From 0bac2b09f97cd7758081795dc27f5ad16d3c998a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20K=C5=99epinsk=C3=BD?= Date: Fri, 20 Oct 2023 18:23:36 +0200 Subject: [PATCH 1/2] bump(k8s,openshift) to address CVE-2023-44487 --- go.mod | 90 ++++++++++++++++++++++++++++------------------------------ go.sum | 84 +++++++++++++++++++++++++++--------------------------- 2 files changed, 86 insertions(+), 88 deletions(-) diff --git a/go.mod b/go.mod index 481812da2..a7ccf5ffd 100644 --- a/go.mod +++ b/go.mod @@ -6,22 +6,22 @@ require ( github.com/davecgh/go-spew v1.1.1 github.com/go-bindata/go-bindata v3.1.2+incompatible github.com/google/go-cmp v0.5.9 - github.com/openshift/api v0.0.0-20230516201849-333bc194ef7a - github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 - github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb - github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb + github.com/openshift/api v0.0.0-20231012190404-7b36cb38c7d0 + github.com/openshift/build-machinery-go v0.0.0-20230816154005-5a38e1bfd880 + github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb + github.com/openshift/library-go v0.0.0-20231020125025-211b32f1a1f2 github.com/prometheus/client_golang v1.14.0 - github.com/spf13/cobra v1.6.0 + github.com/spf13/cobra v1.6.1 github.com/stretchr/testify v1.8.1 - k8s.io/api v0.27.1 - k8s.io/apimachinery v0.27.1 - k8s.io/apiserver v0.27.1 - k8s.io/client-go v0.27.1 - k8s.io/component-base v0.27.1 - k8s.io/controller-manager v0.27.1 - k8s.io/klog/v2 v2.90.1 - k8s.io/kubernetes v1.27.1 - k8s.io/pod-security-admission v0.27.1 + k8s.io/api v0.27.7 + k8s.io/apimachinery v0.27.7 + k8s.io/apiserver v0.27.7 + k8s.io/client-go v0.27.7 + k8s.io/component-base v0.27.7 + k8s.io/controller-manager v0.27.7 + k8s.io/klog/v2 v2.100.1 + k8s.io/kubernetes v1.27.7 + k8s.io/pod-security-admission v0.27.7 ) require ( @@ -41,7 +41,7 @@ require ( github.com/felixge/httpsnoop v1.0.3 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-logr/logr v1.2.3 // indirect + github.com/go-logr/logr v1.2.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.1 // indirect @@ -109,43 +109,41 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/cloud-provider v0.0.0 // indirect - k8s.io/component-helpers v0.27.1 // indirect - k8s.io/kms v0.27.1 // indirect + k8s.io/component-helpers v0.27.7 // indirect + k8s.io/kms v0.27.7 // indirect k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect k8s.io/kubelet v0.0.0 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) replace ( - // To address CVE-2023-44487 until k8s 1.27.7 release is out - k8s.io/api => k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20231013002001-0219e706729b - k8s.io/apiextensions-apiserver => k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20231013002001-0219e706729b - k8s.io/apimachinery => k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20231013002001-0219e706729b - k8s.io/apiserver => k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20231013002001-0219e706729b - k8s.io/cli-runtime => k8s.io/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20231013002001-0219e706729b - k8s.io/client-go => k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20231013002001-0219e706729b - k8s.io/cloud-provider => k8s.io/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20231013002001-0219e706729b - k8s.io/cluster-bootstrap => k8s.io/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20231013002001-0219e706729b - k8s.io/code-generator => k8s.io/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20231013002001-0219e706729b - k8s.io/component-base => k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20231013002001-0219e706729b - k8s.io/component-helpers => k8s.io/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20231013002001-0219e706729b - k8s.io/controller-manager => k8s.io/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20231013002001-0219e706729b - k8s.io/cri-api => k8s.io/cri-api v0.27.1 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.1 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.1 - k8s.io/kube-controller-manager => k8s.io/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20231013002001-0219e706729b - k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.1 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.1 - k8s.io/kubectl => k8s.io/kubectl v0.27.1 - k8s.io/kubelet => k8s.io/kubelet v0.27.1 - k8s.io/kubernetes => k8s.io/kubernetes v0.0.0-20231013002001-0219e706729b - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.1 - k8s.io/metrics => k8s.io/metrics v0.27.1 - k8s.io/mount-utils => k8s.io/mount-utils v0.27.1 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.1 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.1 + k8s.io/api => k8s.io/api v0.27.7 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.7 + k8s.io/apimachinery => k8s.io/apimachinery v0.27.7 + k8s.io/apiserver => k8s.io/apiserver v0.27.7 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.7 + k8s.io/client-go => k8s.io/client-go v0.27.7 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.7 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.7 + k8s.io/code-generator => k8s.io/code-generator v0.27.7 + k8s.io/component-base => k8s.io/component-base v0.27.7 + k8s.io/component-helpers => k8s.io/component-helpers v0.27.7 + k8s.io/controller-manager => k8s.io/controller-manager v0.27.7 + k8s.io/cri-api => k8s.io/cri-api v0.27.7 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.7 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.7 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.7 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.7 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.7 + k8s.io/kubectl => k8s.io/kubectl v0.27.7 + k8s.io/kubelet => k8s.io/kubelet v0.27.7 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.7 + k8s.io/metrics => k8s.io/metrics v0.27.7 + k8s.io/mount-utils => k8s.io/mount-utils v0.27.7 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.7 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.7 ) diff --git a/go.sum b/go.sum index 32c17268d..a8d9f084f 100644 --- a/go.sum +++ b/go.sum @@ -123,8 +123,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= @@ -275,14 +275,14 @@ github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk= github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/openshift/api v0.0.0-20230516201849-333bc194ef7a h1:tz6xYik+q1q6o/AXoRZeGkk2idio130xeh2R1ZBNqGM= -github.com/openshift/api v0.0.0-20230516201849-333bc194ef7a/go.mod h1:4VWG+W22wrB4HfBL88P40DxLEpSOaiBVxUnfalfJo9k= -github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 h1:mh3ZYs7kPIIe3UUY6tJcTExmtjnXXUu0MrBuK2W/Qvw= -github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb h1:Nij5OnaECrkmcRQMAE9LMbQXPo95aqFnf+12B7SyFVI= -github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb/go.mod h1:Rhb3moCqeiTuGHAbXBOlwPubUMlOZEkrEWTRjIF3jzs= -github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb h1:B1VhZf/XTcInahu7XmosGLDGlKgJHj9eYtNBq+tA2dY= -github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb/go.mod h1:PJVatR/oS/EaFciwylyAr9hORSqQHrC+5bXf4L0wsBY= +github.com/openshift/api v0.0.0-20231012190404-7b36cb38c7d0 h1:+XsCYpNsZ0Arx95PDvIbPnpkj4Cd8scHWdnMlNvXiKk= +github.com/openshift/api v0.0.0-20231012190404-7b36cb38c7d0/go.mod h1:yimSGmjsI+XF1mr+AKBs2//fSXIOhhetHGbMlBEfXbs= +github.com/openshift/build-machinery-go v0.0.0-20230816154005-5a38e1bfd880 h1:FFRA5mTN0CwySUwJnerfX9oCpT3H2ply4sLhXwMubPY= +github.com/openshift/build-machinery-go v0.0.0-20230816154005-5a38e1bfd880/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb h1:laYRaVm1tMdTLkZERvj9muJDvUtYo2HjRoo4Xu55EfM= +github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb/go.mod h1:eCLby3OeidJ9+8GcvvGROU6hsCv2XAPQw8EO7d8NbQA= +github.com/openshift/library-go v0.0.0-20231020125025-211b32f1a1f2 h1:TWG/YVRhSvjYq8iIwJ2Wpoopgg0zuh+ZAl1RSm4J8Z0= +github.com/openshift/library-go v0.0.0-20231020125025-211b32f1a1f2/go.mod h1:ZFwNwC3opc/7aOvzUbU95zp33Lbxet48h80ryH3p6DY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -330,8 +330,8 @@ github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= -github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= +github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= @@ -733,36 +733,36 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= -k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kms v0.27.1 h1:JTSQbJb+mcobScQwF0bOmZhIwP17k8GvBsiLlA6SQqw= -k8s.io/kms v0.27.1/go.mod h1:VuTsw0uHlSycKLCkypCGxfFCjLfzf/5YMeATECd/zJA= +k8s.io/api v0.27.7 h1:7yG4D3t/q4utJe2ptlRw9aPuxcSmroTsYxsofkQNl/A= +k8s.io/api v0.27.7/go.mod h1:ZNExI/Lhrs9YrLgVWx6jjHZdoWCTXfBXuFjt1X6olro= +k8s.io/apimachinery v0.27.7 h1:Gxgtb7Y/Rsu8ymgmUEaiErkxa6RY4oTd8kNUI6SUR58= +k8s.io/apimachinery v0.27.7/go.mod h1:jBGQgTjkw99ef6q5hv1YurDd3BqKDk9YRxmX0Ozo0i8= +k8s.io/apiserver v0.27.7 h1:E8sDHwfUug82YC1++qvE73QxihaXDqT4tr8XYBOEtc4= +k8s.io/apiserver v0.27.7/go.mod h1:OrLG9RwCOerutAlo8QJW5EHzUG9Dad7k6rgcDUNSO/w= +k8s.io/client-go v0.27.7 h1:+Xgh9OOKv6A3qdD4Dnl/0VOI5EvAv+0s/OseDxVVTwQ= +k8s.io/client-go v0.27.7/go.mod h1:dZ2kqcalYp5YZ2EV12XIMc77G6PxHWOJp/kclZr4+5Q= +k8s.io/cloud-provider v0.27.7 h1:tKn1bQVt3j95skBKaPO5dwBxmr39/SqdsCw3yNqcXws= +k8s.io/cloud-provider v0.27.7/go.mod h1:FI1QOdb/hnbrc+jEx+efrwDn/QyqMd3CfoOrm1bVmxs= +k8s.io/component-base v0.27.7 h1:kngM58HR9W9Nqpv7e4rpdRyWnKl/ABpUhLAZ+HoliMs= +k8s.io/component-base v0.27.7/go.mod h1:YGjlCVL1oeKvG3HSciyPHFh+LCjIEqsxz4BDR3cfHRs= +k8s.io/component-helpers v0.27.7 h1:4oJkgJuvrwUpuTLvJjoENUv8HO/Bb0VnyhQXFByU+Hg= +k8s.io/component-helpers v0.27.7/go.mod h1:L9Kzzc7amjdzPP7aipEWjkLakBolXkrEGb7Enl8geGs= +k8s.io/controller-manager v0.27.7 h1:ImTbPspuIL8mIWrF6g2BqEH7yNfqQ9kmfvBIqGjeWTw= +k8s.io/controller-manager v0.27.7/go.mod h1:R5pFgkLbAR0E48HAmjKBw6RIXh1PSfOH1kcPOJmmzhI= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kms v0.27.7 h1:3iB92lQIH4uEz0V+wQAXvAsgIDhmXg/8lCu01FCjtqI= +k8s.io/kms v0.27.7/go.mod h1:JspOc8g6+cDlZfgW5GqnHS+OV6tAVyg4iXytCrqfNPw= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/kubelet v0.27.1 h1:IkfZ0N9CX/g6EDis7nJw8ZsOuHcpFA6cm0pXQx0g5TY= -k8s.io/kubelet v0.27.1/go.mod h1:g3cIhpZPawo/MvsdnmcLmqDJvDPdbUFkzfyLNz03nQg= -k8s.io/kubernetes v0.0.0-20231013002001-0219e706729b h1:0hsAwAn4Tf24/7ClL5nuzcsiTX5JxI9z5n1Cd57vATE= -k8s.io/kubernetes v0.0.0-20231013002001-0219e706729b/go.mod h1:9RuASG1ooCxhMDOxMG5nJ0Vw/wap9iylq4Y/Uzn/R/0= -k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20231013002001-0219e706729b h1:FpYdTikTepTZbN1gtHzryWOSt7vp5rTBUvTptV0Epok= -k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20231013002001-0219e706729b/go.mod h1:FUBryYZAZ5c+HrWv669EGQI35bOf3bwmYe+0bvEsnbs= -k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20231013002001-0219e706729b h1:dGf/mDpHB6Ho5FO4neMnVEdsVclHM1YyHLz7lGP90n4= -k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20231013002001-0219e706729b/go.mod h1:FBRM3yUVRkA486KyB++ccRoNIUPCCi2F3clgDIXnBAU= -k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20231013002001-0219e706729b h1:+u7Dsd/gi6WkvbkdbSJ2Jt82nyDbEbfhtmfle9ZVkso= -k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20231013002001-0219e706729b/go.mod h1:s/BJV3mFaxu0qG+1nqnYNibw1xGZRSyO3adLE3FEKgg= -k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20231013002001-0219e706729b h1:6Ud6UMO5SH93qNL225kcAJFodxw6FmHANoVfp2G2nCk= -k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20231013002001-0219e706729b/go.mod h1:kaYyCkmMtGcJWjy2boCbgIVq1btSQC3arr69AlXfofA= -k8s.io/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20231013002001-0219e706729b h1:ZJGIXCUiW6U7nhH9my+3cQz7uhOwMCfdlmsHXCPs478= -k8s.io/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20231013002001-0219e706729b/go.mod h1:f/G5ZOFxSGF4LIxnx3GDrseIguKps0mnYp1BODQquQ4= -k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20231013002001-0219e706729b h1:pBZW0xjbQXJwMLM7t+YrIDq5u1CbcWyTqBIyFnq9qJQ= -k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20231013002001-0219e706729b/go.mod h1:ABwqdKYIpKy0XjQZ44etMus8IXyeeVU6LGraeqRtg4Q= -k8s.io/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20231013002001-0219e706729b h1:aER6O+RqGL5Lwgiu12qCGi/GgSlPKg5P5hOUNzNLO5I= -k8s.io/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20231013002001-0219e706729b/go.mod h1:6lQjq0FKt83lcvGUeFUxW2+KMkrZPu7By3kT9kgT1Y0= -k8s.io/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20231013002001-0219e706729b h1:v9lVv1epsevszmfW8xagV+oQgbQSrZ0uqfexIvDw4e0= -k8s.io/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20231013002001-0219e706729b/go.mod h1:MxykPYLqerBq87BNUcH5EEDf5g0QXsE5TVK4FB+wE4Y= -k8s.io/pod-security-admission v0.27.1 h1:if4d1zzcpNOZNvljvJ0nTCshFPUmnkIsy7KYJg7FP08= -k8s.io/pod-security-admission v0.27.1/go.mod h1:dICAHAC4DE0q+yrGuPJ8kuJ5dEsWtqNkclzCDckHj/s= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kubelet v0.27.7 h1:DiptBLFbl6nyadTP9DUfhiReasBDV1qyE1r8h2o5mXc= +k8s.io/kubelet v0.27.7/go.mod h1:WKoEgiCa6/hzmgN4UgVioEwcpLC8wg+9Xzzc8fqOCYs= +k8s.io/kubernetes v1.27.7 h1:YXzCNZ289k8cy5pOOGzGqBUjCF9eLVqwwImEIX+uB4I= +k8s.io/kubernetes v1.27.7/go.mod h1:9RuASG1ooCxhMDOxMG5nJ0Vw/wap9iylq4Y/Uzn/R/0= +k8s.io/pod-security-admission v0.27.7 h1:dzroM+0fPWec0884LG5q5aJ5ZuITH4TDTjd6lM6Ipag= +k8s.io/pod-security-admission v0.27.7/go.mod h1:g0Lx/Ufn3ABaDmA1I+TpDlrYMW1FJTVk9HPd3Mkv7fI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -770,7 +770,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 h1:trsWhjU5jZrx6U sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISXqCDVVcyO8hLn12AKVYYUjM7ftlqsqmrhMZE0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= +sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= From ed750a367e9e9d3c6a61e6caa1f06fde77ba5d58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20K=C5=99epinsk=C3=BD?= Date: Fri, 20 Oct 2023 18:23:59 +0200 Subject: [PATCH 2/2] go mod vendor --- vendor/github.com/go-logr/logr/.golangci.yaml | 3 - vendor/github.com/go-logr/logr/discard.go | 32 +- vendor/github.com/go-logr/logr/funcr/funcr.go | 27 +- vendor/github.com/go-logr/logr/logr.go | 166 +-- .../github.com/openshift/api/apps/v1/doc.go | 1 + .../openshift/api/apps/v1/generated.proto | 1 + .../github.com/openshift/api/apps/v1/types.go | 19 + .../v1/zz_generated.swagger_doc_generated.go | 2 +- .../v1/zz_prerelease_lifecycle_generated.go | 114 ++ ...ersion-operator_01_clusterversion.crd.yaml | 16 + ...ator_01_apiserver-CustomNoUpgrade.crd.yaml | 179 ++++ ...g-operator_01_dns-CustomNoUpgrade.crd.yaml | 114 ++ ...0_config-operator_01_dns-Default.crd.yaml} | 42 + ...rator_01_dns-TechPreviewNoUpgrade.crd.yaml | 114 ++ ...01_infrastructure-CustomNoUpgrade.crd.yaml | 999 ++++++++++++++++++ ...rastructure-CustomNoUpgrade.crd.yaml-patch | 24 + ...perator_01_infrastructure-Default.crd.yaml | 28 + ...frastructure-TechPreviewNoUpgrade.crd.yaml | 94 ++ ...roller-manager-operator_01_build.crd.yaml} | 1 + .../config/v1/custom.apiserver.testsuite.yaml | 35 + .../api/config/v1/custom.dns.testsuite.yaml | 104 ++ .../v1/custom.infrastructure.testsuite.yaml | 321 ++++++ .../openshift/api/config/v1/feature_gates.go | 159 ++- .../api/config/v1/stable.build.testsuite.yaml | 2 +- .../v1/stable.clusterversion.testsuite.yaml | 140 +++ .../api/config/v1/stable.dns.testsuite.yaml | 93 +- .../v1/stable.infrastructure.testsuite.yaml | 498 +++++++++ .../config/v1/techpreview.dns.testsuite.yaml | 14 + .../techpreview.infrastructure.testsuite.yaml | 306 ++++++ .../api/config/v1/types_cluster_version.go | 73 +- .../openshift/api/config/v1/types_dns.go | 37 + .../openshift/api/config/v1/types_feature.go | 24 +- .../api/config/v1/types_infrastructure.go | 132 ++- .../api/config/v1/zz_generated.deepcopy.go | 99 +- .../v1/zz_generated.swagger_doc_generated.go | 61 +- ...or_01_backup-TechPreviewNoUpgrade.crd.yaml | 100 ++ .../openshift/api/config/v1alpha1/register.go | 2 + .../techpreview.backup.testsuite.yaml | 202 ++++ .../api/config/v1alpha1/types_backup.go | 168 +++ .../config/v1alpha1/zz_generated.deepcopy.go | 169 +++ .../zz_generated.swagger_doc_generated.go | 69 ++ .../api/openshiftcontrolplane/v1/types.go | 59 ++ .../v1/zz_generated.deepcopy.go | 50 + .../v1/zz_generated.swagger_doc_generated.go | 19 + ...or_01_config-TechPreviewNoUpgrade.crd.yaml | 207 ++++ .../0000_12_etcd-operator_01_config.crd.yaml | 8 + ...oud-credential-operator_00_config.crd.yaml | 1 + ...00_50_cluster_storage_operator_01_crd.yaml | 5 - ...ess-operator_00-ingresscontroller.crd.yaml | 134 ++- ...00_70_cluster-network-operator_01.crd.yaml | 60 +- ...0_90_cluster_csi_driver_01_config.crd.yaml | 1 + ...luster_csi_driver_01_config.crd.yaml-patch | 1 + ....crd.yaml => 00_console-operator.crd.yaml} | 15 +- .../operator/v1/stable.console.testsuite.yaml | 2 +- .../stable.ingresscontroller.testsuite.yaml | 463 ++++++++ .../operator/v1/stable.network.testsuite.yaml | 213 ++++ .../operator/v1/stable.storage.testsuite.yaml | 21 +- .../v1/techpreview.etcd.testsuite.yaml | 62 ++ .../api/operator/v1/types_console.go | 28 +- .../operator/v1/types_csi_cluster_driver.go | 1 + .../openshift/api/operator/v1/types_etcd.go | 29 + .../api/operator/v1/types_ingress.go | 158 ++- .../api/operator/v1/types_network.go | 78 +- .../api/operator/v1/types_storage.go | 2 - .../api/operator/v1/zz_generated.deepcopy.go | 119 +++ .../v1/zz_generated.swagger_doc_generated.go | 76 +- ...1_etcdbackup-TechPreviewNoUpgrade.crd.yaml | 114 ++ ...g-operator_01_olm-CustomNoUpgrade.crd.yaml | 140 +++ ...rator_01_olm-TechPreviewNoUpgrade.crd.yaml | 140 +++ .../v1alpha1/custom.olm.testsuite.yaml | 28 + .../api/operator/v1alpha1/register.go | 4 + .../techpreview.etcdbackup.testsuite.yaml | 38 + .../v1alpha1/techpreview.olm.testsuite.yaml | 28 + .../openshift/api/operator/v1alpha1/types.go | 29 +- .../api/operator/v1alpha1/types_etcdbackup.go | 101 ++ .../api/operator/v1alpha1/types_olm.go | 56 + .../v1alpha1/zz_generated.deepcopy.go | 217 ++++ .../zz_generated.swagger_doc_generated.go | 82 +- .../openshift/api/security/v1/consts.go | 3 + .../Dockerfile.commitchecker | 14 + .../config/v1/awsdnsspec.go | 23 + .../config/v1/cloudcontrollermanagerstatus.go | 27 + .../config/v1/dnsplatformspec.go | 36 + .../applyconfigurations/config/v1/dnsspec.go | 15 +- .../config/v1/externalplatformstatus.go | 23 + .../config/v1/gcpplatformstatus.go | 32 +- .../config/v1/gcpresourcelabel.go | 32 + .../config/v1/gcpresourcetag.go | 41 + .../config/v1/platformstatus.go | 6 +- .../applyconfigurations/internal/internal.go | 181 +++- .../library-go/pkg/config/serving/server.go | 4 +- .../pkg/controller/controllercmd/builder.go | 11 +- .../pkg/controller/controllercmd/cmd.go | 6 + .../pkg/controller/factory/base_controller.go | 16 +- .../pkg/controller/factory/factory.go | 6 - .../pkg/image/internal/digest/doc.go | 2 +- .../pkg/image/internal/reference/doc.go | 2 +- vendor/github.com/spf13/cobra/command.go | 21 +- vendor/github.com/spf13/cobra/user_guide.md | 9 +- .../client-go/pkg/version/.gitattributes | 1 - .../component-base/version/.gitattributes | 1 - vendor/k8s.io/klog/v2/format.go | 65 ++ .../klog/v2/internal/serialize/keyvalues.go | 47 +- vendor/k8s.io/klog/v2/k8s_references.go | 12 +- vendor/k8s.io/klog/v2/klog.go | 13 + .../kubernetes/pkg/features/kube_features.go | 2 + vendor/k8s.io/utils/pointer/pointer.go | 283 ++--- vendor/k8s.io/utils/ptr/OWNERS | 10 + vendor/k8s.io/utils/ptr/README.md | 3 + vendor/k8s.io/utils/ptr/ptr.go | 73 ++ vendor/modules.txt | 94 +- .../v4/merge/conflict.go | 2 +- .../structured-merge-diff/v4/merge/update.go | 51 +- .../v4/schema/elements.go | 3 +- .../v4/schema/schemaschema.go | 2 +- .../structured-merge-diff/v4/typed/merge.go | 11 +- .../structured-merge-diff/v4/typed/typed.go | 7 +- .../v4/typed/validate.go | 6 + .../v4/value/mapreflect.go | 2 +- .../v4/value/mapunstructured.go | 8 +- .../v4/value/reflectcache.go | 4 +- 121 files changed, 8231 insertions(+), 552 deletions(-) create mode 100644 vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml rename vendor/github.com/openshift/api/config/v1/{0000_10_config-operator_01_dns.crd.yaml => 0000_10_config-operator_01_dns-Default.crd.yaml} (68%) create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch rename vendor/github.com/openshift/api/config/v1/{0000_10_config-operator_01_build.crd.yaml => 0000_10_openshift-controller-manager-operator_01_build.crd.yaml} (99%) create mode 100644 vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1alpha1/types_backup.go create mode 100644 vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml rename vendor/github.com/openshift/api/operator/v1/{0000_70_console-operator.crd.yaml => 00_console-operator.crd.yaml} (98%) create mode 100644 vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go create mode 100644 vendor/github.com/openshift/build-machinery-go/Dockerfile.commitchecker create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go delete mode 100644 vendor/k8s.io/client-go/pkg/version/.gitattributes delete mode 100644 vendor/k8s.io/component-base/version/.gitattributes create mode 100644 vendor/k8s.io/klog/v2/format.go create mode 100644 vendor/k8s.io/utils/ptr/OWNERS create mode 100644 vendor/k8s.io/utils/ptr/README.md create mode 100644 vendor/k8s.io/utils/ptr/ptr.go diff --git a/vendor/github.com/go-logr/logr/.golangci.yaml b/vendor/github.com/go-logr/logr/.golangci.yaml index 94ff801df..0cffafa7b 100644 --- a/vendor/github.com/go-logr/logr/.golangci.yaml +++ b/vendor/github.com/go-logr/logr/.golangci.yaml @@ -6,7 +6,6 @@ linters: disable-all: true enable: - asciicheck - - deadcode - errcheck - forcetypeassert - gocritic @@ -18,10 +17,8 @@ linters: - misspell - revive - staticcheck - - structcheck - typecheck - unused - - varcheck issues: exclude-use-default: false diff --git a/vendor/github.com/go-logr/logr/discard.go b/vendor/github.com/go-logr/logr/discard.go index 9d92a38f1..99fe8be93 100644 --- a/vendor/github.com/go-logr/logr/discard.go +++ b/vendor/github.com/go-logr/logr/discard.go @@ -20,35 +20,5 @@ package logr // used whenever the caller is not interested in the logs. Logger instances // produced by this function always compare as equal. func Discard() Logger { - return Logger{ - level: 0, - sink: discardLogSink{}, - } -} - -// discardLogSink is a LogSink that discards all messages. -type discardLogSink struct{} - -// Verify that it actually implements the interface -var _ LogSink = discardLogSink{} - -func (l discardLogSink) Init(RuntimeInfo) { -} - -func (l discardLogSink) Enabled(int) bool { - return false -} - -func (l discardLogSink) Info(int, string, ...interface{}) { -} - -func (l discardLogSink) Error(error, string, ...interface{}) { -} - -func (l discardLogSink) WithValues(...interface{}) LogSink { - return l -} - -func (l discardLogSink) WithName(string) LogSink { - return l + return New(nil) } diff --git a/vendor/github.com/go-logr/logr/funcr/funcr.go b/vendor/github.com/go-logr/logr/funcr/funcr.go index 7accdb0c4..e52f0cd01 100644 --- a/vendor/github.com/go-logr/logr/funcr/funcr.go +++ b/vendor/github.com/go-logr/logr/funcr/funcr.go @@ -21,13 +21,13 @@ limitations under the License. // github.com/go-logr/logr.LogSink with output through an arbitrary // "write" function. See New and NewJSON for details. // -// Custom LogSinks +// # Custom LogSinks // // For users who need more control, a funcr.Formatter can be embedded inside // your own custom LogSink implementation. This is useful when the LogSink // needs to implement additional methods, for example. // -// Formatting +// # Formatting // // This will respect logr.Marshaler, fmt.Stringer, and error interfaces for // values which are being logged. When rendering a struct, funcr will use Go's @@ -37,6 +37,7 @@ package funcr import ( "bytes" "encoding" + "encoding/json" "fmt" "path/filepath" "reflect" @@ -217,7 +218,7 @@ func newFormatter(opts Options, outfmt outputFormat) Formatter { prefix: "", values: nil, depth: 0, - opts: opts, + opts: &opts, } return f } @@ -231,7 +232,7 @@ type Formatter struct { values []interface{} valuesStr string depth int - opts Options + opts *Options } // outputFormat indicates which outputFormat to use. @@ -447,6 +448,7 @@ func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) s if flags&flagRawStruct == 0 { buf.WriteByte('{') } + printComma := false // testing i>0 is not enough because of JSON omitted fields for i := 0; i < t.NumField(); i++ { fld := t.Field(i) if fld.PkgPath != "" { @@ -478,9 +480,10 @@ func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) s if omitempty && isEmpty(v.Field(i)) { continue } - if i > 0 { + if printComma { buf.WriteByte(',') } + printComma = true // if we got here, we are rendering a field if fld.Anonymous && fld.Type.Kind() == reflect.Struct && name == "" { buf.WriteString(f.prettyWithFlags(v.Field(i).Interface(), flags|flagRawStruct, depth+1)) continue @@ -500,6 +503,20 @@ func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) s } return buf.String() case reflect.Slice, reflect.Array: + // If this is outputing as JSON make sure this isn't really a json.RawMessage. + // If so just emit "as-is" and don't pretty it as that will just print + // it as [X,Y,Z,...] which isn't terribly useful vs the string form you really want. + if f.outputFormat == outputJSON { + if rm, ok := value.(json.RawMessage); ok { + // If it's empty make sure we emit an empty value as the array style would below. + if len(rm) > 0 { + buf.Write(rm) + } else { + buf.WriteString("null") + } + return buf.String() + } + } buf.WriteByte('[') for i := 0; i < v.Len(); i++ { if i > 0 { diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go index c3b56b3d2..e027aea3f 100644 --- a/vendor/github.com/go-logr/logr/logr.go +++ b/vendor/github.com/go-logr/logr/logr.go @@ -21,7 +21,7 @@ limitations under the License. // to back that API. Packages in the Go ecosystem can depend on this package, // while callers can implement logging with whatever backend is appropriate. // -// Usage +// # Usage // // Logging is done using a Logger instance. Logger is a concrete type with // methods, which defers the actual logging to a LogSink interface. The main @@ -30,16 +30,20 @@ limitations under the License. // "structured logging". // // With Go's standard log package, we might write: -// log.Printf("setting target value %s", targetValue) +// +// log.Printf("setting target value %s", targetValue) // // With logr's structured logging, we'd write: -// logger.Info("setting target", "value", targetValue) +// +// logger.Info("setting target", "value", targetValue) // // Errors are much the same. Instead of: -// log.Printf("failed to open the pod bay door for user %s: %v", user, err) +// +// log.Printf("failed to open the pod bay door for user %s: %v", user, err) // // We'd write: -// logger.Error(err, "failed to open the pod bay door", "user", user) +// +// logger.Error(err, "failed to open the pod bay door", "user", user) // // Info() and Error() are very similar, but they are separate methods so that // LogSink implementations can choose to do things like attach additional @@ -47,7 +51,7 @@ limitations under the License. // always logged, regardless of the current verbosity. If there is no error // instance available, passing nil is valid. // -// Verbosity +// # Verbosity // // Often we want to log information only when the application in "verbose // mode". To write log lines that are more verbose, Logger has a V() method. @@ -58,20 +62,22 @@ limitations under the License. // Error messages do not have a verbosity level and are always logged. // // Where we might have written: -// if flVerbose >= 2 { -// log.Printf("an unusual thing happened") -// } +// +// if flVerbose >= 2 { +// log.Printf("an unusual thing happened") +// } // // We can write: -// logger.V(2).Info("an unusual thing happened") // -// Logger Names +// logger.V(2).Info("an unusual thing happened") +// +// # Logger Names // // Logger instances can have name strings so that all messages logged through // that instance have additional context. For example, you might want to add // a subsystem name: // -// logger.WithName("compactor").Info("started", "time", time.Now()) +// logger.WithName("compactor").Info("started", "time", time.Now()) // // The WithName() method returns a new Logger, which can be passed to // constructors or other functions for further use. Repeated use of WithName() @@ -82,25 +88,27 @@ limitations under the License. // joining operation (e.g. whitespace, commas, periods, slashes, brackets, // quotes, etc). // -// Saved Values +// # Saved Values // // Logger instances can store any number of key/value pairs, which will be // logged alongside all messages logged through that instance. For example, // you might want to create a Logger instance per managed object: // // With the standard log package, we might write: -// log.Printf("decided to set field foo to value %q for object %s/%s", -// targetValue, object.Namespace, object.Name) +// +// log.Printf("decided to set field foo to value %q for object %s/%s", +// targetValue, object.Namespace, object.Name) // // With logr we'd write: -// // Elsewhere: set up the logger to log the object name. -// obj.logger = mainLogger.WithValues( -// "name", obj.name, "namespace", obj.namespace) // -// // later on... -// obj.logger.Info("setting foo", "value", targetValue) +// // Elsewhere: set up the logger to log the object name. +// obj.logger = mainLogger.WithValues( +// "name", obj.name, "namespace", obj.namespace) +// +// // later on... +// obj.logger.Info("setting foo", "value", targetValue) // -// Best Practices +// # Best Practices // // Logger has very few hard rules, with the goal that LogSink implementations // might have a lot of freedom to differentiate. There are, however, some @@ -124,15 +132,15 @@ limitations under the License. // around. For cases where passing a logger is optional, a pointer to Logger // should be used. // -// Key Naming Conventions +// # Key Naming Conventions // // Keys are not strictly required to conform to any specification or regex, but // it is recommended that they: -// * be human-readable and meaningful (not auto-generated or simple ordinals) -// * be constant (not dependent on input data) -// * contain only printable characters -// * not contain whitespace or punctuation -// * use lower case for simple keys and lowerCamelCase for more complex ones +// - be human-readable and meaningful (not auto-generated or simple ordinals) +// - be constant (not dependent on input data) +// - contain only printable characters +// - not contain whitespace or punctuation +// - use lower case for simple keys and lowerCamelCase for more complex ones // // These guidelines help ensure that log data is processed properly regardless // of the log implementation. For example, log implementations will try to @@ -141,51 +149,54 @@ limitations under the License. // While users are generally free to use key names of their choice, it's // generally best to avoid using the following keys, as they're frequently used // by implementations: -// * "caller": the calling information (file/line) of a particular log line -// * "error": the underlying error value in the `Error` method -// * "level": the log level -// * "logger": the name of the associated logger -// * "msg": the log message -// * "stacktrace": the stack trace associated with a particular log line or -// error (often from the `Error` message) -// * "ts": the timestamp for a log line +// - "caller": the calling information (file/line) of a particular log line +// - "error": the underlying error value in the `Error` method +// - "level": the log level +// - "logger": the name of the associated logger +// - "msg": the log message +// - "stacktrace": the stack trace associated with a particular log line or +// error (often from the `Error` message) +// - "ts": the timestamp for a log line // // Implementations are encouraged to make use of these keys to represent the // above concepts, when necessary (for example, in a pure-JSON output form, it // would be necessary to represent at least message and timestamp as ordinary // named values). // -// Break Glass +// # Break Glass // // Implementations may choose to give callers access to the underlying // logging implementation. The recommended pattern for this is: -// // Underlier exposes access to the underlying logging implementation. -// // Since callers only have a logr.Logger, they have to know which -// // implementation is in use, so this interface is less of an abstraction -// // and more of way to test type conversion. -// type Underlier interface { -// GetUnderlying() -// } +// +// // Underlier exposes access to the underlying logging implementation. +// // Since callers only have a logr.Logger, they have to know which +// // implementation is in use, so this interface is less of an abstraction +// // and more of way to test type conversion. +// type Underlier interface { +// GetUnderlying() +// } // // Logger grants access to the sink to enable type assertions like this: -// func DoSomethingWithImpl(log logr.Logger) { -// if underlier, ok := log.GetSink()(impl.Underlier) { -// implLogger := underlier.GetUnderlying() -// ... -// } -// } +// +// func DoSomethingWithImpl(log logr.Logger) { +// if underlier, ok := log.GetSink().(impl.Underlier); ok { +// implLogger := underlier.GetUnderlying() +// ... +// } +// } // // Custom `With*` functions can be implemented by copying the complete // Logger struct and replacing the sink in the copy: -// // WithFooBar changes the foobar parameter in the log sink and returns a -// // new logger with that modified sink. It does nothing for loggers where -// // the sink doesn't support that parameter. -// func WithFoobar(log logr.Logger, foobar int) logr.Logger { -// if foobarLogSink, ok := log.GetSink()(FoobarSink); ok { -// log = log.WithSink(foobarLogSink.WithFooBar(foobar)) -// } -// return log -// } +// +// // WithFooBar changes the foobar parameter in the log sink and returns a +// // new logger with that modified sink. It does nothing for loggers where +// // the sink doesn't support that parameter. +// func WithFoobar(log logr.Logger, foobar int) logr.Logger { +// if foobarLogSink, ok := log.GetSink().(FoobarSink); ok { +// log = log.WithSink(foobarLogSink.WithFooBar(foobar)) +// } +// return log +// } // // Don't use New to construct a new Logger with a LogSink retrieved from an // existing Logger. Source code attribution might not work correctly and @@ -201,11 +212,14 @@ import ( ) // New returns a new Logger instance. This is primarily used by libraries -// implementing LogSink, rather than end users. +// implementing LogSink, rather than end users. Passing a nil sink will create +// a Logger which discards all log lines. func New(sink LogSink) Logger { logger := Logger{} logger.setSink(sink) - sink.Init(runtimeInfo) + if sink != nil { + sink.Init(runtimeInfo) + } return logger } @@ -244,7 +258,7 @@ type Logger struct { // Enabled tests whether this Logger is enabled. For example, commandline // flags might be used to set the logging verbosity and disable some info logs. func (l Logger) Enabled() bool { - return l.sink.Enabled(l.level) + return l.sink != nil && l.sink.Enabled(l.level) } // Info logs a non-error message with the given key/value pairs as context. @@ -254,6 +268,9 @@ func (l Logger) Enabled() bool { // information. The key/value pairs must alternate string keys and arbitrary // values. func (l Logger) Info(msg string, keysAndValues ...interface{}) { + if l.sink == nil { + return + } if l.Enabled() { if withHelper, ok := l.sink.(CallStackHelperLogSink); ok { withHelper.GetCallStackHelper()() @@ -273,6 +290,9 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) { // triggered this log line, if present. The err parameter is optional // and nil may be passed instead of an error instance. func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) { + if l.sink == nil { + return + } if withHelper, ok := l.sink.(CallStackHelperLogSink); ok { withHelper.GetCallStackHelper()() } @@ -284,6 +304,9 @@ func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) { // level means a log message is less important. Negative V-levels are treated // as 0. func (l Logger) V(level int) Logger { + if l.sink == nil { + return l + } if level < 0 { level = 0 } @@ -294,6 +317,9 @@ func (l Logger) V(level int) Logger { // WithValues returns a new Logger instance with additional key/value pairs. // See Info for documentation on how key/value pairs work. func (l Logger) WithValues(keysAndValues ...interface{}) Logger { + if l.sink == nil { + return l + } l.setSink(l.sink.WithValues(keysAndValues...)) return l } @@ -304,6 +330,9 @@ func (l Logger) WithValues(keysAndValues ...interface{}) Logger { // contain only letters, digits, and hyphens (see the package documentation for // more information). func (l Logger) WithName(name string) Logger { + if l.sink == nil { + return l + } l.setSink(l.sink.WithName(name)) return l } @@ -324,6 +353,9 @@ func (l Logger) WithName(name string) Logger { // WithCallDepth(1) because it works with implementions that support the // CallDepthLogSink and/or CallStackHelperLogSink interfaces. func (l Logger) WithCallDepth(depth int) Logger { + if l.sink == nil { + return l + } if withCallDepth, ok := l.sink.(CallDepthLogSink); ok { l.setSink(withCallDepth.WithCallDepth(depth)) } @@ -345,6 +377,9 @@ func (l Logger) WithCallDepth(depth int) Logger { // implementation does not support either of these, the original Logger will be // returned. func (l Logger) WithCallStackHelper() (func(), Logger) { + if l.sink == nil { + return func() {}, l + } var helper func() if withCallDepth, ok := l.sink.