, it means vmodule is enabled. It may be read safely - // using sync.LoadInt32, but is only modified under mu. - filterLength int32 - // traceLocation is the state of the -log_backtrace_at flag. - traceLocation traceLocation - // These flags are modified only under lock, although verbosity may be fetched - // safely using atomic.LoadInt32. - vmodule moduleSpec // The state of the -vmodule flag. - verbosity Level // V logging level, the value of the -v flag/ - - // If non-empty, overrides the choice of directory in which to write logs. - // See createLogDirs for the full list of possible destinations. - logDir string - - // If non-empty, specifies the path of the file to write logs. mutually exclusive - // with the log-dir option. - logFile string - - // When logFile is specified, this limiter makes sure the logFile won't exceeds a certain size. When exceeds, the - // logFile will be cleaned up. If this value is 0, no size limitation will be applied to logFile. - logFileMaxSizeMB uint64 - - // If true, do not add the prefix headers, useful when used with SetOutput - skipHeaders bool - - // If true, do not add the headers to log files - skipLogHeaders bool - - // If true, add the file directory to the header - addDirHeader bool -} - -// buffer holds a byte Buffer for reuse. The zero value is ready for use. -type buffer struct { - bytes.Buffer - tmp [64]byte // temporary byte array for creating headers. - next *buffer -} - -var logging loggingT - -// setVState sets a consistent state for V logging. -// l.mu is held. -func (l *loggingT) setVState(verbosity Level, filter []modulePat, setFilter bool) { - // Turn verbosity off so V will not fire while we are in transition. - logging.verbosity.set(0) - // Ditto for filter length. - atomic.StoreInt32(&logging.filterLength, 0) - - // Set the new filters and wipe the pc->Level map if the filter has changed. - if setFilter { - logging.vmodule.filter = filter - logging.vmap = make(map[uintptr]Level) - } - - // Things are consistent now, so enable filtering and verbosity. - // They are enabled in order opposite to that in V. - atomic.StoreInt32(&logging.filterLength, int32(len(filter))) - logging.verbosity.set(verbosity) -} - -// getBuffer returns a new, ready-to-use buffer. -func (l *loggingT) getBuffer() *buffer { - l.freeListMu.Lock() - b := l.freeList - if b != nil { - l.freeList = b.next - } - l.freeListMu.Unlock() - if b == nil { - b = new(buffer) - } else { - b.next = nil - b.Reset() - } - return b -} - -// putBuffer returns a buffer to the free list. -func (l *loggingT) putBuffer(b *buffer) { - if b.Len() >= 256 { - // Let big buffers die a natural death. - return - } - l.freeListMu.Lock() - b.next = l.freeList - l.freeList = b - l.freeListMu.Unlock() -} - -var timeNow = time.Now // Stubbed out for testing. - -/* -header formats a log header as defined by the C++ implementation. -It returns a buffer containing the formatted header and the user's file and line number. -The depth specifies how many stack frames above lives the source line to be identified in the log message. - -Log lines have this form: - Lmmdd hh:mm:ss.uuuuuu threadid file:line] msg... -where the fields are defined as follows: - L A single character, representing the log level (eg 'I' for INFO) - mm The month (zero padded; ie May is '05') - dd The day (zero padded) - hh:mm:ss.uuuuuu Time in hours, minutes and fractional seconds - threadid The space-padded thread ID as returned by GetTID() - file The file name - line The line number - msg The user-supplied message -*/ -func (l *loggingT) header(s severity, depth int) (*buffer, string, int) { - _, file, line, ok := runtime.Caller(3 + depth) - if !ok { - file = "???" - line = 1 - } else { - if slash := strings.LastIndex(file, "/"); slash >= 0 { - path := file - file = path[slash+1:] - if l.addDirHeader { - if dirsep := strings.LastIndex(path[:slash], "/"); dirsep >= 0 { - file = path[dirsep+1:] - } - } - } - } - return l.formatHeader(s, file, line), file, line -} - -// formatHeader formats a log header using the provided file