-
Notifications
You must be signed in to change notification settings - Fork 298
/
hostedcluster_types.go
2401 lines (2113 loc) · 98.8 KB
/
hostedcluster_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
package v1beta1
import (
"fmt"
"strings"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
configv1 "github.com/openshift/api/config/v1"
"github.com/openshift/hypershift/api/util/ipnet"
)
func init() {
SchemeBuilder.Register(func(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&HostedCluster{},
&HostedClusterList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
})
}
const (
// AuditWebhookKubeconfigKey is the key name in the AuditWebhook secret that stores audit webhook kubeconfig
AuditWebhookKubeconfigKey = "webhook-kubeconfig"
DisablePKIReconciliationAnnotation = "hypershift.openshift.io/disable-pki-reconciliation"
// SkipReleaseImageValidation skips any release validation that the HO version might dictate for any HC and skip min supported version check for NodePools.
SkipReleaseImageValidation = "hypershift.openshift.io/skip-release-image-validation"
IdentityProviderOverridesAnnotationPrefix = "idpoverrides.hypershift.openshift.io/"
OauthLoginURLOverrideAnnotation = "oauth.hypershift.openshift.io/login-url-override"
// HCDestroyGracePeriodAnnotation is an annotation which will delay the removal of the HostedCluster finalizer to allow consumers to read the status of the HostedCluster
// before the resource goes away. The format of the annotation is a go duration string with a numeric component and unit.
// sample: hypershift.openshift.io/destroy-grace-period: "600s"
HCDestroyGracePeriodAnnotation = "hypershift.openshift.io/destroy-grace-period"
// ControlPlanePriorityClass is for pods in the HyperShift Control Plane that are not API critical but still need elevated priority. E.g Cluster Version Operator.
ControlPlanePriorityClass = "hypershift.openshift.io/control-plane-priority-class"
// APICriticalPriorityClass is for pods that are required for API calls and resource admission to succeed. This includes pods like kube-apiserver, aggregated API servers, and webhooks.
APICriticalPriorityClass = "hypershift.openshift.io/api-critical-priority-class"
// EtcdPriorityClass is for etcd pods.
EtcdPriorityClass = "hypershift.openshift.io/etcd-priority-class"
// KonnectivityServerImageAnnotation is a temporary annotation that allows the specification of the konnectivity server image.
// This will be removed when Konnectivity is added to the Openshift release payload
KonnectivityServerImageAnnotation = "hypershift.openshift.io/konnectivity-server-image"
// KonnectivityAgentImageAnnotation is a temporary annotation that allows the specification of the konnectivity agent image.
// This will be removed when Konnectivity is added to the Openshift release payload
KonnectivityAgentImageAnnotation = "hypershift.openshift.io/konnectivity-agent-image"
// ControlPlaneOperatorImageAnnotation is an annotation that allows the specification of the control plane operator image.
// This is used for development and e2e workflows
ControlPlaneOperatorImageAnnotation = "hypershift.openshift.io/control-plane-operator-image"
// ControlPlaneOperatorImageLabelsAnnotation is an annotation that allows the specification of the control plane operator image labels.
// Labels are provided in a comma-delimited format: key=value,key2=value2
// This is used for development and e2e workflows
ControlPlaneOperatorImageLabelsAnnotation = "hypershift.openshift.io/control-plane-operator-image-labels"
// RestartDateAnnotation is a annotation that can be used to trigger a rolling restart of all components managed by hypershift.
// it is important in some situations like CA rotation where components need to be fully restarted to pick up new CAs. It's also
// important in some recovery situations where a fresh start of the component helps fix symptoms a user might be experiencing.
RestartDateAnnotation = "hypershift.openshift.io/restart-date"
// ReleaseImageAnnotation is an annotation that can be used to see what release image a given deployment is tied to
ReleaseImageAnnotation = "hypershift.openshift.io/release-image"
// ClusterAPIManagerImage is an annotation that allows the specification of the cluster api manager image.
// This is a temporary workaround necessary for compliance reasons on the IBM Cloud side:
// no images can be pulled from registries outside of IBM Cloud's official regional registries
ClusterAPIManagerImage = "hypershift.openshift.io/capi-manager-image"
// ClusterAutoscalerImage is an annotation that allows the specification of the cluster autoscaler image.