(CallDepthLogSink); ok { l.setSink(withCallDepth.WithCallDepth(1)) @@ -357,6 +392,11 @@ func (l Logger) WithCallStackHelper() (func(), Logger) { return helper, l } +// IsZero returns true if this logger is an uninitialized zero value +func (l Logger) IsZero() bool { + return l.sink == nil +} + // contextKey is how we find Loggers in a context.Context. type contextKey struct{} @@ -442,7 +482,7 @@ type LogSink interface { WithName(name string) LogSink } -// CallDepthLogSink represents a Logger that knows how to climb the call stack +// CallDepthLogSink represents a LogSink that knows how to climb the call stack // to identify the original call site and can offset the depth by a specified // number of frames. This is useful for users who have helper functions // between the "real" call site and the actual calls to Logger methods. @@ -467,7 +507,7 @@ type CallDepthLogSink interface { WithCallDepth(depth int) LogSink } -// CallStackHelperLogSink represents a Logger that knows how to climb +// CallStackHelperLogSink represents a LogSink that knows how to climb // the call stack to identify the original call site and can skip // intermediate helper functions if they mark themselves as // helper. Go's testing package uses that approach. diff --git a/vendor/github.com/openshift/api/apps/v1/doc.go b/vendor/github.com/openshift/api/apps/v1/doc.go index edd16297b..f0fb3f59a 100644 --- a/vendor/github.com/openshift/api/apps/v1/doc.go +++ b/vendor/github.com/openshift/api/apps/v1/doc.go @@ -2,6 +2,7 @@ // +k8s:conversion-gen=github.com/openshift/origin/pkg/apps/apis/apps // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +k8s:prerelease-lifecycle-gen=true // +groupName=apps.openshift.io // Package v1 is the v1 version of the API. diff --git a/vendor/github.com/openshift/api/apps/v1/generated.proto b/vendor/github.com/openshift/api/apps/v1/generated.proto index 583a557ef..ddf28f600 100644 --- a/vendor/github.com/openshift/api/apps/v1/generated.proto +++ b/vendor/github.com/openshift/api/apps/v1/generated.proto @@ -74,6 +74,7 @@ message DeploymentCondition { // is triggered by any means. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// Deprecated: Use deployments or other means for declarative updates for pods instead. // +openshift:compatibility-gen:level=1 message DeploymentConfig { // metadata is the standard object's metadata. diff --git a/vendor/github.com/openshift/api/apps/v1/types.go b/vendor/github.com/openshift/api/apps/v1/types.go index 87517399b..1465aea27 100644 --- a/vendor/github.com/openshift/api/apps/v1/types.go +++ b/vendor/github.com/openshift/api/apps/v1/types.go @@ -14,6 +14,9 @@ import ( // +genclient:method=GetScale,verb=get,subresource=scale,result=k8s.io/api/extensions/v1beta1.Scale // +genclient:method=UpdateScale,verb=update,subresource=scale,input=k8s.io/api/extensions/v1beta1.Scale,result=k8s.io/api/extensions/v1beta1.Scale // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:prerelease-lifecycle-gen:introduced=3.0 +// +k8s:prerelease-lifecycle-gen:deprecated=4.14 +// +k8s:prerelease-lifecycle-gen:removed=4.10000 // Deployment Configs define the template for a pod and manages deploying new images or configuration changes. // A single deployment configuration is usually analogous to a single micro-service. Can support many different @@ -26,6 +29,7 @@ import ( // is triggered by any means. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// Deprecated: Use deployments or other means for declarative updates for pods instead. // +openshift:compatibility-gen:level=1 type DeploymentConfig struct { metav1.TypeMeta `json:",inline"` @@ -392,6 +396,9 @@ type DeploymentCondition struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:prerelease-lifecycle-gen:introduced=3.0 +// +k8s:prerelease-lifecycle-gen:deprecated=4.14 +// +k8s:prerelease-lifecycle-gen:removed=4.10000 // DeploymentConfigList is a collection of deployment configs. // @@ -409,6 +416,9 @@ type DeploymentConfigList struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:prerelease-lifecycle-gen:introduced=3.0 +// +k8s:prerelease-lifecycle-gen:deprecated=4.14 +// +k8s:prerelease-lifecycle-gen:removed=4.10000 // DeploymentConfigRollback provides the input to rollback generation. // @@ -441,6 +451,9 @@ type DeploymentConfigRollbackSpec struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:prerelease-lifecycle-gen:introduced=3.0 +// +k8s:prerelease-lifecycle-gen:deprecated=4.14 +// +k8s:prerelease-lifecycle-gen:removed=4.10000 // DeploymentRequest is a request to a deployment config for a new deployment. // @@ -462,6 +475,9 @@ type DeploymentRequest struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:prerelease-lifecycle-gen:introduced=3.0 +// +k8s:prerelease-lifecycle-gen:deprecated=4.14 +// +k8s:prerelease-lifecycle-gen:removed=4.10000 // DeploymentLog represents the logs for a deployment // @@ -472,6 +488,9 @@ type DeploymentLog struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +k8s:prerelease-lifecycle-gen:introduced=3.0 +// +k8s:prerelease-lifecycle-gen:deprecated=4.14 +// +k8s:prerelease-lifecycle-gen:removed=4.10000 // DeploymentLogOptions is the REST options for a deployment log // diff --git a/vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go index bec3c7689..ab137d59b 100644 --- a/vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/apps/v1/zz_generated.swagger_doc_generated.go @@ -56,7 +56,7 @@ func (DeploymentCondition) SwaggerDoc() map[string]string { } var map_DeploymentConfig = map[string]string{ - "": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). Deprecated: Use deployments or other means for declarative updates for pods instead.", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "spec": "Spec represents a desired deployment state and how to deploy to it.", "status": "Status represents the current deployment state.", diff --git a/vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go b/vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go new file mode 100644 index 000000000..b3e4de501 --- /dev/null +++ b/vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go @@ -0,0 +1,114 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by prerelease-lifecycle-gen. DO NOT EDIT. + +package v1 + +// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. +func (in *DeploymentConfig) APILifecycleIntroduced() (major, minor int) { + return 3, 0 +} + +// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. +func (in *DeploymentConfig) APILifecycleDeprecated() (major, minor int) { + return 4, 14 +} + +// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. +func (in *DeploymentConfig) APILifecycleRemoved() (major, minor int) { + return 4, 10000 +} + +// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. +func (in *DeploymentConfigList) APILifecycleIntroduced() (major, minor int) { + return 3, 0 +} + +// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. +func (in *DeploymentConfigList) APILifecycleDeprecated() (major, minor int) { + return 4, 14 +} + +// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. +func (in *DeploymentConfigList) APILifecycleRemoved() (major, minor int) { + return 4, 10000 +} + +// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. +func (in *DeploymentConfigRollback) APILifecycleIntroduced() (major, minor int) { + return 3, 0 +} + +// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. +func (in *DeploymentConfigRollback) APILifecycleDeprecated() (major, minor int) { + return 4, 14 +} + +// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. +func (in *DeploymentConfigRollback) APILifecycleRemoved() (major, minor int) { + return 4, 10000 +} + +// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. +func (in *DeploymentLog) APILifecycleIntroduced() (major, minor int) { + return 3, 0 +} + +// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. +func (in *DeploymentLog) APILifecycleDeprecated() (major, minor int) { + return 4, 14 +} + +// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. +func (in *DeploymentLog) APILifecycleRemoved() (major, minor int) { + return 4, 10000 +} + +// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. +func (in *DeploymentLogOptions) APILifecycleIntroduced() (major, minor int) { + return 3, 0 +} + +// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. +func (in *DeploymentLogOptions) APILifecycleDeprecated() (major, minor int) { + return 4, 14 +} + +// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. +func (in *DeploymentLogOptions) APILifecycleRemoved() (major, minor int) { + return 4, 10000 +} + +// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. +func (in *DeploymentRequest) APILifecycleIntroduced() (major, minor int) { + return 3, 0 +} + +// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. +func (in *DeploymentRequest) APILifecycleDeprecated() (major, minor int) { + return 4, 14 +} + +// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. +// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. +func (in *DeploymentRequest) APILifecycleRemoved() (major, minor int) { + return 4, 10000 +} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 16a333ca8..b3e5c9dbc 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -71,6 +71,10 @@ spec: - Storage - CSISnapshot - NodeTuning + - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic baselineCapabilitySet: description: baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent. @@ -80,6 +84,7 @@ spec: - v4.11 - v4.12 - v4.13 + - v4.14 - vCurrent channel: description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters. @@ -192,6 +197,10 @@ spec: - Storage - CSISnapshot - NodeTuning + - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic knownCapabilities: description: knownCapabilities lists all the capabilities known to the current cluster. @@ -208,6 +217,10 @@ spec: - Storage - CSISnapshot - NodeTuning + - MachineAPI + - Build + - DeploymentConfig + - ImageRegistry x-kubernetes-list-type: atomic conditionalUpdates: description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified. @@ -429,6 +442,9 @@ spec: versionHash: description: versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only. type: string + x-kubernetes-validations: + - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' + message: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability served: true storage: true subresources: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml new file mode 100644 index 000000000..1895f9d33 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml @@ -0,0 +1,179 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: apiservers.config.openshift.io +spec: + group: config.openshift.io + names: + kind: APIServer + listKind: APIServerList + plural: apiservers + singular: apiserver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalCORSAllowedOrigins: + description: additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language. + type: array + items: + type: string + audit: + description: audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster. + type: object + default: + profile: Default + properties: + customRules: + description: customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies. + type: array + items: + description: AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile. + type: object + required: + - group + - profile + properties: + group: + description: group is a name of group a request user must be member of in order to this profile to apply. + type: string + minLength: 1 + profile: + description: "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster. \n The following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n If unset, the 'Default' profile is used as the default." + type: string + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + x-kubernetes-list-map-keys: + - group + x-kubernetes-list-type: map + profile: + description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default." + type: string + default: Default + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + clientCA: + description: 'clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - CA bundle.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + encryption: + description: encryption allows the configuration of encryption of resources at the datastore layer. + type: object + properties: + type: + description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" + type: string + enum: + - "" + - identity + - aescbc + - aesgcm + servingCerts: + description: servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic. + type: object + properties: + namedCertificates: + description: namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used. + type: array + items: + description: APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate. + type: object + properties: + names: + description: names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. + type: array + items: + type: string + servingCertificate: + description: 'servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + tlsSecurityProfile: + description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12." + type: object + properties: + custom: + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + type: object + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + type: array + items: + type: string + minTLSVersion: + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + type: string + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + nullable: true + intermediate: + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + type: object + nullable: true + modern: + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + type: object + nullable: true + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + type: object + nullable: true + type: + description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations \n The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. \n Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries." + type: string + enum: + - Old + - Intermediate + - Modern + - Custom + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml new file mode 100644 index 000000000..9da62cbfe --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml @@ -0,0 +1,114 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: dnses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + baseDomain: + description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed." + type: string + platform: + description: platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. + type: object + required: + - type + properties: + aws: + description: aws contains DNS configuration specific to the Amazon Web Services cloud provider. + type: object + properties: + privateZoneIAMRole: + description: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + type: + description: "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\". \n Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + x-kubernetes-validations: + - rule: self in ['','AWS'] + message: allowed values are '' and 'AWS' + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : !has(self.aws)' + message: aws configuration is required when platform is AWS, and forbidden otherwise + privateZone: + description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + publicZone: + description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml similarity index 68% rename from vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml rename to vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml index e4fa56eee..62080e10e 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml @@ -6,6 +6,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: Default name: dnses.config.openshift.io spec: group: config.openshift.io @@ -39,6 +40,47 @@ spec: baseDomain: description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed." type: string + platform: + description: platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. + type: object + required: + - type + properties: + aws: + description: aws contains DNS configuration specific to the Amazon Web Services cloud provider. + type: object + properties: + privateZoneIAMRole: + description: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + type: + description: "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\". \n Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + x-kubernetes-validations: + - rule: self in ['','AWS'] + message: allowed values are '' and 'AWS' + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : !has(self.aws)' + message: aws configuration is required when platform is AWS, and forbidden otherwise privateZone: description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed." type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..043b6fc60 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,114 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: dnses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "DNS holds cluster-wide information about DNS. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + baseDomain: + description: "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. \n For example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`. \n Once set, this field cannot be changed." + type: string + platform: + description: platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. + type: object + required: + - type + properties: + aws: + description: aws contains DNS configuration specific to the Amazon Web Services cloud provider. + type: object + properties: + privateZoneIAMRole: + description: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. + type: string + pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + type: + description: "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\". \n Individual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + x-kubernetes-validations: + - rule: self in ['','AWS'] + message: allowed values are '' and 'AWS' + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : !has(self.aws)' + message: aws configuration is required when platform is AWS, and forbidden otherwise + privateZone: + description: "privateZone is the location where all the DNS records that are only available internally to the cluster exist. \n If this field is nil, no private records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + publicZone: + description: "publicZone is the location where all the DNS records that are publicly accessible to the internet exist. \n If this field is nil, no public records should be created. \n Once set, this field cannot be changed." + type: object + properties: + id: + description: "id is the identifier that can be used to find the DNS hosted zone. \n on AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + type: string + tags: + description: "tags can be used to query the DNS hosted zone. \n on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + type: object + additionalProperties: + type: string + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml new file mode 100644 index 000000000..4c6d4c074 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml @@ -0,0 +1,999 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config. \n cloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only." + properties: + key: + description: Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. + type: string + name: + type: string + type: object + platformSpec: + description: platformSpec holds desired information specific to the underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + type: object + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + pattern: ^https:// + type: string + type: object + type: array + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + type: object + external: + description: ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately. + properties: + platformName: + default: Unknown + description: PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making. + type: string + x-kubernetes-validations: + - message: platform name cannot be changed once set + rule: oldSelf == 'Unknown' || self == oldSelf + type: object + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + properties: + prismCentral: + description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + prismElements: + description: prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central. + items: + description: NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster) + properties: + endpoint: + description: endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. + properties: + address: + description: address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + maxLength: 256 + type: string + port: + description: port is the port number to access the Nutanix Prism Central or Element (cluster) + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + name: + description: name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc). + maxLength: 256 + type: string + required: + - endpoint + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - prismCentral + - prismElements + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + type: object + powervs: + description: PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider. + properties: + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + description: type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + properties: + failureDomains: + description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. + items: + description: VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain. + properties: + name: + description: name defines the arbitrary but unique name of a failure domain. + maxLength: 256 + minLength: 1 + type: string + region: + description: region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region. + maxLength: 80 + minLength: 1 + type: string + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name or the IP address of the vCenter server. --- + maxLength: 255 + minLength: 1 + type: string + topology: + description: Topology describes a given failure domain using vSphere constructs + properties: + computeCluster: + description: computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*? + type: string + datacenter: + description: datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters. + maxLength: 80 + type: string + datastore: + description: datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/datastore/.*? + type: string + folder: + description: folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/vm/.*? + type: string + networks: + description: networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form //network/. + items: + type: string + maxItems: 1 + minItems: 1 + type: array + resourcePool: + description: resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters. + maxLength: 2048 + pattern: ^/.*?/host/.*?/Resources.* + type: string + required: + - computeCluster + - datacenter + - datastore + - networks + type: object + zone: + description: zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone. + maxLength: 80 + minLength: 1 + type: string + required: + - name + - region + - server + - topology + - zone + type: object + type: array + nodeNetworking: + description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. + properties: + external: + description: external represents the network configuration of the node that is externally routable. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + network: + description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. --- + items: + format: cidr + type: string + type: array + type: object + internal: + description: internal represents the network configuration of the node that is routable only within the cluster. + properties: + excludeNetworkSubnetCidr: + description: excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields. --- + items: + format: cidr + type: string + type: array + network: + description: network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'` + type: string + networkSubnetCidr: + description: networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields. --- + items: + format: cidr + type: string + type: array + type: object + type: object + vcenters: + description: vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported. --- + items: + description: VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM. + properties: + datacenters: + description: The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology. + items: + type: string + minItems: 1 + type: array + port: + description: port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time. + format: int32 + maximum: 32767 + minimum: 1 + type: integer + server: + anyOf: + - format: ipv4 + - format: ipv6 + - format: hostname + description: server is the fully-qualified domain name or the IP address of the vCenter server. --- + maxLength: 255 + type: string + required: + - datacenters + - server + type: object + maxItems: 1 + minItems: 0 + type: array + type: object + type: object + type: object + status: + description: status holds observed values from the cluster. They may not be overridden. + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API. + type: string + controlPlaneTopology: + default: HighlyAvailable + description: controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + enum: + - HighlyAvailable + - SingleReplica + - External + type: string + cpuPartitioning: + default: None + description: cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API. + enum: + - None + - AllNodes + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + default: HighlyAvailable + description: 'infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is ''HighlyAvailable'', which represents the behavior operators have in a "normal" cluster. The ''SingleReplica'' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.' + enum: + - HighlyAvailable + - SingleReplica + type: string + platform: + description: "platform is the underlying infrastructure provider for the cluster. \n Deprecated: Use platformStatus.type instead." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + platformStatus: + description: platformStatus holds status information specific to the underlying infrastructure provider. + properties: + alibabaCloud: + description: AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + properties: + region: + description: region specifies the region for Alibaba Cloud resources created for the cluster. + pattern: ^[0-9A-Za-z-]+$ + type: string + resourceGroupID: + description: resourceGroupID is the ID of the resource group for the cluster. + pattern: ^(rg-[0-9A-Za-z]+)?$ + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. + items: + description: AlibabaCloudResourceTag is the set of tags to add to apply to resources. + properties: + key: + description: key is the key of the tag. + maxLength: 128 + minLength: 1 + type: string + value: + description: value is the value of the tag. + maxLength: 128 + minLength: 1 + type: string + required: + - key + - value + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + required: + - region + type: object + aws: + description: AWS contains settings specific to the Amazon Web Services infrastructure provider. + properties: + region: + description: region holds the default AWS region for new AWS resources created by the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user. + items: + description: AWSResourceTag is a tag to apply to AWS resources created for the cluster. + properties: + key: + description: key is the key of the tag + maxLength: 128 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + value: + description: value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services. + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.:/=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 25 + type: array + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service. + items: + description: AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services. + properties: + name: + description: name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty. + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + pattern: ^https:// + type: string + type: object + type: array + type: object + azure: + description: Azure contains settings specific to the Azure infrastructure provider. + properties: + armEndpoint: + description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + - AzureStackCloud + type: string + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new Azure resources created for the cluster. + type: string + resourceTags: + description: resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. + items: + description: AzureResourceTag is a tag to apply to Azure resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`. + maxLength: 128 + minLength: 1 + pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ + type: string + value: + description: 'value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.' + maxLength: 256 + minLength: 1 + pattern: ^[0-9A-Za-z_.=+-@]+$ + type: string + required: + - key + - value + type: object + maxItems: 10 + type: array + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + type: object + x-kubernetes-validations: + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' + baremetal: + description: BareMetal contains settings specific to the BareMetal platform. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used by the cluster on BareMetal platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + type: object + external: + description: External contains settings specific to the generic External infrastructure provider. + properties: + cloudControllerManager: + description: cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected. + properties: + state: + description: "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager \n Valid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + x-kubernetes-validations: + - message: state is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: state may not be added or removed once set + rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != "External") + type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or removed once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) + gcp: + description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. + properties: + projectID: + description: resourceGroupName is the Project ID for new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources created for the cluster. + type: string + resourceLabels: + description: resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + items: + description: GCPResourceLabel is a label to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]+$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]+$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. + type: string + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt infrastructure provider. + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + type: string + type: object + nutanix: + description: Nutanix contains settings specific to the Nutanix infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + cloudName: + description: cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used by the cluster on Ovirt platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.' + type: string + type: object + powervs: + description: PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider. + properties: + cisInstanceCRN: + description: CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain + type: string + dnsInstanceCRN: + description: DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain + type: string + region: + description: region holds the default Power VS region for new Power VS resources created by the cluster. + type: string + resourceGroup: + description: 'resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won''t be able to configure storage, which results in the image registry cluster operator not being in an available state.' + maxLength: 40 + pattern: ^[a-zA-Z0-9-_ ]+$ + type: string + x-kubernetes-validations: + - message: resourceGroup is immutable once set + rule: oldSelf == '' || self == oldSelf + serviceEndpoints: + description: serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service. + items: + description: PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services. + properties: + name: + description: name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + pattern: ^[a-z0-9-]+$ + type: string + url: + description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. + format: uri + pattern: ^https:// + type: string + required: + - name + - url + type: object + type: array + zone: + description: 'zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported' + type: string + type: object + x-kubernetes-validations: + - message: cannot unset resourceGroup once set + rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' + type: + description: "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform. \n This value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set." + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + vsphere: + description: VSphere contains settings specific to the VSphere infrastructure provider. + properties: + apiServerInternalIP: + description: "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers. \n Deprecated: Use APIServerInternalIPs instead." + type: string + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + ingressIP: + description: "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names. \n Deprecated: Use IngressIPs instead." + type: string + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one. + format: ip + items: + type: string + maxItems: 2 + type: array + loadBalancer: + default: + type: OpenShiftManagedDefault + description: loadBalancer defines how the load balancer used by the cluster is configured. + properties: + type: + default: OpenShiftManagedDefault + description: type defines the type of load balancer used by the cluster on VSphere platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault. + enum: + - OpenShiftManagedDefault + - UserManaged + type: string + x-kubernetes-validations: + - message: type is immutable once set + rule: oldSelf == '' || self == oldSelf + type: object + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch new file mode 100644 index 000000000..d127130ad --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch @@ -0,0 +1,24 @@ +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf + value: + - format: ipv4 + - format: ipv6 + - format: hostname +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf + value: + - format: ipv4 + - format: ipv6 + - format: hostname +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format + value: cidr +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format + value: cidr diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index bb8817110..e5aa9ad7b 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -381,6 +381,13 @@ spec: - SingleReplica - External type: string + cpuPartitioning: + default: None + description: cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are "None" and "AllNodes". When omitted, the default value is "None". The default value of "None" indicates that no nodes will be setup with CPU partitioning. The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API. + enum: + - None + - AllNodes + type: string etcdDiscoveryDomain: description: 'etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.' type: string @@ -592,7 +599,28 @@ spec: type: object external: description: External contains settings specific to the generic External infrastructure provider. + properties: + cloudControllerManager: + description: cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected. + properties: + state: + description: "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager \n Valid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + x-kubernetes-validations: + - message: state is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: state may not be added or removed once set + rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != "External") type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or removed once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) gcp: description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. properties: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml index 495e4a558..0698bc680 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -615,7 +615,28 @@ spec: type: object external: description: External contains settings specific to the generic External infrastructure provider. + properties: + cloudControllerManager: + description: cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected. + properties: + state: + description: "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager \n Valid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected." + enum: + - "" + - External + - None + type: string + x-kubernetes-validations: + - message: state is immutable once set + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: state may not be added or removed once set + rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != "External") type: object + x-kubernetes-validations: + - message: cloudControllerManager may not be added or removed once set + rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) gcp: description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. properties: @@ -625,7 +646,80 @@ spec: region: description: region holds the region for new GCP resources created for the cluster. type: string + resourceLabels: + description: resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration. + items: + description: GCPResourceLabel is a label to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. + maxLength: 63 + minLength: 1 + pattern: ^[a-z][0-9a-z_-]+$ + type: string + x-kubernetes-validations: + - message: label keys must not start with either `openshift-io` or `kubernetes-io` + rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' + value: + description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + maxLength: 63 + minLength: 1 + pattern: ^[0-9a-z_-]+$ + type: string + required: + - key + - value + type: object + maxItems: 32 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceLabels are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) + resourceTags: + description: resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource. + items: + description: GCPResourceTag is a tag to apply to GCP resources created for the cluster. + properties: + key: + description: key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ + type: string + parentID: + description: 'parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.' + maxLength: 32 + minLength: 1 + pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) + type: string + value: + description: value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ + type: string + required: + - key + - parentID + - value + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: resourceTags are immutable and may only be configured during installation + rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) type: object + x-kubernetes-validations: + - message: resourceLabels may only be configured during installation + rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)' + - message: resourceTags may only be configured during installation + rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)' ibmcloud: description: IBMCloud contains settings specific to the IBMCloud infrastructure provider. properties: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml similarity index 99% rename from vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml rename to vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml index 75166deb7..9e80775ff 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml @@ -3,6 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.openshift.io: https://github.com/openshift/api/pull/470 + capability.openshift.io/name: Build include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" diff --git a/vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml new file mode 100644 index 000000000..5e2dea3ea --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[CustomNoUpgrade] APIServer" +crd: 0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create encrypt with aescbc + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + encryption: + type: aescbc + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + encryption: + type: aescbc + - name: Should be able to create encrypt with aesgcm + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + encryption: + type: aesgcm + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + encryption: + type: aesgcm diff --git a/vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml new file mode 100644 index 000000000..ab1a123b6 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml @@ -0,0 +1,104 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Custom] DNS" +crd: 0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal DNS + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} # No spec is required for a DNS + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} + - name: Should be able to specify an AWS role ARN for a private hosted zone + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + - name: Should not be able to specify unsupported platform + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: Azure + azure: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'" + - name: Should not be able to specify invalid AWS role ARN + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + metadata: + name: cluster + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo + expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" + - name: Should not be able to specify different type and platform + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: "" + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" + onUpdate: + - name: Can switch from empty (default), to AWS + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + - name: Upgrade case is valid + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} # No spec is required for a DNS + updated: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: "" + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: "" diff --git a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml new file mode 100644 index 000000000..24433f4f7 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml @@ -0,0 +1,321 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Custom] Infrastructure" +crd: 0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal Infrastructure + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} # No spec is required for a Infrastructure + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + onUpdate: + - name: Should not be able to modify an existing GCP ResourceLabels Label + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add a Label to an existing GCP ResourceLabels + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to remove a Label from an existing GCP ResourceLabels + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "openshift-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "kubernetes-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not be able to modify an existing GCP ResourceTags Tag + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + - {parentID: "test-project-123", key: "new", value: "tag"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + - {parentID: "test-project-123", key: "key2", value: "value2"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "test-project-123", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/feature_gates.go b/vendor/github.com/openshift/api/config/v1/feature_gates.go index 04e081e0a..1aa6b41ce 100644 --- a/vendor/github.com/openshift/api/config/v1/feature_gates.go +++ b/vendor/github.com/openshift/api/config/v1/feature_gates.go @@ -23,6 +23,16 @@ var ( ) var ( + FeatureGateValidatingAdmissionPolicy = FeatureGateName("ValidatingAdmissionPolicy") + validatingAdmissionPolicy = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateValidatingAdmissionPolicy, + }, + OwningJiraComponent: "kube-apiserver", + ResponsiblePerson: "benluddy", + OwningProduct: kubernetes, + } + FeatureGateGatewayAPI = FeatureGateName("GatewayAPI") gateGatewayAPI = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -83,6 +93,16 @@ var ( OwningProduct: ocpSpecific, } + FeatureGateExternalCloudProviderExternal = FeatureGateName("ExternalCloudProviderExternal") + externalCloudProviderExternal = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateExternalCloudProviderExternal, + }, + OwningJiraComponent: "cloud-provider", + ResponsiblePerson: "elmiko", + OwningProduct: ocpSpecific, + } + FeatureGateCSIDriverSharedResource = FeatureGateName("CSIDriverSharedResource") csiDriverSharedResource = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -133,26 +153,6 @@ var ( OwningProduct: ocpSpecific, } - FeatureGateMatchLabelKeysInPodTopologySpread = FeatureGateName("MatchLabelKeysInPodTopologySpread") - matchLabelKeysInPodTopologySpread = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateMatchLabelKeysInPodTopologySpread, - }, - OwningJiraComponent: "scheduling", - ResponsiblePerson: "ingvagabund", - OwningProduct: kubernetes, - } - - FeatureGatePDBUnhealthyPodEvictionPolicy = FeatureGateName("PDBUnhealthyPodEvictionPolicy") - pdbUnhealthyPodEvictionPolicy = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGatePDBUnhealthyPodEvictionPolicy, - }, - OwningJiraComponent: "apps", - ResponsiblePerson: "atiratree", - OwningProduct: kubernetes, - } - FeatureGateDynamicResourceAllocation = FeatureGateName("DynamicResourceAllocation") dynamicResourceAllocation = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -182,4 +182,123 @@ var ( ResponsiblePerson: "abutcher", OwningProduct: ocpSpecific, } + + FeatureGateMaxUnavailableStatefulSet = FeatureGateName("MaxUnavailableStatefulSet") + maxUnavailableStatefulSet = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateMaxUnavailableStatefulSet, + }, + OwningJiraComponent: "apps", + ResponsiblePerson: "atiratree", + OwningProduct: kubernetes, + } + + FeatureGateEventedPLEG = FeatureGateName("EventedPLEG") + eventedPleg = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateEventedPLEG, + }, + OwningJiraComponent: "node", + ResponsiblePerson: "sairameshv", + OwningProduct: kubernetes, + } + + FeatureGatePrivateHostedZoneAWS = FeatureGateName("PrivateHostedZoneAWS") + privateHostedZoneAWS = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGatePrivateHostedZoneAWS, + }, + OwningJiraComponent: "Routing", + ResponsiblePerson: "miciah", + OwningProduct: ocpSpecific, + } + + FeatureGateSigstoreImageVerification = FeatureGateName("SigstoreImageVerification") + sigstoreImageVerification = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateSigstoreImageVerification, + }, + OwningJiraComponent: "node", + ResponsiblePerson: "sgrunert", + OwningProduct: ocpSpecific, + } + + FeatureGateGCPLabelsTags = FeatureGateName("GCPLabelsTags") + gcpLabelsTags = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateGCPLabelsTags, + }, + OwningJiraComponent: "Installer", + ResponsiblePerson: "bhb", + OwningProduct: ocpSpecific, + } + + FeatureGateAlibabaPlatform = FeatureGateName("AlibabaPlatform") + alibabaPlatform = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateAlibabaPlatform, + }, + OwningJiraComponent: "cloud-provider", + ResponsiblePerson: "jspeed", + OwningProduct: ocpSpecific, + } + + FeatureGateCloudDualStackNodeIPs = FeatureGateName("CloudDualStackNodeIPs") + cloudDualStackNodeIPs = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateCloudDualStackNodeIPs, + }, + OwningJiraComponent: "machine-config-operator/platform-baremetal", + ResponsiblePerson: "mkowalsk", + OwningProduct: kubernetes, + } + FeatureGateVSphereStaticIPs = FeatureGateName("VSphereStaticIPs") + vSphereStaticIPs = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateVSphereStaticIPs, + }, + OwningJiraComponent: "splat", + ResponsiblePerson: "rvanderp3", + OwningProduct: ocpSpecific, + } + + FeatureGateRouteExternalCertificate = FeatureGateName("RouteExternalCertificate") + routeExternalCertificate = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateRouteExternalCertificate, + }, + OwningJiraComponent: "router", + ResponsiblePerson: "thejasn", + OwningProduct: ocpSpecific, + } + + FeatureGateAdminNetworkPolicy = FeatureGateName("AdminNetworkPolicy") + adminNetworkPolicy = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateAdminNetworkPolicy, + }, + OwningJiraComponent: "Networking/ovn-kubernetes", + ResponsiblePerson: "tssurya", + OwningProduct: ocpSpecific, + } + + FeatureGateAutomatedEtcdBackup = FeatureGateName("AutomatedEtcdBackup") + automatedEtcdBackup = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateAutomatedEtcdBackup, + }, + OwningJiraComponent: "etcd", + ResponsiblePerson: "hasbro17", + OwningProduct: ocpSpecific, + } + + FeatureGateMachineAPIOperatorDisableMachineHealthCheckController = FeatureGateName("MachineAPIOperatorDisableMachineHealthCheckController") + machineAPIOperatorDisableMachineHealthCheckController = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateMachineAPIOperatorDisableMachineHealthCheckController, + }, + OwningJiraComponent: "ecoproject", + ResponsiblePerson: "msluiter", + OwningProduct: ocpSpecific, + } ) diff --git a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml index cdd8a9b70..b422ebd20 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] Build" -crd: 0000_10_config-operator_01_build.crd.yaml +crd: 0000_10_openshift-controller-manager-operator_01_build.crd.yaml tests: onCreate: - name: Should be able to create a minimal Build diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml index b966b29a8..914d06d12 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml @@ -98,6 +98,38 @@ tests: version: 4.11.1 image: bar expectedError: "cannot set both Architecture and Image" + - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability onUpdate: - name: Should not allow image to be set if architecture set initial: | @@ -136,3 +168,111 @@ tests: version: 4.11.1 image: bar expectedError: "cannot set both Architecture and Image" + - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + status: + desired: + version: foo + image: foo + observedGeneration: 1 + versionHash: foo + availableUpdates: + - version: foo + image: foo + capabilities: + enabledCapabilities: + - MachineAPI + - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + expected: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + - MachineAPI + - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI + initial: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + updated: | + apiVersion: config.openshift.io/v1 + kind: ClusterVersion + spec: + clusterID: foo + capabilities: + baselineCapabilitySet: None + additionalEnabledCapabilities: + - baremetal + expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability diff --git a/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml index c69f50050..3054d200e 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] DNS" -crd: 0000_10_config-operator_01_dns.crd.yaml +crd: 0000_10_config-operator_01_dns-Default.crd.yaml tests: onCreate: - name: Should be able to create a minimal DNS @@ -12,3 +12,94 @@ tests: apiVersion: config.openshift.io/v1 kind: DNS spec: {} + - name: Should be able to specify an AWS role ARN for a private hosted zone + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + - name: Should not be able to specify unsupported platform + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: Azure + azure: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'" + - name: Should not be able to specify invalid AWS role ARN + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + metadata: + name: cluster + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo + expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" + - name: Should not be able to specify different type and platform + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: "" + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" + onUpdate: + - name: Can switch from empty (default), to AWS + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: AWS + aws: + privateZoneIAMRole: arn:aws:iam::123456789012:role/foo + - name: Upgrade case is valid + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} # No spec is required for a DNS + updated: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: "" + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: + platform: + type: "" + diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml index 4266122b0..18d752f91 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml @@ -208,6 +208,7 @@ tests: status: controlPlaneTopology: "HighlyAvailable" infrastructureTopology: "HighlyAvailable" + cpuPartitioning: None platform: Azure platformStatus: azure: @@ -340,6 +341,7 @@ tests: type: OpenStack status: controlPlaneTopology: HighlyAvailable + cpuPartitioning: None infrastructureTopology: HighlyAvailable platform: OpenStack platformStatus: @@ -378,6 +380,7 @@ tests: type: OpenStack status: controlPlaneTopology: HighlyAvailable + cpuPartitioning: None infrastructureTopology: HighlyAvailable platform: OpenStack platformStatus: @@ -474,3 +477,498 @@ tests: type: FooBar type: OpenStack expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" + - name: Should not be able to update cloudControllerManager state to empty string when state is already set to None + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platformStatus: + external: + cloudControllerManager: + state: "" + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should not be able to update cloudControllerManager state to External when state is already set to None + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should be able to update cloudControllerManager state to None when state is already set to None + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + cpuPartitioning: None + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + - name: Should not be able to unset cloudControllerManager state when state is already set to None + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" + - name: Should not be able to update cloudControllerManager state to empty string when state is already set to External + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should not be able to update cloudControllerManager state to None when state is already set to External + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should be able to update cloudControllerManager state to External when state is already set to External + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + cpuPartitioning: None + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + - name: Should not be able to unset cloudControllerManager state when state is already set to External + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" + - name: Should not be able to update cloudControllerManager state to None when state is already set to empty string + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should not be able to update cloudControllerManager state to External when state is already set to empty string + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" + - name: Should be able to update cloudControllerManager state to empty string when state is already set to empty string + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + cpuPartitioning: None + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + - name: Should not be able to unset cloudControllerManager state when state is already set to empty string + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" + - name: Should be able to update cloudControllerManager state to None when cloudControllerManager state is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + cpuPartitioning: None + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: None + - name: Should be able to update cloudControllerManager state to empty string when cloudControllerManager state is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + cpuPartitioning: None + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: "" + - name: Should not be able to update cloudControllerManager state to External when cloudControllerManager state is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" + - name: Should be able to unset cloudControllerManager state when cloudControllerManager state is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: HighlyAvailable + infrastructureTopology: HighlyAvailable + cpuPartitioning: None + platform: External + platformStatus: + type: External + external: + cloudControllerManager: {} + - name: Should not be able to add cloudControllerManager when cloudControllerManager is unset + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + expectedStatusError: " status.platformStatus.external: Invalid value: \"object\": cloudControllerManager may not be added or removed once set" + - name: Should not be able to remove cloudControllerManager when cloudControllerManager is set + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: + cloudControllerManager: + state: External + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: External + platformStatus: + type: External + external: {} + expectedStatusError: " status.platformStatus.external: Invalid value: \"object\": cloudControllerManager may not be added or removed once set" diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml new file mode 100644 index 000000000..ec64352e3 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] DNS" +crd: 0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal DNS + initial: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} # No spec is required for a DNS + expected: | + apiVersion: config.openshift.io/v1 + kind: DNS + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml index f9829b9a3..7834e1f84 100644 --- a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml @@ -211,3 +211,309 @@ tests: type: FooBar type: BareMetal expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" + - name: Should not be able to modify an existing GCP ResourceLabels Label + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add a Label to an existing GCP ResourceLabels + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to remove a Label from an existing GCP ResourceLabels + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "new", value: "entry"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceLabels: + - {key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" + - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "openshift-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceLabels: + - {key: "key", value: "value"} + - {key: "kubernetes-io-created-cluster", value: "true"} + expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" + - name: Should not be able to modify an existing GCP ResourceTags Tag + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "changed"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add a Tag to an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + - {parentID: "test-project-123", key: "new", value: "tag"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to remove a Tag from an existing GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + - {parentID: "test-project-123", key: "key2", value: "value2"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key1", value: "value1"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" + - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "1234567890", key: "key", value: "value"} + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + resourceTags: + - {parentID: "test-project-123", key: "key", value: "value"} + expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 8126626c0..3fbe39e4d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -13,6 +13,7 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'baremetal' in self.spec.capabilities.additionalEnabledCapabilities ? 'MachineAPI' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'MachineAPI' in self.status.capabilities.enabledCapabilities) : true",message="the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability" type ClusterVersion struct { metav1.TypeMeta `json:",inline"` @@ -247,7 +248,7 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning +// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry type ClusterVersionCapability string const ( @@ -296,6 +297,43 @@ const ( // objects and manages the containerized TuneD daemon which controls // system level tuning of Nodes ClusterVersionCapabilityNodeTuning ClusterVersionCapability = "NodeTuning" + + // ClusterVersionCapabilityMachineAPI manages + // machine-api-operator + // cluster-autoscaler-operator + // cluster-control-plane-machine-set-operator + // which is responsible for machines configuration and heavily + // targeted for SNO clusters. + // + // The following CRDs are disabled as well + // machines + // machineset + // controlplanemachineset + // + // WARNING: Do not disable that capability without reading + // documentation. This is important part of openshift system + // and may cause cluster damage + ClusterVersionCapabilityMachineAPI ClusterVersionCapability = "MachineAPI" + + // ClusterVersionCapabilityBuild manages the Build API which is responsible + // for watching the Build API objects and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - builds + // - buildconfigs + ClusterVersionCapabilityBuild ClusterVersionCapability = "Build" + + // ClusterVersionCapabilityDeploymentConfig manages the DeploymentConfig API + // which is responsible for watching the DeploymentConfig API and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - deploymentconfigs + ClusterVersionCapabilityDeploymentConfig ClusterVersionCapability = "DeploymentConfig" + // ClusterVersionCapabilityImageRegistry manages the image registry which + // allows to distribute Docker images + ClusterVersionCapabilityImageRegistry ClusterVersionCapability = "ImageRegistry" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -308,10 +346,14 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. -// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;vCurrent +// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;v4.14;vCurrent type ClusterVersionCapabilitySet string const ( @@ -337,6 +379,12 @@ const ( // version of OpenShift is installed. ClusterVersionCapabilitySet4_13 ClusterVersionCapabilitySet = "v4.13" + // ClusterVersionCapabilitySet4_14 is the recommended set of + // optional capabilities to enable for the 4.14 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_14 ClusterVersionCapabilitySet = "v4.14" + // ClusterVersionCapabilitySetCurrent is the recommended set // of optional capabilities to enable for the cluster's // current version of OpenShift. @@ -350,6 +398,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityBaremetal, ClusterVersionCapabilityMarketplace, ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_12: { ClusterVersionCapabilityBaremetal, @@ -359,6 +408,7 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityStorage, ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityMachineAPI, }, ClusterVersionCapabilitySet4_13: { ClusterVersionCapabilityBaremetal, @@ -369,6 +419,21 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + }, + ClusterVersionCapabilitySet4_14: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, }, ClusterVersionCapabilitySetCurrent: { ClusterVersionCapabilityBaremetal, @@ -379,6 +444,10 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityOpenShiftSamples, ClusterVersionCapabilityCSISnapshot, ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, }, } diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go index 6283a2997..5f8697673 100644 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -53,6 +53,12 @@ type DNSSpec struct { // // +optional PrivateZone *DNSZone `json:"privateZone,omitempty"` + // platform holds configuration specific to the underlying + // infrastructure provider for DNS. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // +optional + Platform DNSPlatformSpec `json:"platform,omitempty"` } // DNSZone is used to define a DNS hosted zone. @@ -96,3 +102,34 @@ type DNSList struct { Items []DNS `json:"items"` } + +// DNSPlatformSpec holds cloud-provider-specific configuration +// for DNS administration. +// +union +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'AWS' ? has(self.aws) : !has(self.aws)",message="aws configuration is required when platform is AWS, and forbidden otherwise" +type DNSPlatformSpec struct { + // type is the underlying infrastructure provider for the cluster. + // Allowed values: "", "AWS". + // + // Individual components may not support all platforms, + // and must handle unrecognized platforms with best-effort defaults. + // + // +unionDiscriminator + // +kubebuilder:validation:Required + // +kubebuilder:validation:XValidation:rule="self in ['','AWS']",message="allowed values are '' and 'AWS'" + Type PlatformType `json:"type"` + + // aws contains DNS configuration specific to the Amazon Web Services cloud provider. + // +optional + AWS *AWSDNSSpec `json:"aws"` +} + +// AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider. +type AWSDNSSpec struct { + // privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing + // operations on the cluster's private hosted zone specified in the cluster DNS config. + // When left empty, no role should be assumed. + // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$` + // +optional + PrivateZoneIAMRole string `json:"privateZoneIAMRole"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index c2f8c47e5..b5e18f2ee 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -163,21 +163,27 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ Disabled: []FeatureGateDescription{}, }, TechPreviewNoUpgrade: newDefaultFeatures(). + without(validatingAdmissionPolicy). with(externalCloudProvider). - with(externalCloudProviderAzure). with(externalCloudProviderGCP). with(csiDriverSharedResource). - with(buildCSIVolumes). with(nodeSwap). with(machineAPIProviderOpenStack). with(insightsConfigAPI). - with(matchLabelKeysInPodTopologySpread). with(retroactiveDefaultStorageClass). - with(pdbUnhealthyPodEvictionPolicy). with(dynamicResourceAllocation). with(admissionWebhookMatchConditions). - with(azureWorkloadIdentity). with(gateGatewayAPI). + with(maxUnavailableStatefulSet). + without(eventedPleg). + with(sigstoreImageVerification). + with(gcpLabelsTags). + with(vSphereStaticIPs). + with(routeExternalCertificate). + with(automatedEtcdBackup). + without(machineAPIOperatorDisableMachineHealthCheckController). + with(adminNetworkPolicy). + with(openShiftPodSecurityAdmission). toFeatures(defaultFeatures), LatencySensitive: newDefaultFeatures(). toFeatures(defaultFeatures), @@ -185,7 +191,13 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ var defaultFeatures = &FeatureGateEnabledDisabled{ Enabled: []FeatureGateDescription{ - openShiftPodSecurityAdmission, + alibabaPlatform, // This is a bug, it should be TechPreviewNoUpgrade. This must be downgraded before 4.14 is shipped. + azureWorkloadIdentity, + cloudDualStackNodeIPs, + externalCloudProviderAzure, + externalCloudProviderExternal, + privateHostedZoneAWS, + buildCSIVolumes, }, Disabled: []FeatureGateDescription{ retroactiveDefaultStorageClass, diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index d47acdb77..f3c4c6b63 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -114,7 +114,6 @@ type InfrastructureStatus struct { // +kubebuilder:default=None // +default="None" // +kubebuilder:validation:Enum=None;AllNodes - // +openshift:enable:FeatureSets=TechPreviewNoUpgrade // +optional CPUPartitioning CPUPartitioningMode `json:"cpuPartitioning,omitempty"` } @@ -315,8 +314,48 @@ type PlatformSpec struct { External *ExternalPlatformSpec `json:"external,omitempty"` } +// CloudControllerManagerState defines whether Cloud Controller Manager presence is expected or not +type CloudControllerManagerState string + +const ( + // Cloud Controller Manager is enabled and expected to be installed. + // This value indicates that new nodes should be tainted as uninitialized when created, + // preventing them from running workloads until they are initialized by the cloud controller manager. + CloudControllerManagerExternal CloudControllerManagerState = "External" + + // Cloud Controller Manager is disabled and not expected to be installed. + // This value indicates that new nodes should not be tainted + // and no extra node initialization is expected from the cloud controller manager. + CloudControllerManagerNone CloudControllerManagerState = "None" +) + +// CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings +// +kubebuilder:validation:XValidation:rule="(has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != \"External\")",message="state may not be added or removed once set" +type CloudControllerManagerStatus struct { + // state determines whether or not an external Cloud Controller Manager is expected to + // be installed within the cluster. + // https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager + // + // Valid values are "External", "None" and omitted. + // When set to "External", new nodes will be tainted as uninitialized when created, + // preventing them from running workloads until they are initialized by the cloud controller manager. + // When omitted or set to "None", new nodes will be not tainted + // and no extra initialization from the cloud controller manager is expected. + // +kubebuilder:validation:Enum="";External;None + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="state is immutable once set" + // +optional + State CloudControllerManagerState `json:"state"` +} + // ExternalPlatformStatus holds the current status of the generic External infrastructure provider. -type ExternalPlatformStatus struct{} +// +kubebuilder:validation:XValidation:rule="has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)",message="cloudControllerManager may not be added or removed once set" +type ExternalPlatformStatus struct { + // cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). + // When omitted, new nodes will be not tainted + // and no extra initialization from the cloud controller manager is expected. + // +optional + CloudControllerManager CloudControllerManagerStatus `json:"cloudControllerManager"` +} // PlatformStatus holds the current status specific to the underlying infrastructure provider // of the current cluster. Since these are used at status-level for the underlying cluster, it @@ -540,12 +579,93 @@ const ( type GCPPlatformSpec struct{} // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)",message="resourceLabels may only be configured during installation" +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" type GCPPlatformStatus struct { // resourceGroupName is the Project ID for new GCP resources created for the cluster. ProjectID string `json:"projectID"` // region holds the region for new GCP resources created for the cluster. Region string `json:"region"` + + // resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. + // See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. + // GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, + // allowing 32 labels for user configuration. + // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceLabels are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ResourceLabels []GCPResourceLabel `json:"resourceLabels,omitempty"` + + // resourceTags is a list of additional tags to apply to GCP resources created for the cluster. + // See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on + // tagging GCP resources. GCP supports a maximum of 50 tags per resource. + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceTags are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ResourceTags []GCPResourceTag `json:"resourceTags,omitempty"` +} + +// GCPResourceLabel is a label to apply to GCP resources created for the cluster. +type GCPResourceLabel struct { + // key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. + // Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, + // and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` + // and `openshift-io`. + // +kubebuilder:validation:XValidation:rule="!self.startsWith('openshift-io') && !self.startsWith('kubernetes-io')",message="label keys must not start with either `openshift-io` or `kubernetes-io`" + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][0-9a-z_-]+$` + Key string `json:"key"` + + // value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. + // Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[0-9a-z_-]+$` + Value string `json:"value"` +} + +// GCPResourceTag is a tag to apply to GCP resources created for the cluster. +type GCPResourceTag struct { + // parentID is the ID of the hierarchical resource where the tags are defined, + // e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: + // https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + // https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + // An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. + // A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, + // and hyphens, and must start with a letter, and cannot end with a hyphen. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=32 + // +kubebuilder:validation:Pattern=`(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)` + ParentID string `json:"parentID"` + + // key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. + // Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `._-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$` + Key string `json:"key"` + + // value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. + // Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$` + Value string `json:"value"` } // BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform. @@ -621,7 +741,7 @@ type BareMetalPlatformStatus struct { // loadBalancer defines how the load balancer used by the cluster is configured. // +default={"type": "OpenShiftManagedDefault"} // +kubebuilder:default={"type": "OpenShiftManagedDefault"} - // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional LoadBalancer *BareMetalPlatformLoadBalancer `json:"loadBalancer,omitempty"` } @@ -771,7 +891,7 @@ type OvirtPlatformStatus struct { // loadBalancer defines how the load balancer used by the cluster is configured. // +default={"type": "OpenShiftManagedDefault"} // +kubebuilder:default={"type": "OpenShiftManagedDefault"} - // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional LoadBalancer *OvirtPlatformLoadBalancer `json:"loadBalancer,omitempty"` } @@ -1037,7 +1157,7 @@ type VSpherePlatformStatus struct { // loadBalancer defines how the load balancer used by the cluster is configured. // +default={"type": "OpenShiftManagedDefault"} // +kubebuilder:default={"type": "OpenShiftManagedDefault"} - // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional LoadBalancer *VSpherePlatformLoadBalancer `json:"loadBalancer,omitempty"` } @@ -1320,7 +1440,7 @@ type NutanixPlatformStatus struct { // loadBalancer defines how the load balancer used by the cluster is configured. // +default={"type": "OpenShiftManagedDefault"} // +kubebuilder:default={"type": "OpenShiftManagedDefault"} - // +openshift:enable:FeatureSets=TechPreviewNoUpgrade + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional LoadBalancer *NutanixPlatformLoadBalancer `json:"loadBalancer,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 4db1b9ad4..44d7428e6 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -179,6 +179,22 @@ func (in *APIServerStatus) DeepCopy() *APIServerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSDNSSpec) DeepCopyInto(out *AWSDNSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSDNSSpec. +func (in *AWSDNSSpec) DeepCopy() *AWSDNSSpec { + if in == nil { + return nil + } + out := new(AWSDNSSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSIngressSpec) DeepCopyInto(out *AWSIngressSpec) { *out = *in @@ -859,6 +875,22 @@ func (in *ClientConnectionOverrides) DeepCopy() *ClientConnectionOverrides { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudControllerManagerStatus) DeepCopyInto(out *CloudControllerManagerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudControllerManagerStatus. +func (in *CloudControllerManagerStatus) DeepCopy() *CloudControllerManagerStatus { + if in == nil { + return nil + } + out := new(CloudControllerManagerStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterCondition) DeepCopyInto(out *ClusterCondition) { *out = *in @@ -1580,6 +1612,27 @@ func (in *DNSList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSPlatformSpec) DeepCopyInto(out *DNSPlatformSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSDNSSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSPlatformSpec. +func (in *DNSPlatformSpec) DeepCopy() *DNSPlatformSpec { + if in == nil { + return nil + } + out := new(DNSPlatformSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNSSpec) DeepCopyInto(out *DNSSpec) { *out = *in @@ -1593,6 +1646,7 @@ func (in *DNSSpec) DeepCopyInto(out *DNSSpec) { *out = new(DNSZone) (*in).DeepCopyInto(*out) } + in.Platform.DeepCopyInto(&out.Platform) return } @@ -1836,6 +1890,7 @@ func (in *ExternalPlatformSpec) DeepCopy() *ExternalPlatformSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExternalPlatformStatus) DeepCopyInto(out *ExternalPlatformStatus) { *out = *in + out.CloudControllerManager = in.CloudControllerManager return } @@ -2082,6 +2137,16 @@ func (in *GCPPlatformSpec) DeepCopy() *GCPPlatformSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = *in + if in.ResourceLabels != nil { + in, out := &in.ResourceLabels, &out.ResourceLabels + *out = make([]GCPResourceLabel, len(*in)) + copy(*out, *in) + } + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]GCPResourceTag, len(*in)) + copy(*out, *in) + } return } @@ -2095,6 +2160,38 @@ func (in *GCPPlatformStatus) DeepCopy() *GCPPlatformStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceLabel) DeepCopyInto(out *GCPResourceLabel) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceLabel. +func (in *GCPResourceLabel) DeepCopy() *GCPResourceLabel { + if in == nil { + return nil + } + out := new(GCPResourceLabel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceTag) DeepCopyInto(out *GCPResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceTag. +func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { + if in == nil { + return nil + } + out := new(GCPResourceTag) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { *out = *in @@ -4280,7 +4377,7 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { if in.GCP != nil { in, out := &in.GCP, &out.GCP *out = new(GCPPlatformStatus) - **out = **in + (*in).DeepCopyInto(*out) } if in.BareMetal != nil { in, out := &in.BareMetal, &out.BareMetal diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 179d921e1..33ec92237 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -746,6 +746,15 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { return map_ConsoleStatus } +var map_AWSDNSSpec = map[string]string{ + "": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", + "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.", +} + +func (AWSDNSSpec) SwaggerDoc() map[string]string { + return map_AWSDNSSpec +} + var map_DNS = map[string]string{ "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -766,10 +775,21 @@ func (DNSList) SwaggerDoc() map[string]string { return map_DNSList } +var map_DNSPlatformSpec = map[string]string{ + "": "DNSPlatformSpec holds cloud-provider-specific configuration for DNS administration.", + "type": "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults.", + "aws": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", +} + +func (DNSPlatformSpec) SwaggerDoc() map[string]string { + return map_DNSPlatformSpec +} + var map_DNSSpec = map[string]string{ "baseDomain": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", "publicZone": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", "privateZone": "privateZone is the location where all the DNS records that are only available internally to the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", + "platform": "platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", } func (DNSSpec) SwaggerDoc() map[string]string { @@ -1163,6 +1183,15 @@ func (BareMetalPlatformStatus) SwaggerDoc() map[string]string { return map_BareMetalPlatformStatus } +var map_CloudControllerManagerStatus = map[string]string{ + "": "CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings", + "state": "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nValid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", +} + +func (CloudControllerManagerStatus) SwaggerDoc() map[string]string { + return map_CloudControllerManagerStatus +} + var map_EquinixMetalPlatformSpec = map[string]string{ "": "EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. This only includes fields that can be modified in the cluster.", } @@ -1191,7 +1220,8 @@ func (ExternalPlatformSpec) SwaggerDoc() map[string]string { } var map_ExternalPlatformStatus = map[string]string{ - "": "ExternalPlatformStatus holds the current status of the generic External infrastructure provider.", + "": "ExternalPlatformStatus holds the current status of the generic External infrastructure provider.", + "cloudControllerManager": "cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", } func (ExternalPlatformStatus) SwaggerDoc() map[string]string { @@ -1207,15 +1237,38 @@ func (GCPPlatformSpec) SwaggerDoc() map[string]string { } var map_GCPPlatformStatus = map[string]string{ - "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", - "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "region": "region holds the region for new GCP resources created for the cluster.", + "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", + "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", + "region": "region holds the region for new GCP resources created for the cluster.", + "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", + "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { return map_GCPPlatformStatus } +var map_GCPResourceLabel = map[string]string{ + "": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", + "key": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", + "value": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", +} + +func (GCPResourceLabel) SwaggerDoc() map[string]string { + return map_GCPResourceLabel +} + +var map_GCPResourceTag = map[string]string{ + "": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", + "parentID": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + "key": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + "value": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", +} + +func (GCPResourceTag) SwaggerDoc() map[string]string { + return map_GCPResourceTag +} + var map_IBMCloudPlatformSpec = map[string]string{ "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..0ee3bdea4 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,100 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1482 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: backups.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Backup + listKind: BackupList + plural: backups + singular: backup + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: "Backup provides configuration for performing backups of the openshift cluster. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + required: + - etcd + properties: + etcd: + description: etcd specifies the configuration for periodic backups of the etcd cluster + type: object + properties: + pvcName: + description: PVCName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the "openshift-etcd" namespace If the PVC is left unspecified "" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes. + type: string + retentionPolicy: + description: RetentionPolicy defines the retention policy for retaining and deleting existing backups. + type: object + required: + - retentionType + properties: + retentionNumber: + description: RetentionNumber configures the retention policy based on the number of backups + type: object + required: + - maxNumberOfBackups + properties: + maxNumberOfBackups: + description: MaxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated. + type: integer + minimum: 1 + retentionSize: + description: RetentionSize configures the retention policy based on the size of backups + type: object + required: + - maxSizeOfBackupsGb + properties: + maxSizeOfBackupsGb: + description: MaxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated. + type: integer + minimum: 1 + retentionType: + description: RetentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept. + type: string + allOf: + - enum: + - RetentionNumber + - RetentionSize + - enum: + - "" + - RetentionNumber + - RetentionSize + schedule: + description: 'Schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is "no backups", but will change in the future.' + type: string + pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|(\*|(?:\*|(?:[0-9]|(?:[1-5][0-9])))\/(?:[0-9]|(?:[1-5][0-9]))|(?:[0-9]|(?:[1-5][0-9]))(?:(?:\-[0-9]|\-(?:[1-5][0-9]))?|(?:\,(?:[0-9]|(?:[1-5][0-9])))*)) (\*|(?:\*|(?:\*|(?:[0-9]|1[0-9]|2[0-3])))\/(?:[0-9]|1[0-9]|2[0-3])|(?:[0-9]|1[0-9]|2[0-3])(?:(?:\-(?:[0-9]|1[0-9]|2[0-3]))?|(?:\,(?:[0-9]|1[0-9]|2[0-3]))*)) (\*|(?:[1-9]|(?:[12][0-9])|3[01])(?:(?:\-(?:[1-9]|(?:[12][0-9])|3[01]))?|(?:\,(?:[1-9]|(?:[12][0-9])|3[01]))*)) (\*|(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:\-(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?|(?:\,(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))*)) (\*|(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT)(?:(?:\-(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))?|(?:\,(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))*))$ + timeZone: + description: The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones + type: string + pattern: ^([A-Za-z_]+([+-]*0)*|[A-Za-z_]+(\/[A-Za-z_]+){1,2})(\/GMT[+-]\d{1,2})?$ + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1alpha1/register.go b/vendor/github.com/openshift/api/config/v1alpha1/register.go index 73ddb749f..7ec30d7aa 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/register.go @@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(GroupVersion, &InsightsDataGather{}, &InsightsDataGatherList{}, + &Backup{}, + &BackupList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml new file mode 100644 index 000000000..91836dd93 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml @@ -0,0 +1,202 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] Backup" +crd: 0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a Backup with a valid spec + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "* 2 * * *" + pvcName: etcdbackup-pvc + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "* 2 * * *" + pvcName: etcdbackup-pvc + - name: Should be able to create an EtcdBackup without the pvcName specified + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "* 2 * * *" + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "* 2 * * *" + - name: Should be able to create a Backup with a valid schedule - At 22:00 on every day-of-week from Monday through Friday + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "0 22 * * 1-5" + pvcName: etcdbackup-pvc + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "0 22 * * 1-5" + pvcName: etcdbackup-pvc + - name: Should be able to create a Backup with a valid schedule - At 04:05 on Sunday. + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "5 4 * * SUN" + pvcName: etcdbackup-pvc + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "5 4 * * SUN" + pvcName: etcdbackup-pvc + - name: Should be able to create a Backup with a valid schedule - Predefined hourly + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "@hourly" + pvcName: etcdbackup-pvc + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "@hourly" + pvcName: etcdbackup-pvc + - name: Should fail to create an EtcdBackup with an invalid schedule - At 04:05 on invalid day FOO. + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "5 4 * * FOO" + pvcName: etcdbackup-pvc + expectedError: "spec.etcd.schedule in body should match" + - name: Should fail to create an EtcdBackup with an invalid schedule - Predefined typo @hourli instead of @hourly. + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "@hourli" + pvcName: etcdbackup-pvc + expectedError: "spec.etcd.schedule in body should match" + - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard L last Friday in month + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "* * * * 5L" + pvcName: etcdbackup-pvc + expectedError: "spec.etcd.schedule in body should match" + - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard L 5th day before last day of month + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "* * L-5 * *" + pvcName: etcdbackup-pvc + expectedError: "spec.etcd.schedule in body should match" + - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard W closest weekday to 15th of month + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + schedule: "* * 15W * *" + pvcName: etcdbackup-pvc + expectedError: "spec.etcd.schedule in body should match" + - name: Should be able to create a Backup with a valid time zone - Africa/Banjul + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: Africa/Banjul + pvcName: etcdbackup-pvc + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: Africa/Banjul + pvcName: etcdbackup-pvc + - name: Should be able to create a Backup with a valid time zone - Etc/GMT-8 + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: Etc/GMT-8 + pvcName: etcdbackup-pvc + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: Etc/GMT-8 + pvcName: etcdbackup-pvc + - name: Should be able to create a Backup with a valid time zone - Etc/UTC + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: Etc/UTC + pvcName: etcdbackup-pvc + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: Etc/UTC + pvcName: etcdbackup-pvc + - name: Should be able to create a Backup with a valid time zone - America/Argentina/Catamarca + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: America/Argentina/Catamarca + pvcName: etcdbackup-pvc + expected: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: America/Argentina/Catamarca + pvcName: etcdbackup-pvc + - name: Should fail to create an EtcdBackup with an invalid time zone - GMT2 + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: GMT2 + pvcName: etcdbackup-pvc + expectedError: "spec.etcd.timeZone in body should match" + - name: Should fail to create an EtcdBackup with an invalid time zone - GMT+3 + initial: | + apiVersion: config.openshift.io/v1alpha1 + kind: Backup + spec: + etcd: + timeZone: GMT+3 + pvcName: etcdbackup-pvc + expectedError: "spec.etcd.timeZone in body should match" + diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go new file mode 100644 index 000000000..9af55b540 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go @@ -0,0 +1,168 @@ +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +// Backup provides configuration for performing backups of the openshift cluster. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type Backup struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec BackupSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +kubebuilder:validation:Optional + // +optional + Status BackupStatus `json:"status"` +} + +type BackupSpec struct { + // etcd specifies the configuration for periodic backups of the etcd cluster + // +kubebuilder:validation:Required + EtcdBackupSpec EtcdBackupSpec `json:"etcd"` +} + +type BackupStatus struct { +} + +// EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator +type EtcdBackupSpec struct { + + // Schedule defines the recurring backup schedule in Cron format + // every 2 hours: 0 */2 * * * + // every day at 3am: 0 3 * * * + // Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. + // The current default is "no backups", but will change in the future. + // +kubebuilder:validation:Optional + // +optional + // +kubebuilder:validation:Pattern:=`^(@(annually|yearly|monthly|weekly|daily|hourly))|(\*|(?:\*|(?:[0-9]|(?:[1-5][0-9])))\/(?:[0-9]|(?:[1-5][0-9]))|(?:[0-9]|(?:[1-5][0-9]))(?:(?:\-[0-9]|\-(?:[1-5][0-9]))?|(?:\,(?:[0-9]|(?:[1-5][0-9])))*)) (\*|(?:\*|(?:\*|(?:[0-9]|1[0-9]|2[0-3])))\/(?:[0-9]|1[0-9]|2[0-3])|(?:[0-9]|1[0-9]|2[0-3])(?:(?:\-(?:[0-9]|1[0-9]|2[0-3]))?|(?:\,(?:[0-9]|1[0-9]|2[0-3]))*)) (\*|(?:[1-9]|(?:[12][0-9])|3[01])(?:(?:\-(?:[1-9]|(?:[12][0-9])|3[01]))?|(?:\,(?:[1-9]|(?:[12][0-9])|3[01]))*)) (\*|(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:\-(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?|(?:\,(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))*)) (\*|(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT)(?:(?:\-(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))?|(?:\,(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))*))$` + Schedule string `json:"schedule"` + + // Cron Regex breakdown: + // Allow macros: (@(annually|yearly|monthly|weekly|daily|hourly)) + // OR + // Minute: + // (\*|(?:\*|(?:[0-9]|(?:[1-5][0-9])))\/(?:[0-9]|(?:[1-5][0-9]))|(?:[0-9]|(?:[1-5][0-9]))(?:(?:\-[0-9]|\-(?:[1-5][0-9]))?|(?:\,(?:[0-9]|(?:[1-5][0-9])))*)) + // Hour: + // (\*|(?:\*|(?:\*|(?:[0-9]|1[0-9]|2[0-3])))\/(?:[0-9]|1[0-9]|2[0-3])|(?:[0-9]|1[0-9]|2[0-3])(?:(?:\-(?:[0-9]|1[0-9]|2[0-3]))?|(?:\,(?:[0-9]|1[0-9]|2[0-3]))*)) + // Day of the Month: + // (\*|(?:[1-9]|(?:[12][0-9])|3[01])(?:(?:\-(?:[1-9]|(?:[12][0-9])|3[01]))?|(?:\,(?:[1-9]|(?:[12][0-9])|3[01]))*)) + // Month: + // (\*|(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:\-(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?|(?:\,(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))*)) + // Day of Week: + // (\*|(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT)(?:(?:\-(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))?|(?:\,(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))*)) + // + + // The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. + // If not specified, this will default to the time zone of the kube-controller-manager process. + // See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones + // +kubebuilder:validation:Optional + // +optional + // +kubebuilder:validation:Pattern:=`^([A-Za-z_]+([+-]*0)*|[A-Za-z_]+(\/[A-Za-z_]+){1,2})(\/GMT[+-]\d{1,2})?$` + TimeZone string `json:"timeZone"` + + // Timezone regex breakdown: + // ([A-Za-z_]+([+-]*0)*|[A-Za-z_]+(/[A-Za-z_]+){1,2}) - Matches either: + // [A-Za-z_]+([+-]*0)* - One or more alphabetical characters (uppercase or lowercase) or underscores, followed by a +0 or -0 to account for GMT+0 or GMT-0 (for the first part of the timezone identifier). + // [A-Za-z_]+(/[A-Za-z_]+){1,2} - One or more alphabetical characters (uppercase or lowercase) or underscores, followed by one or two occurrences of a forward slash followed by one or more alphabetical characters or underscores. This allows for matching timezone identifiers with 2 or 3 parts, e.g America/Argentina/Buenos_Aires + // (/GMT[+-]\d{1,2})? - Makes the GMT offset suffix optional. It matches "/GMT" followed by either a plus ("+") or minus ("-") sign and one or two digits (the GMT offset) + + // RetentionPolicy defines the retention policy for retaining and deleting existing backups. + // +kubebuilder:validation:Optional + // +optional + RetentionPolicy RetentionPolicy `json:"retentionPolicy"` + + // PVCName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the + // etcd backup files would be saved + // The PVC itself must always be created in the "openshift-etcd" namespace + // If the PVC is left unspecified "" then the platform will choose a reasonable default location to save the backup. + // In the future this would be backups saved across the control-plane master nodes. + // +kubebuilder:validation:Optional + // +optional + PVCName string `json:"pvcName"` +} + +// RetentionType is the enumeration of valid retention policy types +// +enum +// +kubebuilder:validation:Enum:="RetentionNumber";"RetentionSize" +type RetentionType string + +const ( + // RetentionTypeNumber sets the retention policy based on the number of backup files saved + RetentionTypeNumber RetentionType = "RetentionNumber" + // RetentionTypeSize sets the retention policy based on the total size of the backup files saved + RetentionTypeSize RetentionType = "RetentionSize" +) + +// RetentionPolicy defines the retention policy for retaining and deleting existing backups. +// This struct is a discriminated union that allows users to select the type of retention policy from the supported types. +// +union +type RetentionPolicy struct { + // RetentionType sets the type of retention policy. + // Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. + // Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. + // The current default is RetentionNumber with 15 backups kept. + // +unionDiscriminator + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum:="";"RetentionNumber";"RetentionSize" + RetentionType RetentionType `json:"retentionType"` + + // RetentionNumber configures the retention policy based on the number of backups + // +kubebuilder:validation:Optional + // +optional + RetentionNumber *RetentionNumberConfig `json:"retentionNumber,omitempty"` + + // RetentionSize configures the retention policy based on the size of backups + // +kubebuilder:validation:Optional + // +optional + RetentionSize *RetentionSizeConfig `json:"retentionSize,omitempty"` +} + +// RetentionNumberConfig specifies the configuration of the retention policy on the number of backups +type RetentionNumberConfig struct { + // MaxNumberOfBackups defines the maximum number of backups to retain. + // If the existing number of backups saved is equal to MaxNumberOfBackups then + // the oldest backup will be removed before a new backup is initiated. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Required + // +required + MaxNumberOfBackups int `json:"maxNumberOfBackups,omitempty"` +} + +// RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups +type RetentionSizeConfig struct { + // MaxSizeOfBackupsGb defines the total size in GB of backups to retain. + // If the current total size backups exceeds MaxSizeOfBackupsGb then + // the oldest backup will be removed before a new backup is initiated. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Required + // +required + MaxSizeOfBackupsGb int `json:"maxSizeOfBackupsGb,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// BackupList is a collection of items +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type BackupList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + Items []Backup `json:"items"` +} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index 440cfd2e0..8cd8536f3 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -9,6 +9,117 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Backup) DeepCopyInto(out *Backup) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backup. +func (in *Backup) DeepCopy() *Backup { + if in == nil { + return nil + } + out := new(Backup) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Backup) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupList) DeepCopyInto(out *BackupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Backup, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupList. +func (in *BackupList) DeepCopy() *BackupList { + if in == nil { + return nil + } + out := new(BackupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BackupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupSpec) DeepCopyInto(out *BackupSpec) { + *out = *in + in.EtcdBackupSpec.DeepCopyInto(&out.EtcdBackupSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupSpec. +func (in *BackupSpec) DeepCopy() *BackupSpec { + if in == nil { + return nil + } + out := new(BackupSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupStatus) DeepCopyInto(out *BackupStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupStatus. +func (in *BackupStatus) DeepCopy() *BackupStatus { + if in == nil { + return nil + } + out := new(BackupStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdBackupSpec) DeepCopyInto(out *EtcdBackupSpec) { + *out = *in + in.RetentionPolicy.DeepCopyInto(&out.RetentionPolicy) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdBackupSpec. +func (in *EtcdBackupSpec) DeepCopy() *EtcdBackupSpec { + if in == nil { + return nil + } + out := new(EtcdBackupSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatherConfig) DeepCopyInto(out *GatherConfig) { *out = *in @@ -123,3 +234,61 @@ func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RetentionNumberConfig) DeepCopyInto(out *RetentionNumberConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetentionNumberConfig. +func (in *RetentionNumberConfig) DeepCopy() *RetentionNumberConfig { + if in == nil { + return nil + } + out := new(RetentionNumberConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RetentionPolicy) DeepCopyInto(out *RetentionPolicy) { + *out = *in + if in.RetentionNumber != nil { + in, out := &in.RetentionNumber, &out.RetentionNumber + *out = new(RetentionNumberConfig) + **out = **in + } + if in.RetentionSize != nil { + in, out := &in.RetentionSize, &out.RetentionSize + *out = new(RetentionSizeConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetentionPolicy. +func (in *RetentionPolicy) DeepCopy() *RetentionPolicy { + if in == nil { + return nil + } + out := new(RetentionPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RetentionSizeConfig) DeepCopyInto(out *RetentionSizeConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RetentionSizeConfig. +func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { + if in == nil { + return nil + } + out := new(RetentionSizeConfig) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 6bc6e2522..425c1ec51 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -11,6 +11,75 @@ package v1alpha1 // Those methods can be generated by using hack/update-swagger-docs.sh // AUTO-GENERATED FUNCTIONS START HERE +var map_Backup = map[string]string{ + "": "\n\nBackup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Backup) SwaggerDoc() map[string]string { + return map_Backup +} + +var map_BackupList = map[string]string{ + "": "BackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (BackupList) SwaggerDoc() map[string]string { + return map_BackupList +} + +var map_BackupSpec = map[string]string{ + "etcd": "etcd specifies the configuration for periodic backups of the etcd cluster", +} + +func (BackupSpec) SwaggerDoc() map[string]string { + return map_BackupSpec +} + +var map_EtcdBackupSpec = map[string]string{ + "": "EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator", + "schedule": "Schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is \"no backups\", but will change in the future.", + "timeZone": "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones", + "retentionPolicy": "RetentionPolicy defines the retention policy for retaining and deleting existing backups.", + "pvcName": "PVCName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", +} + +func (EtcdBackupSpec) SwaggerDoc() map[string]string { + return map_EtcdBackupSpec +} + +var map_RetentionNumberConfig = map[string]string{ + "": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + "maxNumberOfBackups": "MaxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", +} + +func (RetentionNumberConfig) SwaggerDoc() map[string]string { + return map_RetentionNumberConfig +} + +var map_RetentionPolicy = map[string]string{ + "": "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", + "retentionType": "RetentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.", + "retentionNumber": "RetentionNumber configures the retention policy based on the number of backups", + "retentionSize": "RetentionSize configures the retention policy based on the size of backups", +} + +func (RetentionPolicy) SwaggerDoc() map[string]string { + return map_RetentionPolicy +} + +var map_RetentionSizeConfig = map[string]string{ + "": "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", + "maxSizeOfBackupsGb": "MaxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", +} + +func (RetentionSizeConfig) SwaggerDoc() map[string]string { + return map_RetentionSizeConfig +} + var map_GatherConfig = map[string]string{ "": "gatherConfig provides data gathering configuration options.", "dataPolicy": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is None.", diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go index e6ef6b4c6..3ec1e2842 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go @@ -46,8 +46,44 @@ type OpenShiftAPIServerConfig struct { // TODO this needs to be removed. APIServerArguments map[string][]string `json:"apiServerArguments"` + + // apiServers holds information about enabled/disabled API servers + APIServers APIServers `json:"apiServers"` +} + +type APIServers struct { + // perGroupOptions is a list of enabled/disabled API servers in addition to the defaults + PerGroupOptions []PerGroupOptions `json:"perGroupOptions"` +} + +type PerGroupOptions struct { + // name is an API server name (see OpenShiftAPIserverName + // typed constants for a complete list of available API servers). + Name OpenShiftAPIserverName `json:"name"` + + // enabledVersions is a list of versions that must be enabled in addition to the defaults. + // Must not collide with the list of disabled versions + EnabledVersions []string `json:"enabledVersions"` + + // disabledVersions is a list of versions that must be disabled in addition to the defaults. + // Must not collide with the list of enabled versions + DisabledVersions []string `json:"disabledVersions"` } +type OpenShiftAPIserverName string + +const ( + OpenShiftAppsAPIserver OpenShiftAPIserverName = "apps.openshift.io" + OpenShiftAuthorizationAPIserver OpenShiftAPIserverName = "authorization.openshift.io" + OpenShiftBuildAPIserver OpenShiftAPIserverName = "build.openshift.io" + OpenShiftImageAPIserver OpenShiftAPIserverName = "image.openshift.io" + OpenShiftProjectAPIserver OpenShiftAPIserverName = "project.openshift.io" + OpenShiftQuotaAPIserver OpenShiftAPIserverName = "quota.openshift.io" + OpenShiftRouteAPIserver OpenShiftAPIserverName = "route.openshift.io" + OpenShiftSecurityAPIserver OpenShiftAPIserverName = "security.openshift.io" + OpenShiftTemplateAPIserver OpenShiftAPIserverName = "template.openshift.io" +) + type FrontProxyConfig struct { // clientCA is a path to the CA bundle to use to verify the common name of the front proxy's client cert ClientCA string `json:"clientCA"` @@ -156,6 +192,29 @@ type JenkinsPipelineConfig struct { Parameters map[string]string `json:"parameters"` } +// OpenShiftControllerName defines a string type used to represent the various +// OpenShift controllers within openshift-controller-manager. These constants serve as identifiers +// for the controllers and are used on both openshift/openshift-controller-manager +// and openshift/cluster-openshift-controller-manager-operator repositories. +type OpenShiftControllerName string + +const ( + OpenShiftServiceAccountController OpenShiftControllerName = "openshift.io/serviceaccount" + OpenShiftDefaultRoleBindingsController OpenShiftControllerName = "openshift.io/default-rolebindings" + OpenShiftServiceAccountPullSecretsController OpenShiftControllerName = "openshift.io/serviceaccount-pull-secrets" + OpenshiftOriginNamespaceController OpenShiftControllerName = "openshift.io/origin-namespace" + OpenshiftBuildController OpenShiftControllerName = "openshift.io/build" + OpenshiftBuildConfigChangeController OpenShiftControllerName = "openshift.io/build-config-change" + OpenshiftDeployerController OpenShiftControllerName = "openshift.io/deployer" + OpenshiftDeploymentConfigController OpenShiftControllerName = "openshift.io/deploymentconfig" + OpenshiftImageTriggerController OpenShiftControllerName = "openshift.io/image-trigger" + OpenshiftImageImportController OpenShiftControllerName = "openshift.io/image-import" + OpenshiftImageSignatureImportController OpenShiftControllerName = "openshift.io/image-signature-import" + OpenshiftTemplateInstanceController OpenShiftControllerName = "openshift.io/templateinstance" + OpenshiftTemplateInstanceFinalizerController OpenShiftControllerName = "openshift.io/templateinstancefinalizer" + OpenshiftUnidlingController OpenShiftControllerName = "openshift.io/unidling" +) + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.deepcopy.go index d439881ba..62de55ed4 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.deepcopy.go @@ -12,6 +12,29 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServers) DeepCopyInto(out *APIServers) { + *out = *in + if in.PerGroupOptions != nil { + in, out := &in.PerGroupOptions, &out.PerGroupOptions + *out = make([]PerGroupOptions, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServers. +func (in *APIServers) DeepCopy() *APIServers { + if in == nil { + return nil + } + out := new(APIServers) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in AllowedRegistries) DeepCopyInto(out *AllowedRegistries) { { @@ -410,6 +433,7 @@ func (in *OpenShiftAPIServerConfig) DeepCopyInto(out *OpenShiftAPIServerConfig) (*out)[key] = outVal } } + in.APIServers.DeepCopyInto(&out.APIServers) return } @@ -483,6 +507,32 @@ func (in *OpenShiftControllerManagerConfig) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PerGroupOptions) DeepCopyInto(out *PerGroupOptions) { + *out = *in + if in.EnabledVersions != nil { + in, out := &in.EnabledVersions, &out.EnabledVersions + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DisabledVersions != nil { + in, out := &in.DisabledVersions, &out.DisabledVersions + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PerGroupOptions. +func (in *PerGroupOptions) DeepCopy() *PerGroupOptions { + if in == nil { + return nil + } + out := new(PerGroupOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProjectConfig) DeepCopyInto(out *ProjectConfig) { *out = *in diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go index 4663ce67a..b50508a63 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go @@ -11,6 +11,14 @@ package v1 // Those methods can be generated by using hack/update-swagger-docs.sh // AUTO-GENERATED FUNCTIONS START HERE +var map_APIServers = map[string]string{ + "perGroupOptions": "perGroupOptions is a list of enabled/disabled API servers in addition to the defaults", +} + +func (APIServers) SwaggerDoc() map[string]string { + return map_APIServers +} + var map_BuildControllerConfig = map[string]string{ "additionalTrustedCA": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted for image pushes and pulls during builds.", } @@ -151,6 +159,7 @@ var map_OpenShiftAPIServerConfig = map[string]string{ "serviceAccountOAuthGrantMethod": "serviceAccountOAuthGrantMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt, or \"\"", "jenkinsPipelineConfig": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", "cloudProviderFile": "cloudProviderFile points to the cloud config file", + "apiServers": "apiServers holds information about enabled/disabled API servers", } func (OpenShiftAPIServerConfig) SwaggerDoc() map[string]string { @@ -169,6 +178,16 @@ func (OpenShiftControllerManagerConfig) SwaggerDoc() map[string]string { return map_OpenShiftControllerManagerConfig } +var map_PerGroupOptions = map[string]string{ + "name": "name is an API server name (see OpenShiftAPIserverName typed constants for a complete list of available API servers).", + "enabledVersions": "enabledVersions is a list of versions that must be enabled in addition to the defaults. Must not collide with the list of disabled versions", + "disabledVersions": "disabledVersions is a list of versions that must be disabled in addition to the defaults. Must not collide with the list of enabled versions", +} + +func (PerGroupOptions) SwaggerDoc() map[string]string { + return map_PerGroupOptions +} + var map_ProjectConfig = map[string]string{ "defaultNodeSelector": "defaultNodeSelector holds default project node label selector", "projectRequestMessage": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..6e9f72e13 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,207 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "Etcd provides information to configure an operator to manage etcd. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + controlPlaneHardwareSpeed: + description: HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are "", "Standard" and "Slower". "" means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. + type: string + enum: + - "" + - Standard + - Slower + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels + type: string + enum: + - "" + - Standard + - Slower + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most recent deployment + type: integer + format: int32 + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across individual nodes + type: array + items: + description: NodeStatus provides information about the current state of a particular node managed by this operator. + type: object + properties: + currentRevision: + description: currentRevision is the generation of the most recently successful deployment + type: integer + format: int32 + lastFailedCount: + description: lastFailedCount is how often the installer pod of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. + type: integer + format: int32 + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. + type: array + items: + type: string + lastFailedTime: + description: lastFailedTime is the time the last failed revision failed the last time. + type: string + format: date-time + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment we're trying to apply + type: integer + format: int32 + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml index 813d03ca7..e6a79fe6c 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml @@ -6,6 +6,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: Default name: etcds.operator.openshift.io spec: group: operator.openshift.io @@ -102,6 +103,13 @@ spec: type: string type: type: string + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels + type: string + enum: + - "" + - Standard + - Slower generations: description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. type: array diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml index c22035101..bce7c8c7e 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml @@ -3,6 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: api-approved.openshift.io: https://github.com/openshift/api/pull/692 + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" name: cloudcredentials.operator.openshift.io diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml index 6ccac5ad1..80bb8eddf 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml @@ -77,13 +77,8 @@ spec: - LegacyDeprecatedInTreeDriver - CSIWithMigrationDriver x-kubernetes-validations: - - rule: oldSelf != "CSIWithMigrationDriver" || self == "CSIWithMigrationDriver" - message: VSphereStorageDriver can not be changed once it is set to CSIWithMigrationDriver - rule: self != "LegacyDeprecatedInTreeDriver" message: VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver - x-kubernetes-validations: - - rule: '!has(oldSelf.vsphereStorageDriver) || has(self.vsphereStorageDriver)' - message: VSphereStorageDriver is required once set status: description: status holds observed values from the cluster. They may not be overridden. type: object diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index fb8dd8e5e..4ff57e35a 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -261,6 +261,130 @@ spec: httpHeaders: description: "httpHeaders defines policy for HTTP headers. \n If this field is empty, the default values are used." properties: + actions: + description: 'actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController''s spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route''s spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.' + properties: + request: + description: 'request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are "req.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".' + items: + description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise. + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: 'response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are "res.hdr" and "ssl_c_der". Converters allowed are "lower" and "base64". Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]".' + items: + description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on headers, such as setting or deleting headers. + properties: + set: + description: set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise. + properties: + value: + description: value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' + name: + description: 'name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, "-!#$%&''*+.^_`". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.' + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object forwardedHeaderPolicy: description: "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following: \n * \"Append\", which specifies that the IngressController appends the headers, preserving existing headers. \n * \"Replace\", which specifies that the IngressController sets the headers, replacing any existing Forwarded or X-Forwarded-* headers. \n * \"IfNone\", which specifies that the IngressController sets the headers if they are not already set. \n * \"Never\", which specifies that the IngressController never sets the headers, preserving any existing headers. \n By default, the policy is \"Append\"." enum: @@ -307,6 +431,14 @@ spec: properties: container: description: container holds parameters for the Container logging destination. Present only if type is Container. + properties: + maxLength: + default: 1024 + description: "maxLength is the maximum length of the log message. \n Valid values are integers in the range 480 to 8192, inclusive. \n When omitted, the default value is 1024." + format: int32 + maximum: 8192 + minimum: 480 + type: integer type: object syslog: description: syslog holds parameters for a syslog endpoint. Present only if type is Syslog. @@ -351,7 +483,7 @@ spec: type: string maxLength: default: 1024 - description: "maxLength is the maximum length of the syslog message \n If this field is empty, the maxLength is set to \"1024\"." + description: "maxLength is the maximum length of the log message. \n Valid values are integers in the range 480 to 4096, inclusive. \n When omitted, the default value is 1024." format: int32 maximum: 4096 minimum: 480 diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml index 0adfde4b4..83222ab78 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml @@ -216,6 +216,62 @@ spec: description: gatewayConfig holds the configuration for node gateway options. type: object properties: + ipForwarding: + description: IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to "Global". The supported values are "Restricted" and "Global". + type: string + ipv4: + description: ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values. + type: object + properties: + internalMasqueradeSubnet: + description: internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format + type: string + maxLength: 18 + x-kubernetes-validations: + - rule: self.indexOf('/') == self.lastIndexOf('/') + message: CIDR format must contain exactly one '/' + - rule: '[int(self.split(''/'')[1])].all(x, x <= 29 && x >= 0)' + message: subnet must be in the range /0 to /29 inclusive + - rule: self.split('/')[0].split('.').size() == 4 + message: a valid IPv4 address must contain 4 octets + - rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != ''0'' && int(x) <= 255 && !x.startsWith(''0''))' + message: first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255 + - rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], self.findAll(''[0-9]+'')[3]].all(x, int(x) <= 255 && (x == ''0'' || !x.startsWith(''0'')))' + message: IP address octets must not contain leading zeros, and must be less or equal to 255 + ipv6: + description: ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values. + type: object + properties: + internalMasqueradeSubnet: + description: internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - rule: self.indexOf('/') == self.lastIndexOf('/') + message: CIDR format must contain exactly one '/' + - rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0) + message: subnet must be in the range /0 to /125 inclusive + - rule: self.indexOf('::') == self.lastIndexOf('::') + message: IPv6 addresses must contain at most one '::' and may only be shortened once + - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() <= 8 : self.split(''/'')[0].split('':'').size() == 8' + message: a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments + - rule: 'self.split(''/'')[0].split('':'').size() >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1 + - rule: 'self.split(''/'')[0].split('':'').size() >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2 + - rule: 'self.split(''/'')[0].split('':'').size() >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3 + - rule: 'self.split(''/'')[0].split('':'').size() >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4 + - rule: 'self.split(''/'')[0].split('':'').size() >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5 + - rule: 'self.split(''/'')[0].split('':'').size() >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6 + - rule: 'self.split(''/'')[0].split('':'').size() >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7 + - rule: 'self.split(''/'')[0].split('':'').size() >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8 + - rule: '!self.contains(''.'')' + message: IPv6 dual addresses are not permitted, value should not contain `.` characters routingViaHost: description: RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified. type: boolean @@ -269,9 +325,11 @@ spec: default: 50 minimum: 1 maxLogFiles: - description: 'maxLogFiles specifies the maximum number of ACL_audit log files that can be present. Default: 5' + description: maxLogFiles specifies the maximum number of ACL_audit log files that can be present. type: integer format: int32 + default: 5 + minimum: 1 rateLimit: description: rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used. type: integer diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml index 0d533f420..d90a13557 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml @@ -45,6 +45,7 @@ spec: - diskplugin.csi.alibabacloud.com - vpc.block.csi.ibm.io - powervs.csi.ibm.com + - secrets-store.csi.k8s.io type: string type: object spec: diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch index 2f23e95cb..2a02f97f2 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch @@ -19,3 +19,4 @@ - diskplugin.csi.alibabacloud.com - vpc.block.csi.ibm.io - powervs.csi.ibm.com + - secrets-store.csi.k8s.io diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml similarity index 98% rename from vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml rename to vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml index 22d3ff43b..242eecebc 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml @@ -53,7 +53,20 @@ spec: brand: description: brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout. type: string - pattern: ^$|^(ocp|origin|okd|dedicated|online|azure)$ + enum: + - openshift + - okd + - online + - ocp + - dedicated + - azure + - OpenShift + - OKD + - Online + - OCP + - Dedicated + - Azure + - ROSA customLogoFile: description: 'customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like ''oc create configmap custom-logo --from-file=/path/to/file -n openshift-config''. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred' type: object diff --git a/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml index 158c96ad4..065d490e4 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] Console" -crd: 0000_70_console-operator.crd.yaml +crd: 00_console-operator.crd.yaml tests: onCreate: - name: Should be able to create a minimal Console diff --git a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml index 01d02ce09..903d8e60c 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml @@ -13,3 +13,466 @@ tests: kind: IngressController spec: httpEmptyRequestsPolicy: Respond + - name: Should be able to create an IngressController with valid Actions + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpEmptyRequestsPolicy: Respond + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Cache-Info + action: + type: Set + set: + value: "not cacheable; meta data too large" + - name: X-XSS-Protection + action: + type: Delete + - name: X-Source + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,base64]" + - name: Content-Language + action: + type: Delete + - name: X-Target + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + - name: X-Conditional + action: + type: Set + set: + value: "%[req.hdr(Host)] if foo" + - name: X-Condition + action: + type: Set + set: + value: "%[req.hdr(Host)]\ if\ foo" + - name: Should not allow to set/delete HSTS header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: Strict-Transport-Security + action: + type: Delete + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "strict-transport-security header may not be modified via header actions" + - name: Should not allow to set/delete Proxy header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Proxy + action: + type: Set + set: + value: example.xyz + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "proxy header may not be modified via header actions" + - name: Should not allow to set/delete Host header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Host + action: + type: Set + set: + value: example.xyz + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "host header may not be modified via header actions" + - name: Should not allow to set/delete cookie header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + request: + - name: Cookie + action: + type: Set + set: + value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "cookie header may not be modified via header actions" + - name: Should not allow to set/delete set-cookie header. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-hsts + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: Set-Cookie + action: + type: Set + set: + value: "sessionId=e8bb43229de9; Domain=foo.example.com" + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + expectedError: "set-cookie header may not be modified via header actions" + - name: Should not allow to set/delete dynamic headers with unclosed braces. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-unclosed-braces + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: Content-Location + action: + type: Set + set: + value: /my-first-blog-post + - name: Content-Language + action: + type: Delete + - name: expires + action: + type: Set + set: + value: "%[req.hdr(host),lower" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response header values with not allowed sample fetchers. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Target + action: + type: Set + set: + value: "%[req.hdrs(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow empty value in response. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow empty value in request. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-Frame-Options + action: + type: Set + set: + value: + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' + - name: Should not allow to set dynamic response header values with not allowed converters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + set: + value: DENY + - name: X-Source + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,bogus]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values containing sample fetcher res.hdr. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-Target + action: + type: Set + set: + value: "%[res.hdr(X-Value),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic response headers value containing sample fetcher req.hdr. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Source + action: + type: Set + set: + value: "%[req.hdr(host),lower]" + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed converters. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der,hello]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should not allow to set dynamic request header values with not allowed sample fetchers. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + request: + - name: X-SSL-Client-Cert + action: + type: Set + set: + value: "%{+Q}[ssl_c_der1234,base64]" + - name: Content-Language + action: + type: Delete + expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + - name: Should be required to specify the set field when the discriminant type is Set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + type: Set + expectedError: "set is required when type is Set, and forbidden otherwise" + - name: Should be able to add set field only when discriminant type is Set. + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default-not-allowed-values + namespace: openshift-ingress-operator + spec: + httpHeaders: + actions: + response: + - name: X-Frame-Options + action: + set: + value: DENY + expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' diff --git a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml index a40c21fab..698e4bf48 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml @@ -15,3 +15,216 @@ tests: disableNetworkDiagnostics: false logLevel: Normal operatorLogLevel: Normal + - name: Should be able to pass a valid IPV4 CIDR to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: "169.254.168.0/29" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipv4: + internalMasqueradeSubnet: "169.254.168.0/29" + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should not be able to pass CIDR with a subnet larger than /29 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.10/32 + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" + - name: Should not be able to pass CIDR with a subnet smaller than /0 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.10/-1 + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" + - name: Should not be able to add an IP address with the incorrect number of octets to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10/24 + expectedError: "Invalid value: \"string\": a valid IPv4 address must contain 4 octets" + - name: Should not be able to add an IP address with leading zeros in an octet to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.010.10/24 + expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" + - name: Should not be able to add an IP address with with zero for the first octet to internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 0.10.10.10/24 + expectedError: "Invalid value: \"string\": first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" + - name: Should not be able to add an IP address with an octet greater than 255 to IPV4 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv4: + internalMasqueradeSubnet: 10.10.10.256/24 + expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" + - name: Should be able to pass a valid IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" + routingViaHost: false + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should be able to pass a valid shorthand IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: false + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" + disableNetworkDiagnostics: false + logLevel: Normal + operatorLogLevel: Normal + - name: Should not be able to pass invalid IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "foo" + expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /125 inclusive" + - name: Should not be able to add an IP address with the more than 8 octets to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:6789:abcd/125 + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: Should not be able to add a dual IP address to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:1.2.3.4/125 + expectedError: "Invalid value: \"string\": IPv6 dual addresses are not permitted, value should not contain `.` characters" + - name: Should be able to pass a double elided IPV6 CIDR to IPV6 internalMasqueradeSubnet + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd::ef01::2345:6789/20" + expectedError: "Invalid value: \"string\": IPv6 addresses must contain at most one '::' and may only be shortened once" + - name: "Should not be able to pass a complete IPV6 CIDR with a :: expander to v6InternalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789::abcd:ef01:2345:6789/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: Should not be able to pass a IPV6 CIDR without enough segments to v6InternalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: "Should not be able to pass an elided IPV6 CIDR with only a single empty segment to IPV6 internalMasqueradeSubnet" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345::/125" + expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + \ No newline at end of file diff --git a/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml index a686534da..98afa6ea7 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml @@ -76,8 +76,8 @@ tests: kind: Storage spec: vsphereStorageDriver: LegacyDeprecatedInTreeDriver - expectedError: "VSphereStorageDriver can not be changed once it is set to CSIWithMigrationDriver" - - name: Should not allow changing CSIWithMigrationDriver to empty string + expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" + - name: Should allow changing CSIWithMigrationDriver to empty string initial: | apiVersion: operator.openshift.io/v1 kind: Storage @@ -88,8 +88,14 @@ tests: kind: Storage spec: vsphereStorageDriver: "" - expectedError: "VSphereStorageDriver can not be changed once it is set to CSIWithMigrationDriver" - - name: Should not allow unsetting VSphereStorageDriver once it is set + expected: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + vsphereStorageDriver: "" + logLevel: Normal + operatorLogLevel: Normal + - name: Should allow unsetting VSphereStorageDriver once it is set initial: | apiVersion: operator.openshift.io/v1 kind: Storage @@ -99,4 +105,9 @@ tests: apiVersion: operator.openshift.io/v1 kind: Storage spec: {} - expectedError: "VSphereStorageDriver is required once set" + expected: | + apiVersion: operator.openshift.io/v1 + kind: Storage + spec: + logLevel: Normal + operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml new file mode 100644 index 000000000..27108a3af --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml @@ -0,0 +1,62 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] Etcd" +crd: 0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create with Standard hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Standard + - name: Should be able to create with Slower hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Slower + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Slower + onUpdate: + - name: Should be able to create with Standard, then set to Slower + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Slower + expected: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + logLevel: Normal + operatorLogLevel: Normal + controlPlaneHardwareSpeed: Slower + - name: Should not be allowed to try to set invalid hardware speed + initial: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: Standard + updated: | + apiVersion: operator.openshift.io/v1 + kind: Etcd + spec: + controlPlaneHardwareSpeed: foo + expectedError: Unsupported value diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 80aeb0a43..15d653ae4 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -95,6 +95,7 @@ type ConsoleCustomization struct { // providing the brand field. There is a limited set of specific brand options. // This field controls elements of the console such as the logo. // Invalid value will prevent a console rollout. + // +kubebuilder:validation:Enum:=openshift;okd;online;ocp;dedicated;azure;OpenShift;OKD;Online;OCP;Dedicated;Azure;ROSA Brand Brand `json:"brand,omitempty"` // documentationBaseURL links to external documentation are shown in various sections // of the web console. Providing documentationBaseURL will override the default @@ -338,22 +339,35 @@ type PinnedResourceReference struct { } // Brand is a specific supported brand within the console. -// +kubebuilder:validation:Pattern=`^$|^(ocp|origin|okd|dedicated|online|azure)$` type Brand string const ( + // Legacy branding for OpenShift + BrandOpenShiftLegacy Brand = "openshift" + // Legacy branding for The Origin Community Distribution of Kubernetes + BrandOKDLegacy Brand = "okd" + // Legacy branding for OpenShift Online + BrandOnlineLegacy Brand = "online" + // Legacy branding for OpenShift Container Platform + BrandOCPLegacy Brand = "ocp" + // Legacy branding for OpenShift Dedicated + BrandDedicatedLegacy Brand = "dedicated" + // Legacy branding for Azure Red Hat OpenShift + BrandAzureLegacy Brand = "azure" // Branding for OpenShift - BrandOpenShift Brand = "openshift" + BrandOpenShift Brand = "OpenShift" // Branding for The Origin Community Distribution of Kubernetes - BrandOKD Brand = "okd" + BrandOKD Brand = "OKD" // Branding for OpenShift Online - BrandOnline Brand = "online" + BrandOnline Brand = "Online" // Branding for OpenShift Container Platform - BrandOCP Brand = "ocp" + BrandOCP Brand = "OCP" // Branding for OpenShift Dedicated - BrandDedicated Brand = "dedicated" + BrandDedicated Brand = "Dedicated" // Branding for Azure Red Hat OpenShift - BrandAzure Brand = "azure" + BrandAzure Brand = "Azure" + // Branding for Red Hat OpenShift Service on AWS + BrandROSA Brand = "ROSA" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 43406a343..d2f058910 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -83,6 +83,7 @@ const ( AlibabaDiskCSIDriver CSIDriverName = "diskplugin.csi.alibabacloud.com" IBMVPCBlockCSIDriver CSIDriverName = "vpc.block.csi.ibm.io" IBMPowerVSBlockCSIDriver CSIDriverName = "powervs.csi.ibm.com" + SecretsStoreCSIDriver CSIDriverName = "secrets-store.csi.k8s.io" ) // ClusterCSIDriverSpec is the desired behavior of CSI driver operator diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index f0b525a40..f763556b8 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -28,12 +28,41 @@ type Etcd struct { type EtcdSpec struct { StaticPodOperatorSpec `json:",inline"` + // HardwareSpeed allows user to change the etcd tuning profile which configures + // the latency parameters for heartbeat interval and leader election timeouts + // allowing the cluster to tolerate longer round-trip-times between etcd members. + // Valid values are "", "Standard" and "Slower". + // "" means no opinion and the platform is left to choose a reasonable default + // which is subject to change without notice. + // +kubebuilder:validation:Optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +optional + HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` } type EtcdStatus struct { StaticPodOperatorStatus `json:",inline"` + HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` } +const ( + // StandardHardwareSpeed provides the normal tolerances for hardware speed and latency. + // Currently sets (values subject to change at any time): + // ETCD_HEARTBEAT_INTERVAL: 100ms + // ETCD_LEADER_ELECTION_TIMEOUT: 1000ms + StandardHardwareSpeed ControlPlaneHardwareSpeed = "Standard" + // SlowerHardwareSpeed provides more tolerance for slower hardware and/or higher latency networks. + // Sets (values subject to change): + // ETCD_HEARTBEAT_INTERVAL: 5x Standard + // ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard + SlowerHardwareSpeed ControlPlaneHardwareSpeed = "Slower" +) + +// ControlPlaneHardwareSpeed declares valid hardware speed tolerance levels +// +enum +// +kubebuilder:validation:Enum:="";Standard;Slower +type ControlPlaneHardwareSpeed string + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // KubeAPISOperatorConfigList is a collection of items diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 1dd56a430..3d9f512a9 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -1022,14 +1022,16 @@ type SyslogLoggingDestinationParameters struct { // +optional Facility string `json:"facility,omitempty"` - // maxLength is the maximum length of the syslog message + // maxLength is the maximum length of the log message. // - // If this field is empty, the maxLength is set to "1024". + // Valid values are integers in the range 480 to 4096, inclusive. + // + // When omitted, the default value is 1024. // - // +kubebuilder:validation:Optional // +kubebuilder:validation:Maximum=4096 // +kubebuilder:validation:Minimum=480 // +kubebuilder:default=1024 + // +default:=1024 // +optional MaxLength uint32 `json:"maxLength,omitempty"` } @@ -1037,6 +1039,18 @@ type SyslogLoggingDestinationParameters struct { // ContainerLoggingDestinationParameters describes parameters for the Container // logging destination type. type ContainerLoggingDestinationParameters struct { + // maxLength is the maximum length of the log message. + // + // Valid values are integers in the range 480 to 8192, inclusive. + // + // When omitted, the default value is 1024. + // + // +kubebuilder:validation:Maximum=8192 + // +kubebuilder:validation:Minimum=480 + // +kubebuilder:default=1024 + // +default:=1024 + // +optional + MaxLength int32 `json:"maxLength,omitempty"` } // LoggingDestination describes a destination for log messages. @@ -1385,6 +1399,144 @@ type IngressControllerHTTPHeaders struct { // +nullable // +optional HeaderNameCaseAdjustments []IngressControllerHTTPHeaderNameCaseAdjustment `json:"headerNameCaseAdjustments,omitempty"` + + // actions specifies options for modifying headers and their values. + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be modified for TLS passthrough + // connections. + // Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + // may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + // accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + // Any actions defined here are applied after any actions related to the following other fields: + // cache-control, spec.clientTLS, + // spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + // and spec.httpHeaders.headerNameCaseAdjustments. + // In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + // the actions specified in the IngressController's spec.httpHeaders.actions field. + // In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + // executed after the actions specified in the Route's spec.httpHeaders.actions field. + // Headers set using this API cannot be captured for use in access logs. + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. Please refer to the documentation + // for that API field for more details. + // +optional + Actions IngressControllerHTTPHeaderActions `json:"actions,omitempty"` +} + +// IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers. +type IngressControllerHTTPHeaderActions struct { + // response is a list of HTTP response headers to modify. + // Actions defined here will modify the response headers of all requests passing through an ingress controller. + // These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + // IngressController actions for response headers will be executed after Route actions. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 response header actions may be configured. + // Sample fetchers allowed are "res.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + Response []IngressControllerHTTPHeader `json:"response"` + // request is a list of HTTP request headers to modify. + // Actions defined here will modify the request headers of all requests passing through an ingress controller. + // These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + // IngressController actions for request headers will be executed before Route actions. + // Currently, actions may define to either `Set` or `Delete` headers values. + // Actions are applied in sequence as defined in this list. + // A maximum of 20 request header actions may be configured. + // Sample fetchers allowed are "req.hdr" and "ssl_c_der". + // Converters allowed are "lower" and "base64". + // Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + // + --- + // + Note: Any change to regex mentioned below must be reflected in the CRD validation of route in https://github.com/openshift/library-go/blob/master/pkg/route/validation/validation.go and vice-versa. + // +listType=map + // +listMapKey=name + // +optional + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:XValidation:rule=`self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$')))`,message="Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." + Request []IngressControllerHTTPHeader `json:"request"` +} + +// IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. +type IngressControllerHTTPHeader struct { + // name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + // The following header names are reserved and may not be modified via this API: + // Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + // It must be no more than 255 characters in length. + // Header name must be unique. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'strict-transport-security'",message="strict-transport-security header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'proxy'",message="proxy header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'host'",message="host header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'cookie'",message="cookie header may not be modified via header actions" + // +kubebuilder:validation:XValidation:rule="self.lowerAscii() != 'set-cookie'",message="set-cookie header may not be modified via header actions" + Name string `json:"name"` + // action specifies actions to perform on headers, such as setting or deleting headers. + // +kubebuilder:validation:Required + Action IngressControllerHTTPHeaderActionUnion `json:"action"` +} + +// IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Set' ? has(self.set) : !has(self.set)",message="set is required when type is Set, and forbidden otherwise" +// +union +type IngressControllerHTTPHeaderActionUnion struct { + // type defines the type of the action to be applied on the header. + // Possible values are Set or Delete. + // Set allows you to set HTTP request and response headers. + // Delete allows you to delete HTTP request and response headers. + // +unionDiscriminator + // +kubebuilder:validation:Enum:=Set;Delete + // +kubebuilder:validation:Required + Type IngressControllerHTTPHeaderActionType `json:"type"` + + // set specifies how the HTTP header should be set. + // This field is required when type is Set and forbidden otherwise. + // +optional + // +unionMember + Set *IngressControllerSetHTTPHeader `json:"set,omitempty"` +} + +// IngressControllerHTTPHeaderActionType defines actions that can be performed on HTTP headers. +type IngressControllerHTTPHeaderActionType string + +const ( + // Set specifies that an HTTP header should be set. + Set IngressControllerHTTPHeaderActionType = "Set" + // Delete specifies that an HTTP header should be deleted. + Delete IngressControllerHTTPHeaderActionType = "Delete" +) + +// IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header. +type IngressControllerSetHTTPHeader struct { + // value specifies a header value. + // Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + // http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + // otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + // The value of this field must be no more than 16384 characters in length. + // Note that the total size of all net added headers *after* interpolating dynamic values + // must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + // IngressController. + // + --- + // + Note: This limit was selected as most common web servers have a limit of 16384 characters or some lower limit. + // + See . + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16384 + Value string `json:"value"` } // IngressControllerTuningOptions specifies options for tuning the performance diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index a3cea6b67..17fbbed0d 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -480,6 +480,17 @@ type HybridOverlayConfig struct { type IPsecConfig struct { } +type IPForwardingMode string + +const ( + // IPForwardingRestricted limits the IP forwarding on OVN-Kube managed interfaces (br-ex, br-ex1) to only required + // service and other k8s related traffic + IPForwardingRestricted IPForwardingMode = "Restricted" + + // IPForwardingGlobal allows all IP traffic to be forwarded across OVN-Kube managed interfaces + IPForwardingGlobal IPForwardingMode = "Global" +) + // GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides type GatewayConfig struct { // RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port @@ -489,6 +500,70 @@ type GatewayConfig struct { // +kubebuilder:default:=false // +optional RoutingViaHost bool `json:"routingViaHost,omitempty"` + // IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + // By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + // IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + // OVN-Kubernetes managed interfaces, then set this field to "Global". + // The supported values are "Restricted" and "Global". + // +optional + IPForwarding IPForwardingMode `json:"ipForwarding,omitempty"` + // ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + // configuration is used. Check individual members fields within ipv4 for details of default values. + // +optional + IPv4 IPv4GatewayConfig `json:"ipv4,omitempty"` + // ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + // configuration is used. Check individual members fields within ipv6 for details of default values. + // +optional + IPv6 IPv6GatewayConfig `json:"ipv6,omitempty"` +} + +// IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes +type IPv4GatewayConfig struct { + // internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + // ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + // addresses, as well as the shared gateway bridge interface. The values can be changed after + // installation. The subnet chosen should not overlap with other networks specified for + // OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + // be large enough to accommodate 6 IPs (maximum prefix length /29). + // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + // The current default subnet is 169.254.169.0/29 + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="self.indexOf('/') == self.lastIndexOf('/')",message="CIDR format must contain exactly one '/'" + // +kubebuilder:validation:XValidation:rule="[int(self.split('/')[1])].all(x, x <= 29 && x >= 0)",message="subnet must be in the range /0 to /29 inclusive" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split('.').size() == 4",message="a valid IPv4 address must contain 4 octets" + // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[0]].all(x, x != '0' && int(x) <= 255 && !x.startsWith('0'))",message="first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" + // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[1], self.findAll('[0-9]+')[2], self.findAll('[0-9]+')[3]].all(x, int(x) <= 255 && (x == '0' || !x.startsWith('0')))",message="IP address octets must not contain leading zeros, and must be less or equal to 255" + // +optional + InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` +} + +// IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes +type IPv6GatewayConfig struct { + // internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + // ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + // addresses, as well as the shared gateway bridge interface. The values can be changed after + // installation. The subnet chosen should not overlap with other networks specified for + // OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + // be large enough to accommodate 6 IPs (maximum prefix length /125). + // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + // The current default subnet is fd69::/125 + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:XValidation:rule="self.indexOf('/') == self.lastIndexOf('/')",message="CIDR format must contain exactly one '/'" + // +kubebuilder:validation:XValidation:rule="self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0)",message="subnet must be in the range /0 to /125 inclusive" + // +kubebuilder:validation:XValidation:rule="self.indexOf('::') == self.lastIndexOf('::')",message="IPv6 addresses must contain at most one '::' and may only be shortened once" + // +kubebuilder:validation:XValidation:rule="self.contains('::') ? self.split('/')[0].split(':').size() <= 8 : self.split('/')[0].split(':').size() == 8",message="a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=1 ? [self.split('/')[0].split(':', 8)[0]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=2 ? [self.split('/')[0].split(':', 8)[1]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=3 ? [self.split('/')[0].split(':', 8)[2]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=4 ? [self.split('/')[0].split(':', 8)[3]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=5 ? [self.split('/')[0].split(':', 8)[4]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=6 ? [self.split('/')[0].split(':', 8)[5]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=7 ? [self.split('/')[0].split(':', 8)[6]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=8 ? [self.split('/')[0].split(':', 8)[7]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8" + // +kubebuilder:validation:XValidation:rule="!self.contains('.')",message="IPv6 dual addresses are not permitted, value should not contain `.