name and line number. -func (l *loggingT) formatHeader(s severity, file string, line int) *buffer { - now := timeNow() - if line < 0 { - line = 0 // not a real line number, but acceptable to someDigits - } - if s > fatalLog { - s = infoLog // for safety. - } - buf := l.getBuffer() - if l.skipHeaders { - return buf - } - - // Avoid Fprintf, for speed. The format is so simple that we can do it quickly by hand. - // It's worth about 3X. Fprintf is hard. - _, month, day := now.Date() - hour, minute, second := now.Clock() - // Lmmdd hh:mm:ss.uuuuuu threadid file:line] - buf.tmp[0] = severityChar[s] - buf.twoDigits(1, int(month)) - buf.twoDigits(3, day) - buf.tmp[5] = ' ' - buf.twoDigits(6, hour) - buf.tmp[8] = ':' - buf.twoDigits(9, minute) - buf.tmp[11] = ':' - buf.twoDigits(12, second) - buf.tmp[14] = '.' - buf.nDigits(6, 15, now.Nanosecond()/1000, '0') - buf.tmp[21] = ' ' - buf.nDigits(7, 22, pid, ' ') // TODO: should be TID - buf.tmp[29] = ' ' - buf.Write(buf.tmp[:30]) - buf.WriteString(file) - buf.tmp[0] = ':' - n := buf.someDigits(1, line) - buf.tmp[n+1] = ']' - buf.tmp[n+2] = ' ' - buf.Write(buf.tmp[:n+3]) - return buf -} - -// Some custom tiny helper functions to print the log header efficiently. - -const digits = "0123456789" - -// twoDigits formats a zero-prefixed two-digit integer at buf.tmp[i]. -func (buf *buffer) twoDigits(i, d int) { - buf.tmp[i+1] = digits[d%10] - d /= 10 - buf.tmp[i] = digits[d%10] -} - -// nDigits formats an n-digit integer at buf.tmp[i], -// padding with pad on the left. -// It assumes d >= 0. -func (buf *buffer) nDigits(n, i, d int, pad byte) { - j := n - 1 - for ; j >= 0 && d > 0; j-- { - buf.tmp[i+j] = digits[d%10] - d /= 10 - } - for ; j >= 0; j-- { - buf.tmp[i+j] = pad - } -} - -// someDigits formats a zero-prefixed variable-width integer at buf.tmp[i]. -func (buf *buffer) someDigits(i, d int) int { - // Print into the top, then copy down. We know there's space for at least - // a 10-digit number. - j := len(buf.tmp) - for { - j-- - buf.tmp[j] = digits[d%10] - d /= 10 - if d == 0 { - break - } - } - return copy(buf.tmp[i:], buf.tmp[j:]) -} - -func (l *loggingT) println(s severity, args ...interface{}) { - buf, file, line := l.header(s, 0) - fmt.Fprintln(buf, args...) - l.output(s, buf, file, line, false) -} - -func (l *loggingT) print(s severity, args ...interface{}) { - l.printDepth(s, 1, args...) -} - -func (l *loggingT) printDepth(s severity, depth int, args ...interface{}) { - buf, file, line := l.header(s, depth) - fmt.Fprint(buf, args...) - if buf.Bytes()[buf.Len()-1] != '\n' { - buf.WriteByte('\n') - } - l.output(s, buf, file, line, false) -} - -func (l *loggingT) printf(s severity, format string, args ...interface{}) { - buf, file, line := l.header(s, 0) - fmt.Fprintf(buf, format, args...) - if buf.Bytes()[buf.Len()-1] != '\n' { - buf.WriteByte('\n') - } - l.output(s, buf, file, line, false) -} - -// printWithFileLine behaves like print but uses the provided file and line number. If -// alsoLogToStderr is true, the log message always appears on standard error; it -// will also appear in the log file unless --logtostderr is set. -func (l *loggingT) printWithFileLine(s severity, file string, line int, alsoToStderr bool, args ...interface{}) { - buf := l.formatHeader(s, file, line) - fmt.Fprint(buf, args...) - if buf.Bytes()[buf.Len()-1] != '\n' { - buf.WriteByte('\n') - } - l.output(s, buf, file, line, alsoToStderr) -} - -// redirectBuffer is used to set an alternate destination for the logs -type redirectBuffer struct { - w io.Writer -} - -func (rb *redirectBuffer) Sync() error { - return nil -} - -func (rb *redirectBuffer) Flush() error { - return nil -} - -func (rb *redirectBuffer) Write(bytes []byte) (n int, err error) { - return rb.w.Write(bytes) -} - -// SetOutput sets the output destination for all severities -func SetOutput(w io.Writer) { - logging.mu.Lock() - defer logging.mu.Unlock() - for s := fatalLog; s >= infoLog; s-- { - rb := &redirectBuffer{ - w: w, - } - logging.file[s] = rb - } -} - -// SetOutputBySeverity sets the output