// This is a temporary workaround necessary for compliance reasons on the IBM Cloud side:
// no images can be pulled from registries outside of IBM Cloud's official regional registries
ClusterAutoscalerImage = "hypershift.openshift.io/cluster-autoscaler-image"
// AWSKMSProviderImage is an annotation that allows the specification of the AWS kms provider image.
// Upstream code located at: https://github.com/kubernetes-sigs/aws-encryption-provider
AWSKMSProviderImage = "hypershift.openshift.io/aws-kms-provider-image"
// IBMCloudKMSProviderImage is an annotation that allows the specification of the IBM Cloud kms provider image.
IBMCloudKMSProviderImage = "hypershift.openshift.io/ibmcloud-kms-provider-image"
// PortierisImageAnnotation is an annotation that allows the specification of the portieries component
// (performs container image verification).
PortierisImageAnnotation = "hypershift.openshift.io/portieris-image"
// PrivateIngressControllerAnnotation is an annotation that configures ingress controller with endpoint publishing strategy as Private.
// This overrides any opinionated strategy set by platform in ReconcileDefaultIngressController.
// It's used by IBM cloud to support ingress endpoint publishing strategy scope
// NOTE: We'll expose this in the API if the use case gets generalised.
PrivateIngressControllerAnnotation = "hypershift.openshift.io/private-ingress-controller"
// IngressControllerLoadBalancerScope is an annotation that allows the specification of the LoadBalancer scope for ingress controller.
IngressControllerLoadBalancerScope = "hypershift.openshift.io/ingress-controller-load-balancer-scope"
// CertifiedOperatorsCatalogImageAnnotation, CommunityOperatorsCatalogImageAnnotation, RedHatMarketplaceCatalogImageAnnotation and RedHatOperatorsCatalogImageAnnotation
// are annotations that can be used to override the address of the images used for the OLM catalogs if in the `management` OLMCatalogPlacement mode.
// If used, all of them should be set at the same time referring images only by digest (`...@sha256:<id>`).
// This will disable the imagestream used to keep the catalog images up to date.
CertifiedOperatorsCatalogImageAnnotation = "hypershift.openshift.io/certified-operators-catalog-image"
CommunityOperatorsCatalogImageAnnotation = "hypershift.openshift.io/community-operators-catalog-image"
RedHatMarketplaceCatalogImageAnnotation = "hypershift.openshift.io/redhat-marketplace-catalog-image"
RedHatOperatorsCatalogImageAnnotation = "hypershift.openshift.io/redhat-operators-catalog-image"
// OLMCatalogsISRegistryOverridesAnnotation overrides the image registries used for the ImageStream used for the OLM catalogs.
// It contains the source registry string as a key and the destination registry string as value.
// Images before being applied are scanned for the source registry string and if found the string is replaced with the destination registry string.
// Format is: "sr1=dr1,sr2=dr2"
OLMCatalogsISRegistryOverridesAnnotation = "hypershift.openshift.io/olm-catalogs-is-registry-overrides"
// ClusterAPIProviderAWSImage overrides the CAPI AWS provider image to use for
// a HostedControlPlane.
ClusterAPIProviderAWSImage = "hypershift.openshift.io/capi-provider-aws-image"
// ClusterAPIKubeVirtProviderImage overrides the CAPI KubeVirt provider image to use for
// a HostedControlPlane.
ClusterAPIKubeVirtProviderImage = "hypershift.openshift.io/capi-provider-kubevirt-image"
// ClusterAPIAgentProviderImage overrides the CAPI Agent provider image to use for
// a HostedControlPlane.
ClusterAPIAgentProviderImage = "hypershift.openshift.io/capi-provider-agent-image"
// ClusterAPIAzureProviderImage overrides the CAPI Azure provider image to use for
// a HostedControlPlane.
ClusterAPIAzureProviderImage = "hypershift.openshift.io/capi-provider-azure-image"
// ClusterAPIPowerVSProviderImage overrides the CAPI PowerVS provider image to use for
// a HostedControlPlane.