` characters" + // +optional + InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` } type ExportNetworkFlows struct { @@ -544,7 +619,8 @@ type PolicyAuditConfig struct { MaxFileSize *uint32 `json:"maxFileSize,omitempty"` // maxLogFiles specifies the maximum number of ACL_audit log files that can be present. - // Default: 5 + // +kubebuilder:default=5 + // +kubebuilder:validation:Minimum=1 // +optional MaxLogFiles *int32 `json:"maxLogFiles,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_storage.go b/vendor/github.com/openshift/api/operator/v1/types_storage.go index 84d00cd36..96a4b5d88 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_storage.go +++ b/vendor/github.com/openshift/api/operator/v1/types_storage.go @@ -39,7 +39,6 @@ const ( ) // StorageSpec is the specification of the desired behavior of the cluster storage operator. -// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vsphereStorageDriver) || has(self.vsphereStorageDriver)", message="VSphereStorageDriver is required once set" type StorageSpec struct { OperatorSpec `json:",inline"` @@ -49,7 +48,6 @@ type StorageSpec struct { // which may change over time without notice. // The current default is CSIWithMigrationDriver and may not be changed. // DEPRECATED: This field will be removed in a future release. - // +kubebuilder:validation:XValidation:rule="oldSelf != \"CSIWithMigrationDriver\" || self == \"CSIWithMigrationDriver\"",message="VSphereStorageDriver can not be changed once it is set to CSIWithMigrationDriver" // +kubebuilder:validation:XValidation:rule="self != \"LegacyDeprecatedInTreeDriver\"",message="VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" // +optional VSphereStorageDriver StorageDriverType `json:"vsphereStorageDriver"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index b72d5296f..a0f4c1a89 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -1533,6 +1533,8 @@ func (in *GCPLoadBalancerParameters) DeepCopy() *GCPLoadBalancerParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatewayConfig) DeepCopyInto(out *GatewayConfig) { *out = *in + out.IPv4 = in.IPv4 + out.IPv6 = in.IPv6 return } @@ -1764,6 +1766,38 @@ func (in *IPsecConfig) DeepCopy() *IPsecConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv4GatewayConfig) DeepCopyInto(out *IPv4GatewayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4GatewayConfig. +func (in *IPv4GatewayConfig) DeepCopy() *IPv4GatewayConfig { + if in == nil { + return nil + } + out := new(IPv4GatewayConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv6GatewayConfig) DeepCopyInto(out *IPv6GatewayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv6GatewayConfig. +func (in *IPv6GatewayConfig) DeepCopy() *IPv6GatewayConfig { + if in == nil { + return nil + } + out := new(IPv6GatewayConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressController) DeepCopyInto(out *IngressController) { *out = *in @@ -1867,6 +1901,74 @@ func (in *IngressControllerCaptureHTTPHeaders) DeepCopy() *IngressControllerCapt return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeader) DeepCopyInto(out *IngressControllerHTTPHeader) { + *out = *in + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeader. +func (in *IngressControllerHTTPHeader) DeepCopy() *IngressControllerHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderActionUnion) DeepCopyInto(out *IngressControllerHTTPHeaderActionUnion) { + *out = *in + if in.Set != nil { + in, out := &in.Set, &out.Set + *out = new(IngressControllerSetHTTPHeader) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderActionUnion. +func (in *IngressControllerHTTPHeaderActionUnion) DeepCopy() *IngressControllerHTTPHeaderActionUnion { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderActionUnion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderActions) DeepCopyInto(out *IngressControllerHTTPHeaderActions) { + *out = *in + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]IngressControllerHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]IngressControllerHTTPHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderActions. +func (in *IngressControllerHTTPHeaderActions) DeepCopy() *IngressControllerHTTPHeaderActions { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderActions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPHeaders) { *out = *in @@ -1876,6 +1978,7 @@ func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPH *out = make([]IngressControllerHTTPHeaderNameCaseAdjustment, len(*in)) copy(*out, *in) } + in.Actions.DeepCopyInto(&out.Actions) return } @@ -1959,6 +2062,22 @@ func (in *IngressControllerLogging) DeepCopy() *IngressControllerLogging { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerSetHTTPHeader) DeepCopyInto(out *IngressControllerSetHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerSetHTTPHeader. +func (in *IngressControllerSetHTTPHeader) DeepCopy() *IngressControllerSetHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerSetHTTPHeader) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerSpec) DeepCopyInto(out *IngressControllerSpec) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 28d9f27a5..f0becd861 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -686,6 +686,14 @@ func (EtcdList) SwaggerDoc() map[string]string { return map_EtcdList } +var map_EtcdSpec = map[string]string{ + "controlPlaneHardwareSpeed": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.", +} + +func (EtcdSpec) SwaggerDoc() map[string]string { + return map_EtcdSpec +} + var map_AWSClassicLoadBalancerParameters = map[string]string{ "": "AWSClassicLoadBalancerParameters holds configuration parameters for an AWS Classic load balancer.", "connectionIdleTimeout": "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", @@ -739,7 +747,8 @@ func (ClientTLS) SwaggerDoc() map[string]string { } var map_ContainerLoggingDestinationParameters = map[string]string{ - "": "ContainerLoggingDestinationParameters describes parameters for the Container logging destination type.", + "": "ContainerLoggingDestinationParameters describes parameters for the Container logging destination type.", + "maxLength": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 8192, inclusive.\n\nWhen omitted, the default value is 1024.", } func (ContainerLoggingDestinationParameters) SwaggerDoc() map[string]string { @@ -849,11 +858,42 @@ func (IngressControllerCaptureHTTPHeaders) SwaggerDoc() map[string]string { return map_IngressControllerCaptureHTTPHeaders } +var map_IngressControllerHTTPHeader = map[string]string{ + "": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "name": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "action": "action specifies actions to perform on headers, such as setting or deleting headers.", +} + +func (IngressControllerHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeader +} + +var map_IngressControllerHTTPHeaderActionUnion = map[string]string{ + "": "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "type": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "set": "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", +} + +func (IngressControllerHTTPHeaderActionUnion) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderActionUnion +} + +var map_IngressControllerHTTPHeaderActions = map[string]string{ + "": "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "response": "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", + "request": "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". ", +} + +func (IngressControllerHTTPHeaderActions) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderActions +} + var map_IngressControllerHTTPHeaders = map[string]string{ "": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", "forwardedHeaderPolicy": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", "uniqueId": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", "headerNameCaseAdjustments": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", + "actions": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", } func (IngressControllerHTTPHeaders) SwaggerDoc() map[string]string { @@ -888,6 +928,15 @@ func (IngressControllerLogging) SwaggerDoc() map[string]string { return map_IngressControllerLogging } +var map_IngressControllerSetHTTPHeader = map[string]string{ + "": "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", + "value": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. ", +} + +func (IngressControllerSetHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerSetHTTPHeader +} + var map_IngressControllerSpec = map[string]string{ "": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", "domain": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", @@ -1028,7 +1077,7 @@ var map_SyslogLoggingDestinationParameters = map[string]string{ "address": "address is the IP address of the syslog endpoint that receives log messages.", "port": "port is the UDP port number of the syslog endpoint that receives log messages.", "facility": "facility specifies the syslog facility of log messages.\n\nIf this field is empty, the facility is \"local1\".", - "maxLength": "maxLength is the maximum length of the syslog message\n\nIf this field is empty, the maxLength is set to \"1024\".", + "maxLength": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 4096, inclusive.\n\nWhen omitted, the default value is 1024.", } func (SyslogLoggingDestinationParameters) SwaggerDoc() map[string]string { @@ -1259,6 +1308,9 @@ func (FeaturesMigration) SwaggerDoc() map[string]string { var map_GatewayConfig = map[string]string{ "": "GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides", "routingViaHost": "RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.", + "ipForwarding": "IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to \"Global\". The supported values are \"Restricted\" and \"Global\".", + "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.", + "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.", } func (GatewayConfig) SwaggerDoc() map[string]string { @@ -1292,6 +1344,24 @@ func (IPFIXConfig) SwaggerDoc() map[string]string { return map_IPFIXConfig } +var map_IPv4GatewayConfig = map[string]string{ + "": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes", + "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.169.0/29 The value must be in proper IPV4 CIDR format", +} + +func (IPv4GatewayConfig) SwaggerDoc() map[string]string { + return map_IPv4GatewayConfig +} + +var map_IPv6GatewayConfig = map[string]string{ + "": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", + "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted", +} + +func (IPv6GatewayConfig) SwaggerDoc() map[string]string { + return map_IPv6GatewayConfig +} + var map_KuryrConfig = map[string]string{ "": "KuryrConfig configures the Kuryr-Kubernetes SDN", "daemonProbesPort": "The port kuryr-daemon will listen for readiness and liveness requests.", @@ -1425,7 +1495,7 @@ func (OpenShiftSDNConfig) SwaggerDoc() map[string]string { var map_PolicyAuditConfig = map[string]string{ "rateLimit": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.", "maxFileSize": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB", - "maxLogFiles": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present. Default: 5", + "maxLogFiles": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present.", "destination": "destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - \"libc\" -> to use the libc syslog() function of the host node's journdald process - \"udp:host:port\" -> for sending syslog over UDP - \"unix:file\" -> for using the UNIX domain socket directly - \"null\" -> to discard all messages logged to syslog The default is \"null\"", "syslogFacility": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", } diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..a36cd9504 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,114 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1482 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: etcdbackups.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: EtcdBackup + listKind: EtcdBackupList + plural: etcdbackups + singular: etcdbackup + scope: Cluster + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + "schema": + "openAPIV3Schema": + description: "# EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + pvcName: + description: PVCName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup file would be saved The PVC itself must always be created in the "openshift-etcd" namespace If the PVC is left unspecified "" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes. + type: string + x-kubernetes-validations: + - rule: self == oldSelf + message: pvcName is immutable once set + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + backupJob: + description: backupJob is the reference to the Job that executes the backup. Optional + type: object + required: + - name + - namespace + properties: + name: + description: name is the name of the Job. Required + type: string + namespace: + description: namespace is the namespace of the Job. this is always expected to be "openshift-etcd" since the user provided PVC is also required to be in "openshift-etcd" Required + type: string + pattern: ^openshift-etcd$ + conditions: + description: conditions provide details on the status of the etcd backup job. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml new file mode 100644 index 000000000..4068a064f --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml @@ -0,0 +1,140 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1504 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: olms.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: OLM + listKind: OLMList + plural: olms + singular: olm + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "OLM provides information to configure an operator to manage the OLM controllers \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + x-kubernetes-validations: + - rule: self.metadata.name == 'cluster' + message: olm is a singleton, .metadata.name must be 'cluster' + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 000000000..0e08b5113 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,140 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1504 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: olms.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: OLM + listKind: OLMList + plural: olms + singular: olm + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "OLM provides information to configure an operator to manage the OLM controllers \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + x-kubernetes-validations: + - rule: self.metadata.name == 'cluster' + message: olm is a singleton, .metadata.name must be 'cluster' + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml new file mode 100644 index 000000000..233e73d18 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Custom] OLM" +crd: 0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal OLM + initial: | + apiVersion: operator.openshift.io/v1alpha1 + kind: OLM + metadata: + name: cluster + spec: {} # No spec is required for an OLM + expected: | + apiVersion: operator.openshift.io/v1alpha1 + kind: OLM + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: Should reject an OLM with an invalid name + initial: | + apiVersion: operator.openshift.io/v1alpha1 + kind: OLM + metadata: + name: foo + spec: {} # No spec is required for an OLM + expectedError: "Invalid value: \"object\": olm is a singleton, .metadata.name must be 'cluster'" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/register.go b/vendor/github.com/openshift/api/operator/v1alpha1/register.go index 3c731f618..0921431c0 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/register.go @@ -35,6 +35,10 @@ func addKnownTypes(scheme *runtime.Scheme) error { &GenericOperatorConfig{}, &ImageContentSourcePolicy{}, &ImageContentSourcePolicyList{}, + &OLM{}, + &OLMList{}, + &EtcdBackup{}, + &EtcdBackupList{}, ) return nil diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml new file mode 100644 index 000000000..10d855189 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] EtcdBackup" +crd: 0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create an EtcdBackup with a valid spec + initial: | + apiVersion: operator.openshift.io/v1alpha1 + kind: EtcdBackup + spec: + pvcName: etcdbackup-pvc + expected: | + apiVersion: operator.openshift.io/v1alpha1 + kind: EtcdBackup + spec: + pvcName: etcdbackup-pvc + - name: Should be able to create an EtcdBackup without the pvcName specified + initial: | + apiVersion: operator.openshift.io/v1alpha1 + kind: EtcdBackup + spec: {} + expected: | + apiVersion: operator.openshift.io/v1alpha1 + kind: EtcdBackup + spec: {} + onUpdate: + - name: pvcName is immutable once set + initial: | + apiVersion: operator.openshift.io/v1alpha1 + kind: EtcdBackup + spec: + pvcName: etcdbackup-pvc + updated: | + apiVersion: operator.openshift.io/v1alpha1 + kind: EtcdBackup + spec: + pvcName: updated-etcdbackup-pvc + expectedError: "spec.pvcName: Invalid value: \"string\": pvcName is immutable once set" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml new file mode 100644 index 000000000..99c85fe01 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Tech Preview] OLM" +crd: 0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal OLM + initial: | + apiVersion: operator.openshift.io/v1alpha1 + kind: OLM + metadata: + name: cluster + spec: {} # No spec is required for an OLM + expected: | + apiVersion: operator.openshift.io/v1alpha1 + kind: OLM + metadata: + name: cluster + spec: + logLevel: Normal + operatorLogLevel: Normal + - name: Should reject an OLM with an invalid name + initial: | + apiVersion: operator.openshift.io/v1alpha1 + kind: OLM + metadata: + name: foo + spec: {} # No spec is required for an OLM + expectedError: "Invalid value: \"object\": olm is a singleton, .metadata.name must be 'cluster'" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types.go b/vendor/github.com/openshift/api/operator/v1alpha1/types.go index 69eb004c1..4d5a207e6 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types.go @@ -6,19 +6,24 @@ import ( configv1 "github.com/openshift/api/config/v1" ) +// DEPRECATED: Use v1.ManagementState instead type ManagementState string const ( // Managed means that the operator is actively managing its resources and trying to keep the component active + // DEPRECATED: Use v1.Managed instead Managed ManagementState = "Managed" // Unmanaged means that the operator is not taking any action related to the component + // DEPRECATED: Use v1.Unmanaged instead Unmanaged ManagementState = "Unmanaged" // Removed means that the operator is actively managing its resources and trying to remove all traces of the component + // DEPRECATED: Use v1.Removed instead Removed ManagementState = "Removed" ) // OperatorSpec contains common fields for an operator to need. It is intended to be anonymous included // inside of the Spec struct for you particular operator. +// DEPRECATED: Use v1.OperatorSpec instead type OperatorSpec struct { // managementState indicates whether and how the operator should manage the component ManagementState ManagementState `json:"managementState"` @@ -38,6 +43,7 @@ type OperatorSpec struct { } // LoggingConfig holds information about configuring logging +// DEPRECATED: Use v1.LogLevel instead type LoggingConfig struct { // level is passed to glog. Level int64 `json:"level"` @@ -46,24 +52,34 @@ type LoggingConfig struct { Vmodule string `json:"vmodule"` } +// DEPRECATED: Use v1.ConditionStatus instead type ConditionStatus string const ( - ConditionTrue ConditionStatus = "True" - ConditionFalse ConditionStatus = "False" + // DEPRECATED: Use v1.ConditionTrue instead + ConditionTrue ConditionStatus = "True" + // DEPRECATED: Use v1.ConditionFalse instead + ConditionFalse ConditionStatus = "False" + // DEPRECATED: Use v1.ConditionUnknown instead ConditionUnknown ConditionStatus = "Unknown" // these conditions match the conditions for the ClusterOperator type. - OperatorStatusTypeAvailable = "Available" + // DEPRECATED: Use v1.OperatorStatusTypeAvailable instead + OperatorStatusTypeAvailable = "Available" + // DEPRECATED: Use v1.OperatorStatusTypeProgressing instead OperatorStatusTypeProgressing = "Progressing" - OperatorStatusTypeFailing = "Failing" + // DEPRECATED: Use v1.OperatorStatusTypeDegraded instead + OperatorStatusTypeFailing = "Failing" + // DEPRECATED: Use v1.OperatorStatusTypeProgressing instead OperatorStatusTypeMigrating = "Migrating" // TODO this is going to be removed + // DEPRECATED: Use v1.OperatorStatusTypeAvailable instead OperatorStatusTypeSyncSuccessful = "SyncSuccessful" ) // OperatorCondition is just the standard condition fields. +// DEPRECATED: Use v1.OperatorCondition instead type OperatorCondition struct { Type string `json:"type"` Status ConditionStatus `json:"status"` @@ -73,6 +89,7 @@ type OperatorCondition struct { } // VersionAvailability gives information about the synchronization and operational status of a particular version of the component +// DEPRECATED: Use fields in v1.OperatorStatus instead type VersionAvailability struct { // version is the level this availability applies to Version string `json:"version"` @@ -87,6 +104,7 @@ type VersionAvailability struct { } // GenerationHistory keeps track of the generation for a given resource so that decisions about forced updated can be made. +// DEPRECATED: Use fields in v1.GenerationStatus instead type GenerationHistory struct { // group is the group of the thing you're tracking Group string `json:"group"` @@ -102,6 +120,7 @@ type GenerationHistory struct { // OperatorStatus contains common fields for an operator to need. It is intended to be anonymous included // inside of the Status struct for you particular operator. +// DEPRECATED: Use v1.OperatorStatus instead type OperatorStatus struct { // observedGeneration is the last generation change you've dealt with ObservedGeneration int64 `json:"observedGeneration,omitempty"` @@ -156,6 +175,7 @@ type DelegatedAuthorization struct { // StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual // node status must be tracked. +// DEPRECATED: Use v1.StaticPodOperatorStatus instead type StaticPodOperatorStatus struct { OperatorStatus `json:",inline"` @@ -167,6 +187,7 @@ type StaticPodOperatorStatus struct { } // NodeStatus provides information about the current state of a particular node managed by this operator. +// Deprecated: Use v1.NodeStatus instead type NodeStatus struct { // nodeName is the name of the node NodeName string `json:"nodeName"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go new file mode 100644 index 000000000..b1d73306c --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go @@ -0,0 +1,101 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +kubebuilder:resource:scope=Cluster +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +// # EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type EtcdBackup struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec EtcdBackupSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +kubebuilder:validation:Optional + // +optional + Status EtcdBackupStatus `json:"status"` +} + +type EtcdBackupSpec struct { + // PVCName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the + // etcd backup file would be saved + // The PVC itself must always be created in the "openshift-etcd" namespace + // If the PVC is left unspecified "" then the platform will choose a reasonable default location to save the backup. + // In the future this would be backups saved across the control-plane master nodes. + // +kubebuilder:validation:Optional + // +optional + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="pvcName is immutable once set" + PVCName string `json:"pvcName"` +} + +// +kubebuilder:validation:Optional +type EtcdBackupStatus struct { + // conditions provide details on the status of the etcd backup job. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + // +optional + Conditions []metav1.Condition `json:"conditions" patchStrategy:"merge" patchMergeKey:"type"` + + // backupJob is the reference to the Job that executes the backup. + // Optional + // +kubebuilder:validation:Optional + BackupJob *BackupJobReference `json:"backupJob"` +} + +// BackupJobReference holds a reference to the batch/v1 Job created to run the etcd backup +type BackupJobReference struct { + + // namespace is the namespace of the Job. + // this is always expected to be "openshift-etcd" since the user provided PVC + // is also required to be in "openshift-etcd" + // Required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern:=`^openshift-etcd$` + Namespace string `json:"namespace"` + + // name is the name of the Job. + // Required + // +kubebuilder:validation:Required + Name string `json:"name"` +} + +type BackupConditionReason string + +var ( + // BackupPending is added to the EtcdBackupStatus Conditions when the etcd backup is pending. + BackupPending BackupConditionReason = "BackupPending" + + // BackupCompleted is added to the EtcdBackupStatus Conditions when the etcd backup has completed. + BackupCompleted BackupConditionReason = "BackupCompleted" + + // BackupFailed is added to the EtcdBackupStatus Conditions when the etcd backup has failed. + BackupFailed BackupConditionReason = "BackupFailed" + + // BackupSkipped is added to the EtcdBackupStatus Conditions when the etcd backup has been skipped. + BackupSkipped BackupConditionReason = "BackupSkipped" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// EtcdBackupList is a collection of items +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type EtcdBackupList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + Items []EtcdBackup `json:"items"` +} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go new file mode 100644 index 000000000..8f20690ae --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go @@ -0,0 +1,56 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + operatorv1 "github.com/openshift/api/operator/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OLM provides information to configure an operator to manage the OLM controllers +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="olm is a singleton, .metadata.name must be 'cluster'" +type OLM struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + //spec holds user settable values for configuration + // +kubebuilder:validation:Required + Spec OLMSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status OLMStatus `json:"status"` +} + +type OLMSpec struct { + operatorv1.OperatorSpec `json:",inline"` +} + +type OLMStatus struct { + operatorv1.OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OLMList is a collection of items +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type OLMList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + // Items contains the items + Items []OLM `json:"items"` +} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go index 4013889c6..08ef2811a 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go @@ -6,9 +6,26 @@ package v1alpha1 import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BackupJobReference) DeepCopyInto(out *BackupJobReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupJobReference. +func (in *BackupJobReference) DeepCopy() *BackupJobReference { + if in == nil { + return nil + } + out := new(BackupJobReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DelegatedAuthentication) DeepCopyInto(out *DelegatedAuthentication) { *out = *in @@ -41,6 +58,111 @@ func (in *DelegatedAuthorization) DeepCopy() *DelegatedAuthorization { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdBackup) DeepCopyInto(out *EtcdBackup) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdBackup. +func (in *EtcdBackup) DeepCopy() *EtcdBackup { + if in == nil { + return nil + } + out := new(EtcdBackup) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EtcdBackup) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdBackupList) DeepCopyInto(out *EtcdBackupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]EtcdBackup, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdBackupList. +func (in *EtcdBackupList) DeepCopy() *EtcdBackupList { + if in == nil { + return nil + } + out := new(EtcdBackupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EtcdBackupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdBackupSpec) DeepCopyInto(out *EtcdBackupSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdBackupSpec. +func (in *EtcdBackupSpec) DeepCopy() *EtcdBackupSpec { + if in == nil { + return nil + } + out := new(EtcdBackupSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdBackupStatus) DeepCopyInto(out *EtcdBackupStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.BackupJob != nil { + in, out := &in.BackupJob, &out.BackupJob + *out = new(BackupJobReference) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdBackupStatus. +func (in *EtcdBackupStatus) DeepCopy() *EtcdBackupStatus { + if in == nil { + return nil + } + out := new(EtcdBackupStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenerationHistory) DeepCopyInto(out *GenerationHistory) { *out = *in @@ -206,6 +328,101 @@ func (in *NodeStatus) DeepCopy() *NodeStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OLM) DeepCopyInto(out *OLM) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OLM. +func (in *OLM) DeepCopy() *OLM { + if in == nil { + return nil + } + out := new(OLM) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OLM) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OLMList) DeepCopyInto(out *OLMList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OLM, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OLMList. +func (in *OLMList) DeepCopy() *OLMList { + if in == nil { + return nil + } + out := new(OLMList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OLMList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OLMSpec) DeepCopyInto(out *OLMSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OLMSpec. +func (in *OLMSpec) DeepCopy() *OLMSpec { + if in == nil { + return nil + } + out := new(OLMSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OLMStatus) DeepCopyInto(out *OLMStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OLMStatus. +func (in *OLMStatus) DeepCopy() *OLMStatus { + if in == nil { + return nil + } + out := new(OLMStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OperatorCondition) DeepCopyInto(out *OperatorCondition) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go index 87d2f65c3..c8cce688f 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go @@ -30,7 +30,7 @@ func (DelegatedAuthorization) SwaggerDoc() map[string]string { } var map_GenerationHistory = map[string]string{ - "": "GenerationHistory keeps track of the generation for a given resource so that decisions about forced updated can be made.", + "": "GenerationHistory keeps track of the generation for a given resource so that decisions about forced updated can be made. DEPRECATED: Use fields in v1.GenerationStatus instead", "group": "group is the group of the thing you're tracking", "resource": "resource is the resource type of the thing you're tracking", "namespace": "namespace is where the thing you're tracking is", @@ -55,7 +55,7 @@ func (GenericOperatorConfig) SwaggerDoc() map[string]string { } var map_LoggingConfig = map[string]string{ - "": "LoggingConfig holds information about configuring logging", + "": "LoggingConfig holds information about configuring logging DEPRECATED: Use v1.LogLevel instead", "level": "level is passed to glog.", "vmodule": "vmodule is passed to glog.", } @@ -65,7 +65,7 @@ func (LoggingConfig) SwaggerDoc() map[string]string { } var map_NodeStatus = map[string]string{ - "": "NodeStatus provides information about the current state of a particular node managed by this operator.", + "": "NodeStatus provides information about the current state of a particular node managed by this operator. Deprecated: Use v1.NodeStatus instead", "nodeName": "nodeName is the name of the node", "currentDeploymentGeneration": "currentDeploymentGeneration is the generation of the most recently successful deployment", "targetDeploymentGeneration": "targetDeploymentGeneration is the generation of the deployment we're trying to apply", @@ -78,7 +78,7 @@ func (NodeStatus) SwaggerDoc() map[string]string { } var map_OperatorCondition = map[string]string{ - "": "OperatorCondition is just the standard condition fields.", + "": "OperatorCondition is just the standard condition fields. DEPRECATED: Use v1.OperatorCondition instead", } func (OperatorCondition) SwaggerDoc() map[string]string { @@ -86,7 +86,7 @@ func (OperatorCondition) SwaggerDoc() map[string]string { } var map_OperatorSpec = map[string]string{ - "": "OperatorSpec contains common fields for an operator to need. It is intended to be anonymous included inside of the Spec struct for you particular operator.", + "": "OperatorSpec contains common fields for an operator to need. It is intended to be anonymous included inside of the Spec struct for you particular operator. DEPRECATED: Use v1.OperatorSpec instead", "managementState": "managementState indicates whether and how the operator should manage the component", "imagePullSpec": "imagePullSpec is the image to use for the component.", "imagePullPolicy": "imagePullPolicy specifies the image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", @@ -99,7 +99,7 @@ func (OperatorSpec) SwaggerDoc() map[string]string { } var map_OperatorStatus = map[string]string{ - "": "OperatorStatus contains common fields for an operator to need. It is intended to be anonymous included inside of the Status struct for you particular operator.", + "": "OperatorStatus contains common fields for an operator to need. It is intended to be anonymous included inside of the Status struct for you particular operator. DEPRECATED: Use v1.OperatorStatus instead", "observedGeneration": "observedGeneration is the last generation change you've dealt with", "conditions": "conditions is a list of conditions and their status", "state": "state indicates what the