destination for specific severity -func SetOutputBySeverity(name string, w io.Writer) { - logging.mu.Lock() - defer logging.mu.Unlock() - sev, ok := severityByName(name) - if !ok { - panic(fmt.Sprintf("SetOutputBySeverity(%q): unrecognized severity name", name)) - } - rb := &redirectBuffer{ - w: w, - } - logging.file[sev] = rb -} - -// output writes the data to the log files and releases the buffer. -func (l *loggingT) output(s severity, buf *buffer, file string, line int, alsoToStderr bool) { - l.mu.Lock() - if l.traceLocation.isSet() { - if l.traceLocation.match(file, line) { - buf.Write(stacks(false)) - } - } - data := buf.Bytes() - if l.toStderr { - os.Stderr.Write(data) - } else { - if alsoToStderr || l.alsoToStderr || s >= l.stderrThreshold.get() { - os.Stderr.Write(data) - } - - if logging.logFile != "" { - // Since we are using a single log file, all of the items in l.file array - // will point to the same file, so just use one of them to write data. - if l.file[infoLog] == nil { - if err := l.createFiles(infoLog); err != nil { - os.Stderr.Write(data) // Make sure the message appears somewhere. - l.exit(err) - } - } - l.file[infoLog].Write(data) - } else { - if l.file[s] == nil { - if err := l.createFiles(s); err != nil { - os.Stderr.Write(data) // Make sure the message appears somewhere. - l.exit(err) - } - } - - switch s { - case fatalLog: - l.file[fatalLog].Write(data) - fallthrough - case errorLog: - l.file[errorLog].Write(data) - fallthrough - case warningLog: - l.file[warningLog].Write(data) - fallthrough - case infoLog: - l.file[infoLog].Write(data) - } - } - } - if s == fatalLog { - // If we got here via Exit rather than Fatal, print no stacks. - if atomic.LoadUint32(&fatalNoStacks) > 0 { - l.mu.Unlock() - timeoutFlush(10 * time.Second) - os.Exit(1) - } - // Dump all goroutine stacks before exiting. - // First, make sure we see the trace for the current goroutine on standard error. - // If -logtostderr has been specified, the loop below will do that anyway - // as the first stack in the full dump. - if !l.toStderr { - os.Stderr.Write(stacks(false)) - } - // Write the stack trace for all goroutines to the files. - trace := stacks(true) - logExitFunc = func(error) {} // If we get a write error, we'll still exit below. - for log := fatalLog; log >= infoLog; log-- { - if f := l.file[log]; f != nil { // Can be nil if -logtostderr is set. - f.Write(trace) - } - } - l.mu.Unlock() - timeoutFlush(10 * time.Second) - os.Exit(255) // C++ uses -1, which is silly because it's anded with 255 anyway. - } - l.putBuffer(buf) - l.mu.Unlock() - if stats := severityStats[s]; stats != nil { - atomic.AddInt64(&stats.lines, 1) - atomic.AddInt64(&stats.bytes, int64(len(data))) - } -} - -// timeoutFlush calls Flush and returns when it completes or after timeout -// elapses, whichever happens first. This is needed because the hooks invoked -// by Flush may deadlock when klog.Fatal is called from a hook that holds -// a lock. -func timeoutFlush(timeout time.Duration) { - done := make(chan bool, 1) - go func() { - Flush() // calls logging.lockAndFlushAll() - done <- true - }() - select { - case <-done: - case <-time.After(timeout): - fmt.Fprintln(os.Stderr, "klog: Flush took longer than", timeout) - } -} - -// stacks is a wrapper for runtime.Stack that attempts to recover the data for all goroutines. -func stacks(all bool) []byte { - // We don't know how big the traces are, so grow a few times if they don't fit. Start large, though. - n := 10000 - if all { - n = 100000 - } - var trace []byte - for i := 0; i < 5; i++ { - trace = make([]byte, n) - nbytes := runtime.Stack(trace, all) - if nbytes < len(trace) { - return trace[:nbytes] - } - n *= 2 - } - return trace -} - -// logExitFunc provides a simple mechanism to override the default behavior -// of exiting on error. Used in testing and to guarantee we reach a required exit -// for fatal logs. Instead, exit could be a function rather than a method but that -// would make its use clumsier. -var logExitFunc func(error) - -// exit is called if there is