ClusterAPIPowerVSProviderImage = "hypershift.openshift.io/capi-provider-powervs-image"
// AESCBCKeySecretKey defines the Kubernetes secret key name that contains the aescbc encryption key
// in the AESCBC secret encryption strategy
AESCBCKeySecretKey = "key"
// IBMCloudIAMAPIKeySecretKey defines the Kubernetes secret key name that contains
// the customer IBMCloud apikey in the unmanaged authentication strategy for IBMCloud KMS secret encryption
IBMCloudIAMAPIKeySecretKey = "iam_apikey"
// AWSCredentialsFileSecretKey defines the Kubernetes secret key name that contains
// the customer AWS credentials in the unmanaged authentication strategy for AWS KMS secret encryption
AWSCredentialsFileSecretKey = "credentials"
// ControlPlaneComponent identifies a resource as belonging to a hosted control plane.
ControlPlaneComponent = "hypershift.openshift.io/control-plane-component"
// OperatorComponent identifies a component as belonging to the operator.
OperatorComponent = "hypershift.openshift.io/operator-component"
// MachineApproverImage is an annotation that allows the specification of the machine approver image.
// This is a temporary workaround necessary for compliance reasons on the IBM Cloud side:
// no images can be pulled from registries outside of IBM Cloud's official regional registries
MachineApproverImage = "hypershift.openshift.io/machine-approver-image"
// ExternalDNSHostnameAnnotation is the annotation external-dns uses to register DNS name for different HCP services.
ExternalDNSHostnameAnnotation = "external-dns.alpha.kubernetes.io/hostname"
// ForceUpgradeToAnnotation is the annotation that forces HostedCluster upgrade even if the underlying ClusterVersion
// is reporting it is not Upgradeable. The annotation value must be set to the release image being forced.
ForceUpgradeToAnnotation = "hypershift.openshift.io/force-upgrade-to"
// ServiceAccountSigningKeySecretKey is the name of the secret key that should contain the service account signing
// key if specified.
ServiceAccountSigningKeySecretKey = "key"
// DisableProfilingAnnotation is the annotation that allows disabling profiling for control plane components.
// Any components specified in this list will have profiling disabled. Profiling is disabled by default for etcd and konnectivity.
// Components this annotation can apply to: kube-scheduler, kube-controller-manager, kube-apiserver.
DisableProfilingAnnotation = "hypershift.openshift.io/disable-profiling"
// CleanupCloudResourcesAnnotation is an annotation that indicates whether a guest cluster's resources should be
// removed when deleting the corresponding HostedCluster. If set to "true", resources created on the cloud provider during the life
// of the cluster will be removed, including image registry storage, ingress dns records, load balancers, and persistent storage.
CleanupCloudResourcesAnnotation = "hypershift.openshift.io/cleanup-cloud-resources"
// ResourceRequestOverrideAnnotationPrefix is a prefix for an annotation to override resource requests for a particular deployment/container
// in a hosted control plane. The format of the annotation is:
// resource-request-override.hypershift.openshift.io/[deployment-name].[container-name]: [resource-type-1]=[value1],[resource-type-2]=[value2],...
// For example, to override the memory and cpu request for the Kubernetes APIServer:
// resource-request-override.hypershift.openshift.io/kube-apiserver.kube-apiserver: memory=3Gi,cpu=2000m
ResourceRequestOverrideAnnotationPrefix = "resource-request-override.hypershift.openshift.io"
// LimitedSupportLabel is a label that can be used by consumers to indicate
// a cluster is somehow out of regular support policy.
// https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.html#rosa-limited-support_rosa-service-definition.
LimitedSupportLabel = "api.openshift.com/limited-support"
// SilenceClusterAlertsLabel is a label that can be used by consumers to indicate
// alerts from a cluster can be silenced or ignored
SilenceClusterAlertsLabel = "hypershift.openshift.io/silence-cluster-alerts"
// KubeVirtInfraCredentialsSecretName is a name of the secret in the hosted control plane namespace containing the kubeconfig
// of an external infrastructure cluster for kubevirt provider
KubeVirtInfraCredentialsSecretName = "kubevirt-infra-credentials"
// InfraIDLabel is a label that indicates the hosted cluster's infra id
// that the resource is associated with.
InfraIDLabel = "hypershift.openshift.io/infra-id"
// NodePoolNameLabel is a label that indicates the name of the node pool
// a resource is associated with
NodePoolNameLabel = "hypershift.openshift.io/nodepool-name"
// RouteVisibilityLabel is a label that can be used by external-dns to filter routes
// it should not consider for name registration
RouteVisibilityLabel = "hypershift.openshift.io/route-visibility"
// RouteVisibilityPrivate is a value for RouteVisibilityLabel that will result
// in the labeled route being ignored by external-dns
RouteVisibilityPrivate = "private"
// AllowUnsupportedKubeVirtRHCOSVariantsAnnotation allows a NodePool to use image sources
// other than the official rhcos kubevirt variant, such as the openstack variant. This
// allows the creation of guest clusters <= 4.13, which are before the rhcos kubevirt
// variant was released.