operator has observed to be its current operational status.", @@ -113,7 +113,7 @@ func (OperatorStatus) SwaggerDoc() map[string]string { } var map_StaticPodOperatorStatus = map[string]string{ - "": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked.", + "": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked. DEPRECATED: Use v1.StaticPodOperatorStatus instead", "latestAvailableDeploymentGeneration": "latestAvailableDeploymentGeneration is the deploymentID of the most recent deployment", "nodeStatuses": "nodeStatuses track the deployment values and errors across individual nodes", } @@ -123,7 +123,7 @@ func (StaticPodOperatorStatus) SwaggerDoc() map[string]string { } var map_VersionAvailability = map[string]string{ - "": "VersionAvailability gives information about the synchronization and operational status of a particular version of the component", + "": "VersionAvailability gives information about the synchronization and operational status of a particular version of the component DEPRECATED: Use fields in v1.OperatorStatus instead", "version": "version is the level this availability applies to", "updatedReplicas": "updatedReplicas indicates how many replicas are at the desired state", "readyReplicas": "readyReplicas indicates how many replicas are ready and at the desired state", @@ -135,6 +135,51 @@ func (VersionAvailability) SwaggerDoc() map[string]string { return map_VersionAvailability } +var map_BackupJobReference = map[string]string{ + "": "BackupJobReference holds a reference to the batch/v1 Job created to run the etcd backup", + "namespace": "namespace is the namespace of the Job. this is always expected to be \"openshift-etcd\" since the user provided PVC is also required to be in \"openshift-etcd\" Required", + "name": "name is the name of the Job. Required", +} + +func (BackupJobReference) SwaggerDoc() map[string]string { + return map_BackupJobReference +} + +var map_EtcdBackup = map[string]string{ + "": "\n\n# EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (EtcdBackup) SwaggerDoc() map[string]string { + return map_EtcdBackup +} + +var map_EtcdBackupList = map[string]string{ + "": "EtcdBackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", +} + +func (EtcdBackupList) SwaggerDoc() map[string]string { + return map_EtcdBackupList +} + +var map_EtcdBackupSpec = map[string]string{ + "pvcName": "PVCName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup file would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", +} + +func (EtcdBackupSpec) SwaggerDoc() map[string]string { + return map_EtcdBackupSpec +} + +var map_EtcdBackupStatus = map[string]string{ + "conditions": "conditions provide details on the status of the etcd backup job.", + "backupJob": "backupJob is the reference to the Job that executes the backup. Optional", +} + +func (EtcdBackupStatus) SwaggerDoc() map[string]string { + return map_EtcdBackupStatus +} + var map_ImageContentSourcePolicy = map[string]string{ "": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -173,4 +218,25 @@ func (RepositoryDigestMirrors) SwaggerDoc() map[string]string { return map_RepositoryDigestMirrors } +var map_OLM = map[string]string{ + "": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (OLM) SwaggerDoc() map[string]string { + return map_OLM +} + +var map_OLMList = map[string]string{ + "": "OLMList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "Items contains the items", +} + +func (OLMList) SwaggerDoc() map[string]string { + return map_OLMList +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/security/v1/consts.go b/vendor/github.com/openshift/api/security/v1/consts.go index 28f8e5ae6..3b686c31d 100644 --- a/vendor/github.com/openshift/api/security/v1/consts.go +++ b/vendor/github.com/openshift/api/security/v1/consts.go @@ -7,4 +7,7 @@ const ( SupplementalGroupsAnnotation = "openshift.io/sa.scc.supplemental-groups" MCSAnnotation = "openshift.io/sa.scc.mcs" ValidatedSCCAnnotation = "openshift.io/scc" + // This annotation pins required SCCs for core OpenShift workloads to prevent preemption of custom SCCs. + // It is being used in the SCC admission plugin. + RequiredSCCAnnotation = "openshift.io/required-scc" ) diff --git a/vendor/github.com/openshift/build-machinery-go/Dockerfile.commitchecker b/vendor/github.com/openshift/build-machinery-go/Dockerfile.commitchecker new file mode 100644 index 000000000..334e492e8 --- /dev/null +++ b/vendor/github.com/openshift/build-machinery-go/Dockerfile.commitchecker @@ -0,0 +1,14 @@ +# This Dockerfile must be on the top-level of this repo, because it needs to copy +# both commitchecker/ and make/ into the build container. + +FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.20-openshift-4.14 AS builder +WORKDIR /go/src/github.com/openshift/build-machinery-go +COPY . . +RUN make -C commitchecker + +FROM registry.ci.openshift.org/ocp/4.14:base +COPY --from=builder /go/src/github.com/openshift/build-machinery-go/commitchecker/commitchecker /usr/bin/ +RUN yum update -y && \ + yum install --setopt=tsflags=nodocs -y git && \ + yum clean all && rm -rf /var/cache/yum/* +ENTRYPOINT ["/usr/bin/commitchecker"] diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go new file mode 100644 index 000000000..4f7ce43d1 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// AWSDNSSpecApplyConfiguration represents an declarative configuration of the AWSDNSSpec type for use +// with apply. +type AWSDNSSpecApplyConfiguration struct { + PrivateZoneIAMRole *string `json:"privateZoneIAMRole,omitempty"` +} + +// AWSDNSSpecApplyConfiguration constructs an declarative configuration of the AWSDNSSpec type for use with +// apply. +func AWSDNSSpec() *AWSDNSSpecApplyConfiguration { + return &AWSDNSSpecApplyConfiguration{} +} + +// WithPrivateZoneIAMRole sets the PrivateZoneIAMRole field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrivateZoneIAMRole field is set to the value of the last call. +func (b *AWSDNSSpecApplyConfiguration) WithPrivateZoneIAMRole(value string) *AWSDNSSpecApplyConfiguration { + b.PrivateZoneIAMRole = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go new file mode 100644 index 000000000..2d7a55a78 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go @@ -0,0 +1,27 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/openshift/api/config/v1" +) + +// CloudControllerManagerStatusApplyConfiguration represents an declarative configuration of the CloudControllerManagerStatus type for use +// with apply. +type CloudControllerManagerStatusApplyConfiguration struct { + State *v1.CloudControllerManagerState `json:"state,omitempty"` +} + +// CloudControllerManagerStatusApplyConfiguration constructs an declarative configuration of the CloudControllerManagerStatus type for use with +// apply. +func CloudControllerManagerStatus() *CloudControllerManagerStatusApplyConfiguration { + return &CloudControllerManagerStatusApplyConfiguration{} +} + +// WithState sets the State field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the State field is set to the value of the last call. +func (b *CloudControllerManagerStatusApplyConfiguration) WithState(value v1.CloudControllerManagerState) *CloudControllerManagerStatusApplyConfiguration { + b.State = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go new file mode 100644 index 000000000..8f43c8c5f --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsplatformspec.go @@ -0,0 +1,36 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/openshift/api/config/v1" +) + +// DNSPlatformSpecApplyConfiguration represents an declarative configuration of the DNSPlatformSpec type for use +// with apply. +type DNSPlatformSpecApplyConfiguration struct { + Type *v1.PlatformType `json:"type,omitempty"` + AWS *AWSDNSSpecApplyConfiguration `json:"aws,omitempty"` +} + +// DNSPlatformSpecApplyConfiguration constructs an declarative configuration of the DNSPlatformSpec type for use with +// apply. +func DNSPlatformSpec() *DNSPlatformSpecApplyConfiguration { + return &DNSPlatformSpecApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *DNSPlatformSpecApplyConfiguration) WithType(value v1.PlatformType) *DNSPlatformSpecApplyConfiguration { + b.Type = &value + return b +} + +// WithAWS sets the AWS field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AWS field is set to the value of the last call. +func (b *DNSPlatformSpecApplyConfiguration) WithAWS(value *AWSDNSSpecApplyConfiguration) *DNSPlatformSpecApplyConfiguration { + b.AWS = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go index cfa268744..b534ef943 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/dnsspec.go @@ -5,9 +5,10 @@ package v1 // DNSSpecApplyConfiguration represents an declarative configuration of the DNSSpec type for use // with apply. type DNSSpecApplyConfiguration struct { - BaseDomain *string `json:"baseDomain,omitempty"` - PublicZone *DNSZoneApplyConfiguration `json:"publicZone,omitempty"` - PrivateZone *DNSZoneApplyConfiguration `json:"privateZone,omitempty"` + BaseDomain *string `json:"baseDomain,omitempty"` + PublicZone *DNSZoneApplyConfiguration `json:"publicZone,omitempty"` + PrivateZone *DNSZoneApplyConfiguration `json:"privateZone,omitempty"` + Platform *DNSPlatformSpecApplyConfiguration `json:"platform,omitempty"` } // DNSSpecApplyConfiguration constructs an declarative configuration of the DNSSpec type for use with @@ -39,3 +40,11 @@ func (b *DNSSpecApplyConfiguration) WithPrivateZone(value *DNSZoneApplyConfigura b.PrivateZone = value return b } + +// WithPlatform sets the Platform field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Platform field is set to the value of the last call. +func (b *DNSSpecApplyConfiguration) WithPlatform(value *DNSPlatformSpecApplyConfiguration) *DNSSpecApplyConfiguration { + b.Platform = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go new file mode 100644 index 000000000..12e246227 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalplatformstatus.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ExternalPlatformStatusApplyConfiguration represents an declarative configuration of the ExternalPlatformStatus type for use +// with apply. +type ExternalPlatformStatusApplyConfiguration struct { + CloudControllerManager *CloudControllerManagerStatusApplyConfiguration `json:"cloudControllerManager,omitempty"` +} + +// ExternalPlatformStatusApplyConfiguration constructs an declarative configuration of the ExternalPlatformStatus type for use with +// apply. +func ExternalPlatformStatus() *ExternalPlatformStatusApplyConfiguration { + return &ExternalPlatformStatusApplyConfiguration{} +} + +// WithCloudControllerManager sets the CloudControllerManager field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CloudControllerManager field is set to the value of the last call. +func (b *ExternalPlatformStatusApplyConfiguration) WithCloudControllerManager(value *CloudControllerManagerStatusApplyConfiguration) *ExternalPlatformStatusApplyConfiguration { + b.CloudControllerManager = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go index fdc2af9f3..c37c88b8d 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go @@ -5,8 +5,10 @@ package v1 // GCPPlatformStatusApplyConfiguration represents an declarative configuration of the GCPPlatformStatus type for use // with apply. type GCPPlatformStatusApplyConfiguration struct { - ProjectID *string `json:"projectID,omitempty"` - Region *string `json:"region,omitempty"` + ProjectID *string `json:"projectID,omitempty"` + Region *string `json:"region,omitempty"` + ResourceLabels []GCPResourceLabelApplyConfiguration `json:"resourceLabels,omitempty"` + ResourceTags []GCPResourceTagApplyConfiguration `json:"resourceTags,omitempty"` } // GCPPlatformStatusApplyConfiguration constructs an declarative configuration of the GCPPlatformStatus type for use with @@ -30,3 +32,29 @@ func (b *GCPPlatformStatusApplyConfiguration) WithRegion(value string) *GCPPlatf b.Region = &value return b } + +// WithResourceLabels adds the given value to the ResourceLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ResourceLabels field. +func (b *GCPPlatformStatusApplyConfiguration) WithResourceLabels(values ...*GCPResourceLabelApplyConfiguration) *GCPPlatformStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResourceLabels") + } + b.ResourceLabels = append(b.ResourceLabels, *values[i]) + } + return b +} + +// WithResourceTags adds the given value to the ResourceTags field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ResourceTags field. +func (b *GCPPlatformStatusApplyConfiguration) WithResourceTags(values ...*GCPResourceTagApplyConfiguration) *GCPPlatformStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResourceTags") + } + b.ResourceTags = append(b.ResourceTags, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go new file mode 100644 index 000000000..685b14fe1 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcelabel.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// GCPResourceLabelApplyConfiguration represents an declarative configuration of the GCPResourceLabel type for use +// with apply. +type GCPResourceLabelApplyConfiguration struct { + Key *string `json:"key,omitempty"` + Value *string `json:"value,omitempty"` +} + +// GCPResourceLabelApplyConfiguration constructs an declarative configuration of the GCPResourceLabel type for use with +// apply. +func GCPResourceLabel() *GCPResourceLabelApplyConfiguration { + return &GCPResourceLabelApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *GCPResourceLabelApplyConfiguration) WithKey(value string) *GCPResourceLabelApplyConfiguration { + b.Key = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *GCPResourceLabelApplyConfiguration) WithValue(value string) *GCPResourceLabelApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go new file mode 100644 index 000000000..9611b2853 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpresourcetag.go @@ -0,0 +1,41 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// GCPResourceTagApplyConfiguration represents an declarative configuration of the GCPResourceTag type for use +// with apply. +type GCPResourceTagApplyConfiguration struct { + ParentID *string `json:"parentID,omitempty"` + Key *string `json:"key,omitempty"` + Value *string `json:"value,omitempty"` +} + +// GCPResourceTagApplyConfiguration constructs an declarative configuration of the GCPResourceTag type for use with +// apply. +func GCPResourceTag() *GCPResourceTagApplyConfiguration { + return &GCPResourceTagApplyConfiguration{} +} + +// WithParentID sets the ParentID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ParentID field is set to the value of the last call. +func (b *GCPResourceTagApplyConfiguration) WithParentID(value string) *GCPResourceTagApplyConfiguration { + b.ParentID = &value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *GCPResourceTagApplyConfiguration) WithKey(value string) *GCPResourceTagApplyConfiguration { + b.Key = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *GCPResourceTagApplyConfiguration) WithValue(value string) *GCPResourceTagApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go index 92c264062..b6afa04a6 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/platformstatus.go @@ -23,7 +23,7 @@ type PlatformStatusApplyConfiguration struct { PowerVS *PowerVSPlatformStatusApplyConfiguration `json:"powervs,omitempty"` AlibabaCloud *AlibabaCloudPlatformStatusApplyConfiguration `json:"alibabaCloud,omitempty"` Nutanix *NutanixPlatformStatusApplyConfiguration `json:"nutanix,omitempty"` - External *v1.ExternalPlatformStatus `json:"external,omitempty"` + External *ExternalPlatformStatusApplyConfiguration `json:"external,omitempty"` } // PlatformStatusApplyConfiguration constructs an declarative configuration of the PlatformStatus type for use with @@ -147,7 +147,7 @@ func (b *PlatformStatusApplyConfiguration) WithNutanix(value *NutanixPlatformSta // WithExternal sets the External field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the External field is set to the value of the last call. -func (b *PlatformStatusApplyConfiguration) WithExternal(value v1.ExternalPlatformStatus) *PlatformStatusApplyConfiguration { - b.External = &value +func (b *PlatformStatusApplyConfiguration) WithExternal(value *ExternalPlatformStatusApplyConfiguration) *PlatformStatusApplyConfiguration { + b.External = value return b } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go index 6aa765f55..40ff54fbf 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go @@ -112,6 +112,13 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.config.v1.AWSDNSSpec + map: + fields: + - name: privateZoneIAMRole + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.AWSIngressSpec map: fields: @@ -481,6 +488,13 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.BuildOverrides default: {} +- name: com.github.openshift.api.config.v1.CloudControllerManagerStatus + map: + fields: + - name: state + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.ClusterCondition map: fields: @@ -932,6 +946,21 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.DNSStatus default: {} +- name: com.github.openshift.api.config.v1.DNSPlatformSpec + map: + fields: + - name: aws + type: + namedType: com.github.openshift.api.config.v1.AWSDNSSpec + - name: type + type: + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: aws + discriminatorValue: AWS - name: com.github.openshift.api.config.v1.DNSSpec map: fields: @@ -939,6 +968,10 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: platform + type: + namedType: com.github.openshift.api.config.v1.DNSPlatformSpec + default: {} - name: privateZone type: namedType: com.github.openshift.api.config.v1.DNSZone @@ -1032,16 +1065,11 @@ var schemaYAML = typed.YAMLObject(`types: default: Unknown - name: com.github.openshift.api.config.v1.ExternalPlatformStatus map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable + fields: + - name: cloudControllerManager + type: + namedType: com.github.openshift.api.config.v1.CloudControllerManagerStatus + default: {} - name: com.github.openshift.api.config.v1.FeatureGate map: fields: @@ -1145,6 +1173,48 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: resourceLabels + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.GCPResourceLabel + elementRelationship: associative + keys: + - key + - name: resourceTags + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.GCPResourceTag + elementRelationship: associative + keys: + - key +- name: com.github.openshift.api.config.v1.GCPResourceLabel + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: value + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.GCPResourceTag + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: parentID + type: + scalar: string + default: "" + - name: value + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.GitHubIdentityProvider map: fields: @@ -3035,6 +3105,65 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} +- name: com.github.openshift.api.config.v1alpha1.Backup + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1alpha1.BackupSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1alpha1.BackupStatus + default: {} +- name: com.github.openshift.api.config.v1alpha1.BackupSpec + map: + fields: + - name: etcd + type: + namedType: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec + default: {} +- name: com.github.openshift.api.config.v1alpha1.BackupStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec + map: + fields: + - name: pvcName + type: + scalar: string + default: "" + - name: retentionPolicy + type: + namedType: com.github.openshift.api.config.v1alpha1.RetentionPolicy + default: {} + - name: schedule + type: + scalar: string + default: "" + - name: timeZone + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1alpha1.GatherConfig map: fields: @@ -3087,6 +3216,38 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig + map: + fields: + - name: maxNumberOfBackups + type: + scalar: numeric +- name: com.github.openshift.api.config.v1alpha1.RetentionPolicy + map: + fields: + - name: retentionNumber + type: + namedType: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig + - name: retentionSize + type: + namedType: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig + - name: retentionType + type: + scalar: string + default: "" + unions: + - discriminator: retentionType + fields: + - fieldName: retentionNumber + discriminatorValue: RetentionNumber + - fieldName: retentionSize + discriminatorValue: RetentionSize +- name: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig + map: + fields: + - name: maxSizeOfBackupsGb + type: + scalar: numeric - name: io.k8s.api.core.v1.ConfigMapKeySelector map: fields: diff --git a/vendor/github.com/openshift/library-go/pkg/config/serving/server.go b/vendor/github.com/openshift/library-go/pkg/config/serving/server.go index 3b11518db..15ebf898e 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/serving/server.go +++ b/vendor/github.com/openshift/library-go/pkg/config/serving/server.go @@ -20,7 +20,7 @@ import ( ) func ToServerConfig(ctx context.Context, servingInfo configv1.HTTPServingInfo, authenticationConfig operatorv1alpha1.DelegatedAuthentication, authorizationConfig operatorv1alpha1.DelegatedAuthorization, - kubeConfigFile string, kubeClient *kubernetes.Clientset, le *configv1.LeaderElection) (*genericapiserver.Config, error) { + kubeConfigFile string, kubeClient *kubernetes.Clientset, le *configv1.LeaderElection, enableHTTP2 bool) (*genericapiserver.Config, error) { scheme := runtime.NewScheme() metav1.AddToGroupVersion(scheme, metav1.SchemeGroupVersion) config := genericapiserver.NewConfig(serializer.NewCodecFactory(scheme)) @@ -82,6 +82,8 @@ func ToServerConfig(ctx context.Context, servingInfo configv1.HTTPServingInfo, a } } + config.SecureServing.DisableHTTP2 = !enableHTTP2 + return config, nil } diff --git a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go index 906fe2824..918ef7c64 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go @@ -94,6 +94,9 @@ type ControllerBuilder struct { // Keep track if we defaulted leader election, used to make sure we don't stomp on the users intent for leader election // We use this flag to determine at runtime if we can alter leader election for SNO configurations userExplicitlySetLeaderElectionValues bool + + // Allow enabling HTTP2 + enableHTTP2 bool } // NewController returns a builder struct for constructing the command you want to run @@ -172,6 +175,12 @@ func (b *ControllerBuilder) WithServer(servingInfo configv1.HTTPServingInfo, aut return b } +// WithHTTP2 indicates that http2 should be enabled +func (b *ControllerBuilder) WithHTTP2() *ControllerBuilder { + b.enableHTTP2 = true + return b +} + // WithHealthChecks adds a list of healthchecks to the server func (b *ControllerBuilder) WithHealthChecks(healthChecks ...healthz.HealthChecker) *ControllerBuilder { b.healthChecks = append(b.healthChecks, healthChecks...) @@ -269,7 +278,7 @@ func (b *ControllerBuilder) Run(ctx context.Context, config *unstructured.Unstru var server *genericapiserver.GenericAPIServer if b.servingInfo != nil { - serverConfig, err := serving.ToServerConfig(ctx, *b.servingInfo, *b.authenticationConfig, *b.authorizationConfig, kubeConfig, kubeClient, b.leaderElection) + serverConfig, err := serving.ToServerConfig(ctx, *b.servingInfo, *b.authenticationConfig, *b.authorizationConfig, kubeConfig, kubeClient, b.leaderElection, b.enableHTTP2) if err != nil { return err } diff --git a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go index 68e74792b..1ca734a7a 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go @@ -45,6 +45,9 @@ type ControllerCommandConfig struct { // DisableServing disables serving metrics, debug and health checks and so on. DisableServing bool + // Allow enabling HTTP2 + EnableHTTP2 bool + // DisableLeaderElection allows leader election to be suspended DisableLeaderElection bool @@ -314,6 +317,9 @@ func (c *ControllerCommandConfig) StartController(ctx context.Context) error { if !c.DisableServing { builder = builder.WithServer(config.ServingInfo, config.Authentication, config.Authorization) + if c.EnableHTTP2 { + builder = builder.WithHTTP2() + } } return builder.Run(controllerCtx, unstructuredConfig) diff --git a/vendor/github.com/openshift/library-go/pkg/controller/factory/base_controller.go b/vendor/github.com/openshift/library-go/pkg/controller/factory/base_controller.go index a72f8aa73..722d95d5e 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/factory/base_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/factory/base_controller.go @@ -131,9 +131,14 @@ func (c *baseController) Run(ctx context.Context, workers int) { // runPeriodicalResync is independent from queue if c.resyncEvery > 0 { workerWg.Add(1) + if c.resyncEvery < 60*time.Second { + // Warn about too fast resyncs as they might drain the operators QPS. + // This event is cheap as it is only emitted on operator startup. + c.syncContext.Recorder().Warningf("FastControllerResync", "Controller %q resync interval is set to %s which might lead to client request throttling", c.name, c.resyncEvery) + } go func() { defer workerWg.Done() - c.runPeriodicalResync(ctx, c.resyncEvery) + wait.UntilWithContext(ctx, func(ctx context.Context) { c.syncContext.Queue().Add(DefaultQueueKey) }, c.resyncEvery) }() } @@ -171,15 +176,6 @@ func (c *baseController) Sync(ctx context.Context, syncCtx SyncContext) error { return c.sync(ctx, syncCtx) } -func (c *baseController) runPeriodicalResync(ctx context.Context, interval time.Duration) { - if interval == 0 { - return - } - go wait.UntilWithContext(ctx, func(ctx context.Context) { - c.syncContext.Queue().Add(DefaultQueueKey) - }, interval) -} - // runWorker runs a single worker // The worker is asked to terminate when the passed context is cancelled and is given terminationGraceDuration time // to complete its shutdown. diff --git a/vendor/github.com/openshift/library-go/pkg/controller/factory/factory.go b/vendor/github.com/openshift/library-go/pkg/controller/factory/factory.go index 728f78f71..8f910f672 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/factory/factory.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/factory/factory.go @@ -279,12 +279,6 @@ func (f *Factory) ToController(name string, eventRecorder events.Recorder) Contr cacheSyncTimeout: defaultCacheSyncTimeout, } - // Warn about too fast resyncs as they might drain the operators QPS. - // This event is cheap as it is only emitted on operator startup. - if c.resyncEvery.Seconds() < 60 { - ctx.Recorder().Warningf("FastControllerResync", "Controller %q resync interval is set to %s which might lead to client request throttling", name, c.resyncEvery) - } - for i := range f.informerQueueKeys { for d := range f.informerQueueKeys[i].informers { informer := f.informerQueueKeys[i].informers[d] diff --git a/vendor/github.com/openshift/library-go/pkg/image/internal/digest/doc.go b/vendor/github.com/openshift/library-go/pkg/image/internal/digest/doc.go index 6e6e4347e..88f1774bb 100644 --- a/vendor/github.com/openshift/library-go/pkg/image/internal/digest/doc.go +++ b/vendor/github.com/openshift/library-go/pkg/image/internal/digest/doc.go @@ -1,4 +1,4 @@ -// digest is a copy from "github.com/docker/distribution/digest" that is kept because we want to avoid the godep, +// digest is a copy from "github.com/distribution/distribution/v3/digest" that is kept because we want to avoid the godep, // this package has no non-standard dependencies, and if it changes lots of other docker registry stuff breaks. // Don't try this at home! // Changes here require sign-off from openshift/api-reviewers and they will be rejected. diff --git a/vendor/github.com/openshift/library-go/pkg/image/internal/reference/doc.go b/vendor/github.com/openshift/library-go/pkg/image/internal/reference/doc.go index 22188ea98..7d06e325a 100644 --- a/vendor/github.com/openshift/library-go/pkg/image/internal/reference/doc.go +++ b/vendor/github.com/openshift/library-go/pkg/image/internal/reference/doc.go @@ -1,4 +1,4 @@ -// reference is a copy from "github.com/docker/distribution/reference" that is kept because we want to avoid the godep, +// reference is a copy from "github.com/distribution/distribution/v3/reference" that is kept because we want to avoid the godep, // this package has no non-standard dependencies, and if it changes lots of other docker registry stuff breaks. // Don't try this at home! // Changes here require sign-off from openshift/api-reviewers and they will be rejected. diff --git a/vendor/github.com/spf13/cobra/command.go b/vendor/github.com/spf13/cobra/command.go index 9d5e9cf5e..6ff47dd5c 100644 --- a/vendor/github.com/spf13/cobra/command.go +++ b/vendor/github.com/spf13/cobra/command.go @@ -998,6 +998,10 @@ func (c *Command) ExecuteC() (cmd *Command, err error) { // initialize completion at the last point to allow for user overriding c.InitDefaultCompletionCmd() + // Now that all commands have been created, let's make sure all groups + // are properly created also + c.checkCommandGroups() + args := c.args // Workaround FAIL with "go test -v" or "cobra.test -test.v", see #155 @@ -1092,6 +1096,19 @@ func (c *Command) ValidateRequiredFlags() error { return nil } +// checkCommandGroups checks if a command has been added to a group that does not exists. +// If so, we panic because it indicates a coding error that should be corrected. +func (c *Command) checkCommandGroups() { + for _, sub := range c.commands { + // if Group is not defined let the developer know right away + if sub.GroupID != "" && !c.ContainsGroup(sub.GroupID) { + panic(fmt.Sprintf("group id '%s' is not defined for subcommand '%s'", sub.GroupID, sub.CommandPath())) + } + + sub.checkCommandGroups() + } +} + // InitDefaultHelpFlag adds default help flag to c. // It is called automatically by executing the c or by calling help and usage. // If c already has help flag, it will do nothing. @@ -1218,10 +1235,6 @@ func (c *Command) AddCommand(cmds ...*Command) { panic("Command can't be a child of itself") } cmds[i].parent = c - // if Group is not defined let the developer know right away - if x.GroupID != "" && !c.ContainsGroup(x.GroupID) { - panic(fmt.Sprintf("Group id '%s' is not defined for subcommand '%s'", x.GroupID, cmds[i].CommandPath())) - } // update max lengths usageLen := len(x.Use) if usageLen > c.commandsMaxUseLen { diff --git a/vendor/github.com/spf13/cobra/user_guide.md b/vendor/github.com/spf13/cobra/user_guide.md index 977306aa8..e55367e85 100644 --- a/vendor/github.com/spf13/cobra/user_guide.md +++ b/vendor/github.com/spf13/cobra/user_guide.md @@ -492,10 +492,11 @@ around it. In fact, you can provide your own if you want. ### Grouping commands in help -Cobra supports grouping of available commands. Groups must be explicitly defined by `AddGroup` and set by -the `GroupId` element of a subcommand. The groups will appear in the same order as they are defined. -If you use the generated `help` or `completion` commands, you can set the group ids by `SetHelpCommandGroupId` -and `SetCompletionCommandGroupId`, respectively. +Cobra supports grouping of available commands in the help output. To group commands, each group must be explicitly +defined using `AddGroup()` on the parent command. Then a subcommand can be added to a group using the `GroupID` element +of that subcommand. The groups will appear in the help output in the same order as they are defined using different +calls to `AddGroup()`. If you use the generated `help` or `completion` commands, you can set their group ids using +`SetHelpCommandGroupId()` and `SetCompletionCommandGroupId()` on the root command, respectively. ### Defining your own help diff --git a/vendor/k8s.io/client-go/pkg/version/.gitattributes b/vendor/k8s.io/client-go/pkg/version/.gitattributes deleted file mode 100644 index 7e349eff6..000000000 --- a/vendor/k8s.io/client-go/pkg/version/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -base.go export-subst diff --git a/vendor/k8s.io/component-base/version/.gitattributes b/vendor/k8s.io/component-base/version/.gitattributes deleted file mode 100644 index 7e349eff6..000000000 --- a/vendor/k8s.io/component-base/version/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -base.go export-subst diff --git a/vendor/k8s.io/klog/v2/format.go b/vendor/k8s.io/klog/v2/format.go new file mode 100644 index 000000000..63995ca6d --- /dev/null +++ b/vendor/k8s.io/klog/v2/format.go @@ -0,0 +1,65 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package klog + +import ( + "encoding/json" + "fmt" + "strings" + + "github.com/go-logr/logr" +) + +// Format wraps a value of an arbitrary type and implement fmt.Stringer and +// logr.Marshaler for them. Stringer returns pretty-printed JSON. MarshalLog +// returns the original value with a type that has no special methods, in +// particular no MarshalLog or MarshalJSON. +// +// Wrapping values like that is useful when the value has a broken +// implementation of these special functions (for example, a type which +// inherits String from TypeMeta, but then doesn't re-implement String) or the +// implementation produces output that is less readable or unstructured (for +// example, the generated String functions for Kubernetes API types). +func Format(obj interface{}) interface{} { + return formatAny{Object: obj} +} + +type formatAny struct { + Object interface{} +} + +func (f formatAny) String() string { + var buffer strings.Builder + encoder := json.NewEncoder(&buffer) + encoder.SetIndent("", " ") + if err := encoder.Encode(&f.Object); err != nil { + return fmt.Sprintf("error marshaling %T to JSON: %v", f, err) + } + return buffer.String() +} + +func (f formatAny) MarshalLog() interface{} { + // Returning a pointer to a pointer ensures that zapr doesn't find a + // fmt.Stringer or logr.Marshaler when it checks the type of the + // value. It then falls back to reflection, which dumps the value being + // pointed to (JSON doesn't have pointers). + ptr := &f.Object + return &ptr +} + +var _ fmt.Stringer = formatAny{} +var _ logr.Marshaler = formatAny{} diff --git a/vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go b/vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go index 1dc81a15f..bcdf5f8ee 100644 --- a/vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go +++ b/vendor/k8s.io/klog/v2/internal/serialize/keyvalues.go @@ -18,6 +18,7 @@ package serialize import ( "bytes" + "encoding/json" "fmt" "strconv" @@ -196,11 +197,11 @@ func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { case textWriter: writeTextWriterValue(b, v) case fmt.Stringer: - writeStringValue(b, true, StringerToString(v)) + writeStringValue(b, StringerToString(v)) case string: - writeStringValue(b, true, v) + writeStringValue(b, v) case error: - writeStringValue(b, true, ErrorToString(v)) + writeStringValue(b, ErrorToString(v)) case logr.Marshaler: value := MarshalerToValue(v) // A marshaler that returns a string is useful for @@ -215,9 +216,9 @@ func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { // value directly. switch value := value.(type) { case string: - writeStringValue(b, true, value) + writeStringValue(b, value) default: - writeStringValue(b, false, f.AnyToString(value)) + f.formatAny(b, value) } case []byte: // In https://github.com/kubernetes/klog/pull/237 it was decided @@ -234,7 +235,7 @@ func (f Formatter) KVFormat(b *bytes.Buffer, k, v interface{}) { b.WriteByte('=') b.WriteString(fmt.Sprintf("%+q", v)) default: - writeStringValue(b, false, f.AnyToString(v)) + f.formatAny(b, v) } } @@ -242,12 +243,25 @@ func KVFormat(b *bytes.Buffer, k, v interface{}) { Formatter{}.KVFormat(b, k, v) } -// AnyToString is the historic fallback formatter. -func (f Formatter) AnyToString(v interface{}) string { +// formatAny is the fallback formatter for a value. It supports a hook (for +// example, for YAML encoding) and itself uses JSON encoding. +func (f Formatter) formatAny(b *bytes.Buffer, v interface{}) { + b.WriteRune('=') if f.AnyToStringHook != nil { - return f.AnyToStringHook(v) + b.WriteString(f.AnyToStringHook(v)) + return + } + encoder := json.NewEncoder(b) + l := b.Len() + if err := encoder.Encode(v); err != nil { + // This shouldn't happen. We discard whatever the encoder + // wrote and instead dump an error string. + b.Truncate(l) + b.WriteString(fmt.Sprintf(`""`, err)) + return } - return fmt.Sprintf("%+v", v) + // Remove trailing newline. + b.Truncate(b.Len() - 1) } // StringerToString converts a Stringer to a string, @@ -287,7 +301,7 @@ func ErrorToString(err error) (ret string) { } func writeTextWriterValue(b *bytes.Buffer, v textWriter) { - b.WriteRune('=') + b.WriteByte('=') defer func() { if err := recover(); err != nil { fmt.Fprintf(b, `""`, err) @@ -296,18 +310,13 @@ func writeTextWriterValue(b *bytes.Buffer, v textWriter) { v.WriteText(b) } -func writeStringValue(b *bytes.Buffer, quote bool, v string) { +func writeStringValue(b *bytes.Buffer, v string) { data := []byte(v) index := bytes.IndexByte(data, '\n') if index == -1 { b.WriteByte('=') - if quote { - // Simple string, quote quotation marks and non-printable characters. - b.WriteString(strconv.Quote(v)) - return - } - // Non-string with no line breaks. - b.WriteString(v) + // Simple string, quote quotation marks and non-printable characters. + b.WriteString(strconv.Quote(v)) return } diff --git a/vendor/k8s.io/klog/v2/k8s_references.go b/vendor/k8s.io/klog/v2/k8s_references.go index ecd3f8b69..786af74bf 100644 --- a/vendor/k8s.io/klog/v2/k8s_references.go +++ b/vendor/k8s.io/klog/v2/k8s_references.go @@ -178,14 +178,14 @@ func (ks kobjSlice) process() (objs []interface{}, err string) { return objectRefs, "" } -var nilToken = []byte("") +var nilToken = []byte("null") func (ks kobjSlice) WriteText(out *bytes.Buffer) { s := reflect.ValueOf(ks.arg) switch s.Kind() { case reflect.Invalid: - // nil parameter, print as empty slice. - out.WriteString("[]") + // nil parameter, print as null. + out.Write(nilToken) return case reflect.Slice: // Okay, handle below. @@ -197,15 +197,15 @@ func (ks kobjSlice) WriteText(out *bytes.Buffer) { defer out.Write([]byte{']'}) for i := 0; i < s.Len(); i++ { if i > 0 { - out.Write([]byte{' '}) + out.Write([]byte{','}) } item := s.Index(i).Interface() if item == nil { out.Write(nilToken) } else if v, ok := item.