trouble creating or writing log files. -// It flushes the logs and exits the program; there's no point in hanging around. -// l.mu is held. -func (l *loggingT) exit(err error) { - fmt.Fprintf(os.Stderr, "log: exiting because of error: %s\n", err) - // If logExitFunc is set, we do that instead of exiting. - if logExitFunc != nil { - logExitFunc(err) - return - } - l.flushAll() - os.Exit(2) -} - -// syncBuffer joins a bufio.Writer to its underlying file, providing access to the -// file's Sync method and providing a wrapper for the Write method that provides log -// file rotation. There are conflicting methods, so the file cannot be embedded. -// l.mu is held for all its methods. -type syncBuffer struct { - logger *loggingT - *bufio.Writer - file *os.File - sev severity - nbytes uint64 // The number of bytes written to this file - maxbytes uint64 // The max number of bytes this syncBuffer.file can hold before cleaning up. -} - -func (sb *syncBuffer) Sync() error { - return sb.file.Sync() -} - -// CalculateMaxSize returns the real max size in bytes after considering the default max size and the flag options. -func CalculateMaxSize() uint64 { - if logging.logFile != "" { - if logging.logFileMaxSizeMB == 0 { - // If logFileMaxSizeMB is zero, we don't have limitations on the log size. - return math.MaxUint64 - } - // Flag logFileMaxSizeMB is in MB for user convenience. - return logging.logFileMaxSizeMB * 1024 * 1024 - } - // If "log_file" flag is not specified, the target file (sb.file) will be cleaned up when reaches a fixed size. - return MaxSize -} - -func (sb *syncBuffer) Write(p []byte) (n int, err error) { - if sb.nbytes+uint64(len(p)) >= sb.maxbytes { - if err := sb.rotateFile(time.Now(), false); err != nil { - sb.logger.exit(err) - } - } - n, err = sb.Writer.Write(p) - sb.nbytes += uint64(n) - if err != nil { - sb.logger.exit(err) - } - return -} - -// rotateFile closes the syncBuffer's file and starts a new one. -// The startup argument indicates whether this is the initial startup of klog. -// If startup is true, existing files are opened for appending instead of truncated. -func (sb *syncBuffer) rotateFile(now time.Time, startup bool) error { - if sb.file != nil { - sb.Flush() - sb.file.Close() - } - var err error - sb.file, _, err = create(severityName[sb.sev], now, startup) - sb.nbytes = 0 - if err != nil { - return err - } - - sb.Writer = bufio.NewWriterSize(sb.file, bufferSize) - - if sb.logger.skipLogHeaders { - return nil - } - - // Write header. - var buf bytes.Buffer - fmt.Fprintf(&buf, "Log file created at: %s\n", now.Format("2006/01/02 15:04:05")) - fmt.Fprintf(&buf, "Running on machine: %s\n", host) - fmt.Fprintf(&buf, "Binary: Built with %s %s for %s/%s\n", runtime.Compiler, runtime.Version(), runtime.GOOS, runtime.GOARCH) - fmt.Fprintf(&buf, "Log line format: [IWEF]mmdd hh:mm:ss.uuuuuu threadid file:line] msg\n") - n, err := sb.file.Write(buf.Bytes()) - sb.nbytes += uint64(n) - return err -} - -// bufferSize sizes the buffer associated with each log file. It's large -// so that log records can accumulate without the logging thread blocking -// on disk I/O. The flushDaemon will block instead. -const bufferSize = 256 * 1024 - -// createFiles creates all the log files for severity from sev down to infoLog. -// l.mu is held. -func (l *loggingT) createFiles(sev severity) error { - now := time.Now() - // Files are created in decreasing severity order, so as soon as we find one - // has already been created, we can stop. - for s := sev; s >= infoLog && l.file[s] == nil; s-- { - sb := &syncBuffer{ - logger: l, - sev: s, - maxbytes: CalculateMaxSize(), - } - if err := sb.rotateFile(now, true); err != nil { - return err - } - l.file[s] = sb - } - return nil -} - -const flushInterval = 5 * time.Second - -// flushDaemon periodically flushes the log file buffers. -func (l *loggingT) flushDaemon() { - for range time.NewTicker(flushInterval).C { - l.lockAndFlushAll() - } -} - -// lockAndFlushAll is like flushAll but locks l.mu first. -func (l *loggingT) lockAndFlushAll() { - l.mu.Lock() - l.flushAll() - l.mu.Unlock() -} - -// flushAll flushes all the logs and attempts to "sync" their data to disk. -// l.mu is held. -func (l *loggingT) flushAll() { - // Flush from fatal down, in case there's trouble flushing. - for s := fatalLog; s >= infoLog; s-- { - file := l.file[s] - if file != nil { - file.Flush() // ignore error - file.Sync() // ignore error - } - } -} - -// CopyStandardLogTo arranges for messages written to the Go "log" package's -// default logs to also appear in the Google logs for the named and lower -// severities. Subsequent changes to the standard log's default output location -// or format may break this behavior. -// -// Valid names are "INFO", "WARNING", "ERROR", and "FATAL". If the name is not -// recognized, CopyStandardLogTo panics. -func CopyStandardLogTo(name string) { - sev, ok := severityByName(name) - if !ok { - panic(fmt.Sprintf("log.CopyStandardLogTo(%q): unrecognized severity name", name)) - } - // Set a log format that captures the user's file and line: - // d.go:23: message - stdLog.SetFlags(stdLog.Lshortfile) - stdLog.SetOutput(logBridge(sev)) -} - -// logBridge provides the Write method that enables CopyStandardLogTo to connect -// Go's standard logs to the logs provided by this package. -type logBridge severity - -// Write parses the standard logging line and passes its components to the -// logger for severity(lb). -func (lb logBridge) Write(b []byte) (n int, err error) { - var ( - file = "???" - line = 1 - text string - ) - // Split "d.go:23: message" into "d.go", "23", and "message". - if parts := bytes.SplitN(b, []byte{':'}, 3); len(parts) != 3 || len(parts[0]) < 1 || len(parts[2]) < 1 { - text = fmt.Sprintf("bad log format: %s", b) - } else { - file = string(parts[0]) - text = string(parts[2][1:]) // skip leading space - line, err = strconv.Atoi(string(parts[1])) - if err != nil { - text = fmt.Sprintf("bad line number: %s", b) - line = 1 - } - } - // printWithFileLine with alsoToStderr=true, so standard log messages - // always appear on standard error. - logging.printWithFileLine(severity(lb), file, line, true, text) - return len(b), nil -} - -// setV computes and remembers the V level for a given PC -// when vmodule is enabled. -// File pattern matching takes the basename of the file, stripped -// of its .go suffix, and uses filepath.Match, which is a little more -// general than the *? matching used in C++. -// l.mu is held. -func (l *loggingT) setV(pc uintptr) Level { - fn := runtime.FuncForPC(pc) - file, _ := fn.FileLine(pc) - // The file is something like /a/b/c/d.go. We want just the d. - if strings.HasSuffix(file, ".go") { - file = file[:len(file)-3] - } - if slash := strings.LastIndex(file, "/"); slash >= 0 { - file = file[slash+1:] - } - for _, filter := range l.vmodule.filter { - if filter.match(file) { - l.vmap[pc] = filter.level - return filter.level - } - } - l.vmap[pc] = 0 - return 0 -} - -// Verbose is a boolean type that implements Infof (like Printf) etc. -// See the documentation of V for more information. -type Verbose bool - -// V reports whether verbosity at the call site is at least the requested level. -// The returned value is a boolean of type Verbose, which implements Info, Infoln -// and Infof. These methods will write to the Info log if called. -// Thus, one may write either -// if klog.V(2) { klog.Info("log this") } -// or -// klog.V(2).Info("log this") -// The second form is shorter but the first is cheaper if logging is off because it does -// not evaluate its arguments. -// -// Whether an individual call to V generates a log record depends on the setting of -// the -v and --vmodule flags; both are off by default. If the level in the call to -// V is at least the value of -v, or of -vmodule for the source file containing the -// call, the V call will log. -func V(level Level) Verbose { - // This function tries hard to be cheap unless there's work to do. - // The fast path is two atomic loads and compares. - - // Here is a cheap but safe test to see if V logging is enabled globally. - if logging.verbosity.get() >= level { - return Verbose(true) - } - - // It's off globally but it vmodule may still be set. - // Here is another cheap but safe test to see if vmodule is enabled. - if atomic.LoadInt32(&logging.filterLength) > 0 { - // Now we need a proper lock to use the logging structure. The pcs field - // is shared so we must lock before accessing it. This is fairly expensive, - // but if V logging is enabled we're slow anyway. - logging.mu.Lock() - defer logging.mu.Unlock() - if runtime.Callers(2, logging.pcs[:]) == 0 { - return Verbose(false) - } - v, ok := logging.vmap[logging.pcs[0]] - if !ok { - v = logging.setV(logging.pcs[0]) - } - return Verbose(v >= level) - } - return Verbose(false) -} - -// Info is equivalent to the global Info function, guarded by the value of v. -// See the documentation of V for usage. -func (v Verbose) Info(args ...interface{}) { - if v { - logging.print(infoLog, args...) - } -} - -// Infoln is equivalent to the global Infoln function, guarded by the value of v. -// See the documentation of V for usage. -func (v Verbose) Infoln(args ...interface{}) { - if v { - logging.println(infoLog, args...) - } -} - -// Infof is equivalent to the global Infof function, guarded by the value of v. -// See the documentation of V for usage. -func (v Verbose) Infof(format string, args ...interface{}) { - if v { - logging.printf(infoLog, format, args...) - } -} - -// Info logs to the INFO log. -// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. -func Info(args ...interface{}) { - logging.print(infoLog, args...) -} - -// InfoDepth acts as Info but uses depth to determine which call frame to log. -// InfoDepth(0, "msg") is the same as Info("msg"). -func InfoDepth(depth int, args ...interface{}) { - logging.printDepth(infoLog, depth, args...) -} - -// Infoln logs to the INFO log. -// Arguments are handled in the manner of fmt.Println; a newline is always appended. -func Infoln(args ...interface{}) { - logging.println(infoLog, args...) -} - -// Infof logs to the INFO log. -// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. -func Infof(format string, args ...interface{}) { - logging.printf(infoLog, format, args...) -} - -// Warning logs to the WARNING and INFO logs. -// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. -func Warning(args ...interface{}) { - logging.print(warningLog, args...) -} - -// WarningDepth acts as Warning but uses depth to determine which call frame to log. -// WarningDepth(0, "msg") is the same as Warning("msg"). -func WarningDepth(depth int, args ...interface{}) { - logging.printDepth(warningLog, depth, args...) -} - -// Warningln logs to the WARNING and INFO logs. -// Arguments are handled in the manner of fmt.Println; a newline is always appended. -func Warningln(args ...interface{}) { - logging.println(warningLog, args...) -} - -// Warningf logs to the WARNING and INFO logs. -// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. -func Warningf(format string, args ...interface{}) { - logging.printf(warningLog, format, args...) -} - -// Error logs to the ERROR, WARNING, and INFO logs. -// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. -func Error(args ...interface{}) { - logging.print(errorLog, args...) -} - -// ErrorDepth acts as Error but uses depth to determine which call frame to log. -// ErrorDepth(0, "msg") is the same as Error("msg"). -func ErrorDepth(depth int, args ...interface{}) { - logging.printDepth(errorLog, depth, args...) -} - -// Errorln logs to the ERROR, WARNING, and INFO logs. -// Arguments are handled in the manner of fmt.Println; a newline is always appended. -func Errorln(args ...interface{}) { - logging.println(errorLog, args...) -} - -// Errorf logs to the ERROR, WARNING, and INFO logs. -// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. -func Errorf(format string, args ...interface{}) { - logging.printf(errorLog, format, args...) -} - -// Fatal logs to the FATAL, ERROR, WARNING, and INFO logs, -// including a stack trace of all running goroutines, then calls