(KMetadata); ok { - KObj(v).writeUnquoted(out) + KObj(v).WriteText(out) } else { - fmt.Fprintf(out, "", item) + fmt.Fprintf(out, `""`, item) return } } diff --git a/vendor/k8s.io/klog/v2/klog.go b/vendor/k8s.io/klog/v2/klog.go index 466eeaf26..152f8a6bd 100644 --- a/vendor/k8s.io/klog/v2/klog.go +++ b/vendor/k8s.io/klog/v2/klog.go @@ -1228,6 +1228,19 @@ func CopyStandardLogTo(name string) { stdLog.SetOutput(logBridge(sev)) } +// NewStandardLogger returns a Logger that writes to the klog logs for the +// named and lower severities. +// +// Valid names are "INFO", "WARNING", "ERROR", and "FATAL". If the name is not +// recognized, NewStandardLogger panics. +func NewStandardLogger(name string) *stdLog.Logger { + sev, ok := severity.ByName(name) + if !ok { + panic(fmt.Sprintf("klog.NewStandardLogger(%q): unknown severity", name)) + } + return stdLog.New(logBridge(sev), "", stdLog.Lshortfile) +} + // logBridge provides the Write method that enables CopyStandardLogTo to connect // Go's standard logs to the logs provided by this package. type logBridge severity.Severity diff --git a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go index bf641bfa8..13cf2c979 100644 --- a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go +++ b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go @@ -1193,6 +1193,8 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS genericfeatures.ServerSideFieldValidation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.29 + genericfeatures.UnauthenticatedHTTP2DOSMitigation: {Default: false, PreRelease: featuregate.Beta}, + // features that enable backwards compatibility but are scheduled to be removed // ... HPAScaleToZero: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/vendor/k8s.io/utils/pointer/pointer.go b/vendor/k8s.io/utils/pointer/pointer.go index b8103223a..b673a6425 100644 --- a/vendor/k8s.io/utils/pointer/pointer.go +++ b/vendor/k8s.io/utils/pointer/pointer.go @@ -14,12 +14,15 @@ See the License for the specific language governing permissions and limitations under the License. */ +// Deprecated: Use functions in k8s.io/utils/ptr instead: ptr.To to obtain +// a pointer, ptr.Deref to dereference a pointer, ptr.Equal to compare +// dereferenced pointers. package pointer import ( - "fmt" - "reflect" "time" + + "k8s.io/utils/ptr" ) // AllPtrFieldsNil tests whether all pointer fields in a struct are nil. This is useful when, @@ -28,383 +31,219 @@ import ( // // This function is only valid for structs and pointers to structs. Any other // type will cause a panic. Passing a typed nil pointer will return true. -func AllPtrFieldsNil(obj interface{}) bool { - v := reflect.ValueOf(obj) - if !v.IsValid() { - panic(fmt.Sprintf("reflect.ValueOf() produced a non-valid Value for %#v", obj)) - } - if v.Kind() == reflect.Ptr { - if v.IsNil() { - return true - } - v = v.Elem() - } - for i := 0; i < v.NumField(); i++ { - if v.Field(i).Kind() == reflect.Ptr && !v.Field(i).IsNil() { - return false - } - } - return true -} - -// Int returns a pointer to an int -func Int(i int) *int { - return &i -} +// +// Deprecated: Use ptr.AllPtrFieldsNil instead. +var AllPtrFieldsNil = ptr.AllPtrFieldsNil + +// Int returns a pointer to an int. +var Int = ptr.To[int] // IntPtr is a function variable referring to Int. // -// Deprecated: Use Int instead. +// Deprecated: Use ptr.To instead. var IntPtr = Int // for back-compat // IntDeref dereferences the int ptr and returns it if not nil, or else // returns def. -func IntDeref(ptr *int, def int) int { - if ptr != nil { - return *ptr - } - return def -} +var IntDeref = ptr.Deref[int] // IntPtrDerefOr is a function variable referring to IntDeref. // -// Deprecated: Use IntDeref instead. +// Deprecated: Use ptr.Deref instead. var IntPtrDerefOr = IntDeref // for back-compat // Int32 returns a pointer to an int32. -func Int32(i int32) *int32 { - return &i -} +var Int32 = ptr.To[int32] // Int32Ptr is a function variable referring to Int32. // -// Deprecated: Use Int32 instead. +// Deprecated: Use ptr.To instead. var Int32Ptr = Int32 // for back-compat // Int32Deref dereferences the int32 ptr and returns it if not nil, or else // returns def. -func Int32Deref(ptr *int32, def int32) int32 { - if ptr != nil { - return *ptr - } - return def -} +var Int32Deref = ptr.Deref[int32] // Int32PtrDerefOr is a function variable referring to Int32Deref. // -// Deprecated: Use Int32Deref instead. +// Deprecated: Use ptr.Deref instead. var Int32PtrDerefOr = Int32Deref // for back-compat // Int32Equal returns true if both arguments are nil or both arguments // dereference to the same value. -func Int32Equal(a, b *int32) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var Int32Equal = ptr.Equal[int32] // Uint returns a pointer to an uint -func Uint(i uint) *uint { - return &i -} +var Uint = ptr.To[uint] // UintPtr is a function variable referring to Uint. // -// Deprecated: Use Uint instead. +// Deprecated: Use ptr.To instead. var UintPtr = Uint // for back-compat // UintDeref dereferences the uint ptr and returns it if not nil, or else // returns def. -func UintDeref(ptr *uint, def uint) uint { - if ptr != nil { - return *ptr - } - return def -} +var UintDeref = ptr.Deref[uint] // UintPtrDerefOr is a function variable referring to UintDeref. // -// Deprecated: Use UintDeref instead. +// Deprecated: Use ptr.Deref instead. var UintPtrDerefOr = UintDeref // for back-compat // Uint32 returns a pointer to an uint32. -func Uint32(i uint32) *uint32 { - return &i -} +var Uint32 = ptr.To[uint32] // Uint32Ptr is a function variable referring to Uint32. // -// Deprecated: Use Uint32 instead. +// Deprecated: Use ptr.To instead. var Uint32Ptr = Uint32 // for back-compat // Uint32Deref dereferences the uint32 ptr and returns it if not nil, or else // returns def. -func Uint32Deref(ptr *uint32, def uint32) uint32 { - if ptr != nil { - return *ptr - } - return def -} +var Uint32Deref = ptr.Deref[uint32] // Uint32PtrDerefOr is a function variable referring to Uint32Deref. // -// Deprecated: Use Uint32Deref instead. +// Deprecated: Use ptr.Deref instead. var Uint32PtrDerefOr = Uint32Deref // for back-compat // Uint32Equal returns true if both arguments are nil or both arguments // dereference to the same value. -func Uint32Equal(a, b *uint32) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var Uint32Equal = ptr.Equal[uint32] // Int64 returns a pointer to an int64. -func Int64(i int64) *int64 { - return &i -} +var Int64 = ptr.To[int64] // Int64Ptr is a function variable referring to Int64. // -// Deprecated: Use Int64 instead. +// Deprecated: Use ptr.To instead. var Int64Ptr = Int64 // for back-compat // Int64Deref dereferences the int64 ptr and returns it if not nil, or else // returns def. -func Int64Deref(ptr *int64, def int64) int64 { - if ptr != nil { - return *ptr - } - return def -} +var Int64Deref = ptr.Deref[int64] // Int64PtrDerefOr is a function variable referring to Int64Deref. // -// Deprecated: Use Int64Deref instead. +// Deprecated: Use ptr.Deref instead. var Int64PtrDerefOr = Int64Deref // for back-compat // Int64Equal returns true if both arguments are nil or both arguments // dereference to the same value. -func Int64Equal(a, b *int64) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var Int64Equal = ptr.Equal[int64] // Uint64 returns a pointer to an uint64. -func Uint64(i uint64) *uint64 { - return &i -} +var Uint64 = ptr.To[uint64] // Uint64Ptr is a function variable referring to Uint64. // -// Deprecated: Use Uint64 instead. +// Deprecated: Use ptr.To instead. var Uint64Ptr = Uint64 // for back-compat // Uint64Deref dereferences the uint64 ptr and returns it if not nil, or else // returns def. -func Uint64Deref(ptr *uint64, def uint64) uint64 { - if ptr != nil { - return *ptr - } - return def -} +var Uint64Deref = ptr.Deref[uint64] // Uint64PtrDerefOr is a function variable referring to Uint64Deref. // -// Deprecated: Use Uint64Deref instead. +// Deprecated: Use ptr.Deref instead. var Uint64PtrDerefOr = Uint64Deref // for back-compat // Uint64Equal returns true if both arguments are nil or both arguments // dereference to the same value. -func Uint64Equal(a, b *uint64) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var Uint64Equal = ptr.Equal[uint64] // Bool returns a pointer to a bool. -func Bool(b bool) *bool { - return &b -} +var Bool = ptr.To[bool] // BoolPtr is a function variable referring to Bool. // -// Deprecated: Use Bool instead. +// Deprecated: Use ptr.To instead. var BoolPtr = Bool // for back-compat // BoolDeref dereferences the bool ptr and returns it if not nil, or else // returns def. -func BoolDeref(ptr *bool, def bool) bool { - if ptr != nil { - return *ptr - } - return def -} +var BoolDeref = ptr.Deref[bool] // BoolPtrDerefOr is a function variable referring to BoolDeref. // -// Deprecated: Use BoolDeref instead. +// Deprecated: Use ptr.Deref instead. var BoolPtrDerefOr = BoolDeref // for back-compat // BoolEqual returns true if both arguments are nil or both arguments // dereference to the same value. -func BoolEqual(a, b *bool) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var BoolEqual = ptr.Equal[bool] // String returns a pointer to a string. -func String(s string) *string { - return &s -} +var String = ptr.To[string] // StringPtr is a function variable referring to String. // -// Deprecated: Use String instead. +// Deprecated: Use ptr.To instead. var StringPtr = String // for back-compat // StringDeref dereferences the string ptr and returns it if not nil, or else // returns def. -func StringDeref(ptr *string, def string) string { - if ptr != nil { - return *ptr - } - return def -} +var StringDeref = ptr.Deref[string] // StringPtrDerefOr is a function variable referring to StringDeref. // -// Deprecated: Use StringDeref instead. +// Deprecated: Use ptr.Deref instead. var StringPtrDerefOr = StringDeref // for back-compat // StringEqual returns true if both arguments are nil or both arguments // dereference to the same value. -func StringEqual(a, b *string) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var StringEqual = ptr.Equal[string] // Float32 returns a pointer to a float32. -func Float32(i float32) *float32 { - return &i -} +var Float32 = ptr.To[float32] // Float32Ptr is a function variable referring to Float32. // -// Deprecated: Use Float32 instead. +// Deprecated: Use ptr.To instead. var Float32Ptr = Float32 // Float32Deref dereferences the float32 ptr and returns it if not nil, or else // returns def. -func Float32Deref(ptr *float32, def float32) float32 { - if ptr != nil { - return *ptr - } - return def -} +var Float32Deref = ptr.Deref[float32] // Float32PtrDerefOr is a function variable referring to Float32Deref. // -// Deprecated: Use Float32Deref instead. +// Deprecated: Use ptr.Deref instead. var Float32PtrDerefOr = Float32Deref // for back-compat // Float32Equal returns true if both arguments are nil or both arguments // dereference to the same value. -func Float32Equal(a, b *float32) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var Float32Equal = ptr.Equal[float32] // Float64 returns a pointer to a float64. -func Float64(i float64) *float64 { - return &i -} +var Float64 = ptr.To[float64] // Float64Ptr is a function variable referring to Float64. // -// Deprecated: Use Float64 instead. +// Deprecated: Use ptr.To instead. var Float64Ptr = Float64 // Float64Deref dereferences the float64 ptr and returns it if not nil, or else // returns def. -func Float64Deref(ptr *float64, def float64) float64 { - if ptr != nil { - return *ptr - } - return def -} +var Float64Deref = ptr.Deref[float64] // Float64PtrDerefOr is a function variable referring to Float64Deref. // -// Deprecated: Use Float64Deref instead. +// Deprecated: Use ptr.Deref instead. var Float64PtrDerefOr = Float64Deref // for back-compat // Float64Equal returns true if both arguments are nil or both arguments // dereference to the same value. -func Float64Equal(a, b *float64) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var Float64Equal = ptr.Equal[float64] // Duration returns a pointer to a time.Duration. -func Duration(d time.Duration) *time.Duration { - return &d -} +var Duration = ptr.To[time.Duration] // DurationDeref dereferences the time.Duration ptr and returns it if not nil, or else // returns def. -func DurationDeref(ptr *time.Duration, def time.Duration) time.Duration { - if ptr != nil { - return *ptr - } - return def -} +var DurationDeref = ptr.Deref[time.Duration] // DurationEqual returns true if both arguments are nil or both arguments // dereference to the same value. -func DurationEqual(a, b *time.Duration) bool { - if (a == nil) != (b == nil) { - return false - } - if a == nil { - return true - } - return *a == *b -} +var DurationEqual = ptr.Equal[time.Duration] diff --git a/vendor/k8s.io/utils/ptr/OWNERS b/vendor/k8s.io/utils/ptr/OWNERS new file mode 100644 index 000000000..0d6392752 --- /dev/null +++ b/vendor/k8s.io/utils/ptr/OWNERS @@ -0,0 +1,10 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: +- apelisse +- stewart-yu +- thockin +reviewers: +- apelisse +- stewart-yu +- thockin diff --git a/vendor/k8s.io/utils/ptr/README.md b/vendor/k8s.io/utils/ptr/README.md new file mode 100644 index 000000000..2ca8073dc --- /dev/null +++ b/vendor/k8s.io/utils/ptr/README.md @@ -0,0 +1,3 @@ +# Pointer + +This package provides some functions for pointer-based operations. diff --git a/vendor/k8s.io/utils/ptr/ptr.go b/vendor/k8s.io/utils/ptr/ptr.go new file mode 100644 index 000000000..659ed3b9e --- /dev/null +++ b/vendor/k8s.io/utils/ptr/ptr.go @@ -0,0 +1,73 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ptr + +import ( + "fmt" + "reflect" +) + +// AllPtrFieldsNil tests whether all pointer fields in a struct are nil. This is useful when, +// for example, an API struct is handled by plugins which need to distinguish +// "no plugin accepted this spec" from "this spec is empty". +// +// This function is only valid for structs and pointers to structs. Any other +// type will cause a panic. Passing a typed nil pointer will return true. +func AllPtrFieldsNil(obj interface{}) bool { + v := reflect.ValueOf(obj) + if !v.IsValid() { + panic(fmt.Sprintf("reflect.ValueOf() produced a non-valid Value for %#v", obj)) + } + if v.Kind() == reflect.Ptr { + if v.IsNil() { + return true + } + v = v.Elem() + } + for i := 0; i < v.NumField(); i++ { + if v.Field(i).Kind() == reflect.Ptr && !v.Field(i).IsNil() { + return false + } + } + return true +} + +// To returns a pointer to the given value. +func To[T any](v T) *T { + return &v +} + +// Deref dereferences ptr and returns the value it points to if no nil, or else +// returns def. +func Deref[T any](ptr *T, def T) T { + if ptr != nil { + return *ptr + } + return def +} + +// Equal returns true if both arguments are nil or both arguments +// dereference to the same value. +func Equal[T comparable](a, b *T) bool { + if (a == nil) != (b == nil) { + return false + } + if a == nil { + return true + } + return *a == *b +} diff --git a/vendor/modules.txt b/vendor/modules.txt index cfa15c617..5754115ba 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -55,7 +55,7 @@ github.com/ghodss/yaml # github.com/go-bindata/go-bindata v3.1.2+incompatible ## explicit github.com/go-bindata/go-bindata -# github.com/go-logr/logr v1.2.3 +# github.com/go-logr/logr v1.2.4 ## explicit; go 1.16 github.com/go-logr/logr github.com/go-logr/logr/funcr @@ -173,7 +173,7 @@ github.com/munnerz/goautoneg # github.com/opencontainers/go-digest v1.0.0 ## explicit; go 1.13 github.com/opencontainers/go-digest -# github.com/openshift/api v0.0.0-20230516201849-333bc194ef7a +# github.com/openshift/api v0.0.0-20231012190404-7b36cb38c7d0 ## explicit; go 1.20 github.com/openshift/api/apps github.com/openshift/api/apps/v1 @@ -204,7 +204,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/build-machinery-go v0.0.0-20230306181456-d321ffa04533 +# github.com/openshift/build-machinery-go v0.0.0-20230816154005-5a38e1bfd880 ## explicit; go 1.13 github.com/openshift/build-machinery-go github.com/openshift/build-machinery-go/make @@ -214,7 +214,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20230503144108-75015d2347cb +# github.com/openshift/client-go v0.0.0-20230807132528-be5346fb33cb ## explicit; go 1.20 github.com/openshift/client-go/config/applyconfigurations/config/v1 github.com/openshift/client-go/config/applyconfigurations/internal @@ -261,7 +261,7 @@ github.com/openshift/client-go/securityinternal/clientset/versioned/fake github.com/openshift/client-go/securityinternal/clientset/versioned/scheme github.com/openshift/client-go/securityinternal/clientset/versioned/typed/securityinternal/v1 github.com/openshift/client-go/securityinternal/clientset/versioned/typed/securityinternal/v1/fake -# github.com/openshift/library-go v0.0.0-20230516103935-9536341565eb +# github.com/openshift/library-go v0.0.0-20231020125025-211b32f1a1f2 ## explicit; go 1.20 github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer github.com/openshift/library-go/pkg/config/client @@ -322,7 +322,7 @@ github.com/robfig/cron # github.com/sirupsen/logrus v1.9.0 ## explicit; go 1.13 github.com/sirupsen/logrus -# github.com/spf13/cobra v1.6.0 +# github.com/spf13/cobra v1.6.1 ## explicit; go 1.15 github.com/spf13/cobra # github.com/spf13/pflag v1.0.5 @@ -597,7 +597,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.27.1 => k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20231013002001-0219e706729b +# k8s.io/api v0.27.7 => k8s.io/api v0.27.7 ## explicit; go 1.20 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -653,7 +653,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.27.1 => k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20231013002001-0219e706729b +# k8s.io/apimachinery v0.27.7 => k8s.io/apimachinery v0.27.7 ## explicit; go 1.20 k8s.io/apimachinery/pkg/api/apitesting k8s.io/apimachinery/pkg/api/equality @@ -709,7 +709,7 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.27.1 => k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20231013002001-0219e706729b +# k8s.io/apiserver v0.27.7 => k8s.io/apiserver v0.27.7 ## explicit; go 1.20 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -852,7 +852,7 @@ k8s.io/apiserver/plugin/pkg/audit/truncate k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/client-go v0.27.1 => k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20231013002001-0219e706729b +# k8s.io/client-go v0.27.7 => k8s.io/client-go v0.27.7 ## explicit; go 1.20 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -1163,7 +1163,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.0.0 => k8s.io/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20231013002001-0219e706729b +# k8s.io/cloud-provider v0.0.0 => k8s.io/cloud-provider v0.27.7 ## explicit; go 1.20 k8s.io/cloud-provider k8s.io/cloud-provider/app/config @@ -1175,7 +1175,7 @@ k8s.io/cloud-provider/controllers/node/config/v1alpha1 k8s.io/cloud-provider/controllers/service/config k8s.io/cloud-provider/controllers/service/config/v1alpha1 k8s.io/cloud-provider/options -# k8s.io/component-base v0.27.1 => k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20231013002001-0219e706729b +# k8s.io/component-base v0.27.7 => k8s.io/component-base v0.27.7 ## explicit; go 1.20 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -1203,13 +1203,13 @@ k8s.io/component-base/metrics/testutil k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version -# k8s.io/component-helpers v0.27.1 => k8s.io/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20231013002001-0219e706729b +# k8s.io/component-helpers v0.27.7 => k8s.io/component-helpers v0.27.7 ## explicit; go 1.20 k8s.io/component-helpers/auth/rbac/validation k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.27.1 => k8s.io/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20231013002001-0219e706729b +# k8s.io/controller-manager v0.27.7 => k8s.io/controller-manager v0.27.7 ## explicit; go 1.20 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -1223,7 +1223,7 @@ k8s.io/controller-manager/pkg/features/register k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/klog/v2 v2.90.1 +# k8s.io/klog/v2 v2.100.1 ## explicit; go 1.13 k8s.io/klog/v2 k8s.io/klog/v2/internal/buffer @@ -1231,7 +1231,7 @@ k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kms v0.27.1 +# k8s.io/kms v0.27.7 ## explicit; go 1.20 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 @@ -1259,10 +1259,10 @@ k8s.io/kube-openapi/pkg/validation/errors k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson -# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.27.1 +# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.27.7 ## explicit; go 1.20 k8s.io/kubelet/pkg/apis -# k8s.io/kubernetes v1.27.1 => k8s.io/kubernetes v0.0.0-20231013002001-0219e706729b +# k8s.io/kubernetes v1.27.7 ## explicit; go 1.20 k8s.io/kubernetes/pkg/api/legacyscheme k8s.io/kubernetes/pkg/api/service @@ -1297,10 +1297,10 @@ k8s.io/kubernetes/pkg/util/hash k8s.io/kubernetes/pkg/util/parsers k8s.io/kubernetes/pkg/util/taints k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac -# k8s.io/pod-security-admission v0.27.1 => k8s.io/pod-security-admission v0.27.1 +# k8s.io/pod-security-admission v0.27.7 => k8s.io/pod-security-admission v0.27.7 ## explicit; go 1.20 k8s.io/pod-security-admission/api -# k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 +# k8s.io/utils v0.0.0-20230726121419-3b25d923346b ## explicit; go 1.18 k8s.io/utils/buffer k8s.io/utils/clock @@ -1312,6 +1312,7 @@ k8s.io/utils/lru k8s.io/utils/net k8s.io/utils/path k8s.io/utils/pointer +k8s.io/utils/ptr k8s.io/utils/strings/slices k8s.io/utils/trace # sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 @@ -1324,7 +1325,7 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client ## explicit; go 1.18 sigs.k8s.io/json sigs.k8s.io/json/internal/golang/encoding/json -# sigs.k8s.io/structured-merge-diff/v4 v4.2.3 +# sigs.k8s.io/structured-merge-diff/v4 v4.3.0 ## explicit; go 1.13 sigs.k8s.io/structured-merge-diff/v4/fieldpath sigs.k8s.io/structured-merge-diff/v4/merge @@ -1334,29 +1335,28 @@ sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.3.0 ## explicit; go 1.12 sigs.k8s.io/yaml -# k8s.io/api => k8s.io/kubernetes/staging/src/k8s.io/api v0.0.0-20231013002001-0219e706729b -# k8s.io/apiextensions-apiserver => k8s.io/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20231013002001-0219e706729b -# k8s.io/apimachinery => k8s.io/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20231013002001-0219e706729b -# k8s.io/apiserver => k8s.io/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20231013002001-0219e706729b -# k8s.io/cli-runtime => k8s.io/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20231013002001-0219e706729b -# k8s.io/client-go => k8s.io/kubernetes/staging/src/k8s.io/client-go v0.0.0-20231013002001-0219e706729b -# k8s.io/cloud-provider => k8s.io/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20231013002001-0219e706729b -# k8s.io/cluster-bootstrap => k8s.io/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20231013002001-0219e706729b -# k8s.io/code-generator => k8s.io/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20231013002001-0219e706729b -# k8s.io/component-base => k8s.io/kubernetes/staging/src/k8s.io/component-base v0.0.0-20231013002001-0219e706729b -# k8s.io/component-helpers => k8s.io/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20231013002001-0219e706729b -# k8s.io/controller-manager => k8s.io/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20231013002001-0219e706729b -# k8s.io/cri-api => k8s.io/cri-api v0.27.1 -# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.1 -# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.1 -# k8s.io/kube-controller-manager => k8s.io/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20231013002001-0219e706729b -# k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.1 -# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.1 -# k8s.io/kubectl => k8s.io/kubectl v0.27.1 -# k8s.io/kubelet => k8s.io/kubelet v0.27.1 -# k8s.io/kubernetes => k8s.io/kubernetes v0.0.0-20231013002001-0219e706729b -# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.1 -# k8s.io/metrics => k8s.io/metrics v0.27.1 -# k8s.io/mount-utils => k8s.io/mount-utils v0.27.1 -# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.1 -# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.1 +# k8s.io/api => k8s.io/api v0.27.7 +# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.7 +# k8s.io/apimachinery => k8s.io/apimachinery v0.27.7 +# k8s.io/apiserver => k8s.io/apiserver v0.27.7 +# k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.7 +# k8s.io/client-go => k8s.io/client-go v0.27.7 +# k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.7 +# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.7 +# k8s.io/code-generator => k8s.io/code-generator v0.27.7 +# k8s.io/component-base => k8s.io/component-base v0.27.7 +# k8s.io/component-helpers => k8s.io/component-helpers v0.27.7 +# k8s.io/controller-manager => k8s.io/controller-manager v0.27.7 +# k8s.io/cri-api => k8s.io/cri-api v0.27.7 +# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.7 +# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.7 +# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.7 +# k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.7 +# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.7 +# k8s.io/kubectl => k8s.io/kubectl v0.27.7 +# k8s.io/kubelet => k8s.io/kubelet v0.27.7 +# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.7 +# k8s.io/metrics => k8s.io/metrics v0.27.7 +# k8s.io/mount-utils => k8s.io/mount-utils v0.27.7 +# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.7 +# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.7 diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go index 75a492d8e..f1aa25860 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go @@ -112,7 +112,7 @@ func ConflictsFromManagers(sets fieldpath.ManagedFields) Conflicts { set.Set().Iterate(func(p fieldpath.Path) { conflicts = append(conflicts, Conflict{ Manager: manager, - Path: p, + Path: p.Copy(), }) }) } diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go index 1b23dcbd5..e1540841d 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go @@ -18,6 +18,7 @@ import ( "sigs.k8s.io/structured-merge-diff/v4/fieldpath" "sigs.k8s.io/structured-merge-diff/v4/typed" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // Converter is an interface to the conversion logic. The converter @@ -27,17 +28,50 @@ type Converter interface { IsMissingVersionError(error) bool } +// UpdateBuilder allows you to create a new Updater by exposing all of +// the options and setting them once. +type UpdaterBuilder struct { + Converter Converter + IgnoredFields map[fieldpath.APIVersion]*fieldpath.Set + + EnableUnions bool + + // Stop comparing the new object with old object after applying. + // This was initially used to avoid spurious etcd update, but + // since that's vastly inefficient, we've come-up with a better + // way of doing that. Create this flag to stop it. + // Comparing has become more expensive too now that we're not using + // `Compare` but `value.Equals` so this gives an option to avoid it. + ReturnInputOnNoop bool +} + +func (u *UpdaterBuilder) BuildUpdater() *Updater { + return &Updater{ + Converter: u.Converter, + IgnoredFields: u.IgnoredFields, + enableUnions: u.EnableUnions, + returnInputOnNoop: u.ReturnInputOnNoop, + } +} + // Updater is the object used to compute updated FieldSets and also // merge the object on Apply. type Updater struct { - Converter Converter + // Deprecated: This will eventually become private. + Converter Converter + + // Deprecated: This will eventually become private. IgnoredFields map[fieldpath.APIVersion]*fieldpath.Set enableUnions bool + + returnInputOnNoop bool } // EnableUnionFeature turns on union handling. It is disabled by default until the // feature is complete. +// +// Deprecated: Use the builder instead. func (s *Updater) EnableUnionFeature() { s.enableUnions = true } @@ -157,8 +191,7 @@ func (s *Updater) Update(liveObject, newObject *typed.TypedValue, version fieldp // Apply should be called when Apply is run, given the current object as // well as the configuration that is applied. This will merge the object -// and return it. If the object hasn't changed, nil is returned (the -// managers can still have changed though). +// and return it. func (s *Updater) Apply(liveObject, configObject *typed.TypedValue, version fieldpath.APIVersion, managers fieldpath.ManagedFields, manager string, force bool) (*typed.TypedValue, fieldpath.ManagedFields, error) { var err error managers, err = s.reconcileManagedFieldsWithSchemaChanges(liveObject, managers) @@ -200,11 +233,11 @@ func (s *Updater) Apply(liveObject, configObject *typed.TypedValue, version fiel if err != nil { return nil, fieldpath.ManagedFields{}, fmt.Errorf("failed to prune fields: %v", err) } - managers, compare, err := s.update(liveObject, newObject, version, managers, manager, force) + managers, _, err = s.update(liveObject, newObject, version, managers, manager, force) if err != nil { return nil, fieldpath.ManagedFields{}, err } - if compare.IsSame() { + if !s.returnInputOnNoop && value.EqualsUsing(value.NewFreelistAllocator(), liveObject.AsValue(), newObject.AsValue()) { newObject = nil } return newObject, managers, nil @@ -218,7 +251,8 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel if lastSet == nil || lastSet.Set().Empty() { return merged, nil } - convertedMerged, err := s.Converter.Convert(merged, lastSet.APIVersion()) + version := lastSet.APIVersion() + convertedMerged, err := s.Converter.Convert(merged, version) if err != nil { if s.Converter.IsMissingVersionError(err) { return merged, nil @@ -228,7 +262,7 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel sc, tr := convertedMerged.Schema(), convertedMerged.TypeRef() pruned := convertedMerged.RemoveItems(lastSet.Set().EnsureNamedFieldsAreMembers(sc, tr)) - pruned, err = s.addBackOwnedItems(convertedMerged, pruned, managers, applyingManager) + pruned, err = s.addBackOwnedItems(convertedMerged, pruned, version, managers, applyingManager) if err != nil { return nil, fmt.Errorf("failed add back owned items: %v", err) } @@ -241,7 +275,7 @@ func (s *Updater) prune(merged *typed.TypedValue, managers fieldpath.ManagedFiel // addBackOwnedItems adds back any fields, list and map items that were removed by prune, // but other appliers or updaters (or the current applier's new config) claim to own. -func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, managedFields fieldpath.ManagedFields, applyingManager string) (*typed.TypedValue, error) { +func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, prunedVersion fieldpath.APIVersion, managedFields fieldpath.ManagedFields, applyingManager string) (*typed.TypedValue, error) { var err error managedAtVersion := map[fieldpath.APIVersion]*fieldpath.Set{} for _, managerSet := range managedFields { @@ -252,7 +286,6 @@ func (s *Updater) addBackOwnedItems(merged, pruned *typed.TypedValue, managedFie } // Add back owned items at pruned version first to avoid conversion failure // caused by pruned fields which are required for conversion. - prunedVersion := fieldpath.APIVersion(*pruned.TypeRef().NamedType) if managed, ok := managedAtVersion[prunedVersion]; ok { merged, pruned, err = s.addBackOwnedItemsForVersion(merged, pruned, prunedVersion, managed) if err != nil { diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go index 7e5dc7582..5d3707a5b 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go @@ -73,7 +73,7 @@ type Atom struct { } // Scalar (AKA "primitive") represents a type which has a single value which is -// either numeric, string, or boolean. +// either numeric, string, or boolean, or untyped for any of them. // // TODO: split numeric into float/int? Something even more fine-grained? type Scalar string @@ -82,6 +82,7 @@ const ( Numeric = Scalar("numeric") String = Scalar("string") Boolean = Scalar("boolean") + Untyped = Scalar("untyped") ) // ElementRelationship is an enum of the different possible relationships diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go index 7d64d1308..e4c5caa2a 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go @@ -110,7 +110,7 @@ var SchemaSchemaYAML = `types: scalar: string - name: deduceInvalidDiscriminator type: - scalar: bool + scalar: boolean - name: fields type: list: diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go index 913644083..09209ec82 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go @@ -113,11 +113,12 @@ func (w *mergingWalker) doLeaf() { w.rule(w) } -func (w *mergingWalker) doScalar(t *schema.Scalar) (errs ValidationErrors) { - errs = append(errs, validateScalar(t, w.lhs, "lhs: ")...) - errs = append(errs, validateScalar(t, w.rhs, "rhs: ")...) - if len(errs) > 0 { - return errs +func (w *mergingWalker) doScalar(t *schema.Scalar) ValidationErrors { + // Make sure at least one side is a valid scalar. + lerrs := validateScalar(t, w.lhs, "lhs: ") + rerrs := validateScalar(t, w.rhs, "rhs: ") + if len(lerrs) > 0 && len(rerrs) > 0 { + return append(lerrs, rerrs...) } // All scalars are leaf fields. diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go index d63a97fe2..6411bd51a 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go @@ -45,6 +45,10 @@ func AsTyped(v value.Value, s *schema.Schema, typeRef schema.TypeRef) (*TypedVal // conforms to the schema, for cases where that has already been checked or // where you're going to call a method that validates as a side-effect (like // ToFieldSet). +// +// Deprecated: This function was initially created because validation +// was expensive. Now that this has been solved, objects should always +// be created as validated, using `AsTyped`. func AsTypedUnvalidated(v value.Value, s *schema.Schema, typeRef schema.TypeRef) *TypedValue { tv := &TypedValue{ value: v, @@ -125,12 +129,13 @@ func (tv TypedValue) Compare(rhs *TypedValue) (c *Comparison, err error) { Modified: fieldpath.NewSet(), Added: fieldpath.NewSet(), } + a := value.NewFreelistAllocator() _, err = merge(&tv, rhs, func(w *mergingWalker) { if w.lhs == nil { c.Added.Insert(w.path) } else if w.rhs == nil { c.Removed.Insert(w.path) - } else if !value.Equals(w.rhs, w.lhs) { + } else if !value.EqualsUsing(a, w.rhs, w.lhs) { // TODO: Equality is not sufficient for this. // Need to implement equality check on the value type. c.Modified.Insert(w.path) diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go index 378d30219..edddbafa4 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go @@ -102,6 +102,12 @@ func validateScalar(t *schema.Scalar, v value.Value, prefix string) (errs Valida if !v.IsBool() { return errorf("%vexpected boolean, got %v", prefix, v) } + case schema.Untyped: + if !v.IsFloat() && !v.IsInt() && !v.IsString() && !v.IsBool() { + return errorf("%vexpected any scalar, got %v", prefix, v) + } + default: + return errorf("%vunexpected scalar type in schema: %v", prefix, *t) } return nil } diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go index dc8b8c720..c38402b99 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go @@ -136,7 +136,7 @@ func (r mapReflect) EqualsUsing(a Allocator, m Map) bool { if !ok { return false } - return Equals(vr.mustReuse(lhsVal, entry, nil, nil), value) + return EqualsUsing(a, vr.mustReuse(lhsVal, entry, nil, nil), value) }) } diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go index d8e208628..c3ae00b18 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go @@ -88,12 +88,12 @@ func (m mapUnstructuredInterface) EqualsUsing(a Allocator, other Map) bool { } vv := a.allocValueUnstructured() defer a.Free(vv) - return other.Iterate(func(key string, value Value) bool { + return other.IterateUsing(a, func(key string, value Value) bool { lhsVal, ok := m[key] if !ok { return false } - return Equals(vv.reuse(lhsVal), value) + return EqualsUsing(a, vv.reuse(lhsVal), value) }) } @@ -168,12 +168,12 @@ func (m mapUnstructuredString) EqualsUsing(a Allocator, other Map) bool { } vv := a.allocValueUnstructured() defer a.Free(vv) - return other.Iterate(func(key string, value Value) bool { + return other.IterateUsing(a, func(key string, value Value) bool { lhsVal, ok := m[key] if !ok { return false } - return Equals(vv.reuse(lhsVal), value) + return EqualsUsing(a, vv.reuse(lhsVal), value) }) } diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go index a5a467c0f..f0d58d42c 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go @@ -154,7 +154,9 @@ func buildStructCacheEntry(t reflect.Type, infos map[string]*FieldCacheEntry, fi if field.Type.Kind() == reflect.Ptr { e = field.Type.Elem() } - buildStructCacheEntry(e, infos, append(fieldPath, field.Index)) + if e.Kind() == reflect.Struct { + buildStructCacheEntry(e, infos, append(fieldPath, field.Index)) + } continue } info := &FieldCacheEntry{JsonName: jsonName, isOmitEmpty: isOmitempty, fieldPath: append(fieldPath, field.Index), fieldType: field.Type}