os.Exit(255). -// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. -func Fatal(args ...interface{}) { - logging.print(fatalLog, args...) -} - -// FatalDepth acts as Fatal but uses depth to determine which call frame to log. -// FatalDepth(0, "msg") is the same as Fatal("msg"). -func FatalDepth(depth int, args ...interface{}) { - logging.printDepth(fatalLog, depth, args...) -} - -// Fatalln logs to the FATAL, ERROR, WARNING, and INFO logs, -// including a stack trace of all running goroutines, then calls os.Exit(255). -// Arguments are handled in the manner of fmt.Println; a newline is always appended. -func Fatalln(args ...interface{}) { - logging.println(fatalLog, args...) -} - -// Fatalf logs to the FATAL, ERROR, WARNING, and INFO logs, -// including a stack trace of all running goroutines, then calls os.Exit(255). -// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. -func Fatalf(format string, args ...interface{}) { - logging.printf(fatalLog, format, args...) -} - -// fatalNoStacks is non-zero if we are to exit without dumping goroutine stacks. -// It allows Exit and relatives to use the Fatal logs. -var fatalNoStacks uint32 - -// Exit logs to the FATAL, ERROR, WARNING, and INFO logs, then calls os.Exit(1). -// Arguments are handled in the manner of fmt.Print; a newline is appended if missing. -func Exit(args ...interface{}) { - atomic.StoreUint32(&fatalNoStacks, 1) - logging.print(fatalLog, args...) -} - -// ExitDepth acts as Exit but uses depth to determine which call frame to log. -// ExitDepth(0, "msg") is the same as Exit("msg"). -func ExitDepth(depth int, args ...interface{}) { - atomic.StoreUint32(&fatalNoStacks, 1) - logging.printDepth(fatalLog, depth, args...) -} - -// Exitln logs to the FATAL, ERROR, WARNING, and INFO logs, then calls os.Exit(1). -func Exitln(args ...interface{}) { - atomic.StoreUint32(&fatalNoStacks, 1) - logging.println(fatalLog, args...) -} - -// Exitf logs to the FATAL, ERROR, WARNING, and INFO logs, then calls os.Exit(1). -// Arguments are handled in the manner of fmt.Printf; a newline is appended if missing. -func Exitf(format string, args ...interface{}) { - atomic.StoreUint32(&fatalNoStacks, 1) - logging.printf(fatalLog, format, args...) -} diff --git a/vendor/k8s.io/klog/klog_file.go b/vendor/k8s.io/klog/klog_file.go deleted file mode 100644 index e4010ad4d..000000000 --- a/vendor/k8s.io/klog/klog_file.go +++ /dev/null @@ -1,139 +0,0 @@ -// Go support for leveled logs, analogous to https://code.google.com/p/google-glog/ -// -// Copyright 2013 Google Inc. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// File I/O for logs. - -package klog - -import ( - "errors" - "fmt" - "os" - "os/user" - "path/filepath" - "strings" - "sync" - "time" -) - -// MaxSize is the maximum size of a log file in bytes. -var MaxSize uint64 = 1024 * 1024 * 1800 - -// logDirs lists the candidate directories for new log files. -var logDirs []string - -func createLogDirs() { - if logging.logDir != "" { - logDirs = append(logDirs, logging.logDir) - } - logDirs = append(logDirs, os.TempDir()) -} - -var ( - pid = os.Getpid() - program = filepath.Base(os.Args[0]) - host = "unknownhost" - userName = "unknownuser" -) - -func init() { - h, err := os.Hostname() - if err == nil { - host = shortHostname(h) - } - - current, err := user.Current() - if err == nil { - userName = current.Username - } - - // Sanitize userName since it may contain filepath separators on Windows. - userName = strings.Replace(userName, `\`, "_", -1) -} - -// shortHostname returns its argument, truncating at the first period. -// For instance, given "www.google.com" it returns "www". -func shortHostname(hostname string) string { - if i := strings.Index(hostname, "."); i >= 0 { - return hostname[:i] - } - return hostname -} - -// logName returns a new log file name containing tag, with start time t, and -// the name for the symlink for tag. -func logName(tag string, t time.Time) (name, link string) { - name = fmt.Sprintf("%s.%s.%s.log.%s.%04d%02d%02d-%02d%02d%02d.%d", - program, - host, - userName, - tag, - t.Year(), - t.Month(), - t.Day(), - t.Hour(), - t.Minute(), - t.Second(), - pid) - return name, program + "." + tag -} - -var onceLogDirs sync.Once - -// create creates a new log file and returns the file and its filename, which -// contains tag ("INFO", "FATAL", etc.) and t. If the file is created -// successfully, create also attempts to update the symlink for that tag, ignoring -// errors. -// The startup argument indicates whether this is the initial startup of klog. -// If startup is true, existing files are opened for appending instead of truncated. -func create(tag string, t time.Time, startup bool) (f *os.File, filename string, err error) { - if logging.logFile != "" { - f, err := openOrCreate(logging.logFile, startup) - if err == nil { - return f, logging.logFile, nil - } - return nil, "", fmt.Errorf("log: unable to create log: %v", err) - } - onceLogDirs.Do(createLogDirs) - if len(logDirs) == 0 { - return nil, "", errors.New("log: no log dirs") - } - name, link := logName(tag, t) - var lastErr error - for _, dir := range logDirs { - fname := filepath.Join(dir, name) - f, err := openOrCreate(fname, startup) - if err == nil { - symlink := filepath.Join(dir, link) - os.Remove(symlink) // ignore err - os.Symlink(name, symlink) // ignore err - return f, fname, nil - } - lastErr = err - } - return nil, "", fmt.Errorf("log: cannot create log: %v", lastErr) -} - -// The startup argument indicates whether this is the initial startup of klog. -// If startup is true, existing files are opened for appending instead of truncated. -func openOrCreate(name string, startup bool) (*os.File, error) { - if startup { - f, err := os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666) - return f, err - } - f, err := os.Create(name) - return f, err -} diff --git a/vendor/modules.txt b/vendor/modules.txt index e77dd82ca..9ec7a120b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -839,8 +839,6 @@ k8s.io/component-base/metrics/legacyregistry k8s.io/component-base/metrics/prometheus/workqueue k8s.io/component-base/metrics/testutil k8s.io/component-base/version -# k8s.io/klog v1.0.0 -k8s.io/klog # k8s.io/klog/v2 v2.8.0 k8s.io/klog/v2 # k8s.io/kube-aggregator v0.21.1 From e14be58ba63f5320b4c760a4313c9629fc0458a2 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Wed, 28 Jul 2021 16:39:36 +0200 Subject: [PATCH 3/3] plumb context down Signed-off-by: Antonio Ojea --- pkg/operator/targetcontroller/sync.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/operator/targetcontroller/sync.go b/pkg/operator/targetcontroller/sync.go index f234016c3..3d447c2fa 100644 --- a/pkg/operator/targetcontroller/sync.go +++ b/pkg/operator/targetcontroller/sync.go @@ -1,6 +1,7 @@ package targetcontroller import ( + "context" "fmt" "strings" @@ -21,7 +22,7 @@ func (c *TargetController) syncKubeStorageVersionMigrator(spec *operatorv1.KubeS operatorStatus := originalOperatorStatus.DeepCopy() clientHolder := (&resourceapply.ClientHolder{}).WithKubernetes(c.kubeClient) - directResourceResults := resourceapply.ApplyDirectly(clientHolder, c.eventRecorder, assets.Asset, + directResourceResults := resourceapply.ApplyDirectly(context.TODO(), clientHolder, c.eventRecorder, assets.Asset, "kube-storage-version-migrator/namespace.yaml", "kube-storage-version-migrator/serviceaccount.yaml", "kube-storage-version-migrator/roles.yaml", @@ -186,7 +187,7 @@ func (c *TargetController) manageKubeStorageVersionMigratorDeployment(spec *oper operandContainer := deployment.Spec.Template.Spec.Containers[0] operandContainer.Args = append(operandContainer.Args, fmt.Sprintf("--v=%d", klogLevels[spec.LogLevel])) - return resourceapply.ApplyDeployment(c.kubeClient.AppsV1(), c.eventRecorder, deployment, resourcemerge.ExpectedDeploymentGeneration(deployment, status.Generations)) + return resourceapply.ApplyDeployment(context.TODO(), c.kubeClient.AppsV1(), c.eventRecorder, deployment, resourcemerge.ExpectedDeploymentGeneration(deployment, status.Generations)) } func (c *TargetController) resolveImageReferences(containers []corev1.Container) ([]corev1.Container, error) {