AllowUnsupportedKubeVirtRHCOSVariantsAnnotation = "hypershift.openshift.io/allow-unsupported-kubevirt-rhcos-variants"
// ImageOverridesAnnotation is passed as a flag to the CPO to allow overriding release images.
// The format of the annotation value is a commma-separated list of image=ref pairs like:
// cluster-network-operator=example.com/cno:latest,ovn-kubernetes=example.com/ovnkube:latest
ImageOverridesAnnotation = "hypershift.openshift.io/image-overrides"
// EnsureExistsPullSecretReconciliation enables a reconciliation behavior on in cluster pull secret
// resources that enables user modifications to the resources while ensuring they do exist. This
// allows users to execute workflows like disabling insights operator
EnsureExistsPullSecretReconciliation = "hypershift.openshift.io/ensureexists-pullsecret-reconcile"
// HostedClusterLabel is used as a label on nodes that are dedicated to a specific hosted cluster
HostedClusterLabel = "hypershift.openshift.io/cluster"
// RequestServingComponentLabel is used as a label on pods and nodes for dedicated serving components.
RequestServingComponentLabel = "hypershift.openshift.io/request-serving-component"
// TopologyAnnotation indicates the type of topology that should take effect for the
// hosted cluster's control plane workloads. Currently the only value supported is "dedicated-request-serving-components".
// We implicitly support shared and dedicated.
TopologyAnnotation = "hypershift.openshift.io/topology"
// HostedClusterScheduledAnnotation indicates that a hosted cluster with dedicated request serving components
// has been assigned dedicated nodes. If not present, the hosted cluster needs scheduling.
HostedClusterScheduledAnnotation = "hypershift.openshift.io/cluster-scheduled"
// DedicatedRequestServingComponentsTopology indicates that control plane request serving
// components should be scheduled on dedicated nodes in the management cluster.
DedicatedRequestServingComponentsTopology = "dedicated-request-serving-components"
// RequestServingNodeAdditionalSelectorAnnotation is used to specify an additional node selector for
// request serving nodes. The value is a comma-separated list of key=value pairs.
RequestServingNodeAdditionalSelectorAnnotation = "hypershift.openshift.io/request-serving-node-additional-selector"
// DisableMachineManagement Disable deployments related to machine management that includes cluster-api, cluster-autoscaler, machine-approver.
DisableMachineManagement = "hypershift.openshift.io/disable-machine-management"
// AllowGuestWebhooksServiceLabel marks a service deployed in the control plane as a valid target
// for validating/mutating webhooks running in the guest cluster.
AllowGuestWebhooksServiceLabel = "hypershift.openshift.io/allow-guest-webhooks"
// PodSecurityAdmissionLabelOverrideAnnotation allows overriding the pod security admission label on
// hosted control plane namespacces. The default is 'Restricted'. Valid values are 'Restricted', 'Baseline', or 'Privileged'
// See https://github.com/openshift/enhancements/blob/master/enhancements/authentication/pod-security-admission.md
PodSecurityAdmissionLabelOverrideAnnotation = "hypershift.openshift.io/pod-security-admission-label-override"
// DisableMonitoringServices introduces an option to disable monitor services IBM Cloud do not use.
DisableMonitoringServices = "hypershift.openshift.io/disable-monitoring-services"
// JSONPatchAnnotation allow modifying the kubevirt VM template using jsonpatch
JSONPatchAnnotation = "hypershift.openshift.io/kubevirt-vm-jsonpatch"
// KubeAPIServerGOGCAnnotation allows modifying the kube-apiserver GOGC environment variable to impact how often
// the GO garbage collector runs. This can be used to reduce the memory footprint of the kube-apiserver.
KubeAPIServerGOGCAnnotation = "hypershift.openshift.io/kube-apiserver-gogc"
// KubeAPIServerGOMemoryLimitAnnotation allows modifying the kube-apiserver GOMEMLIMIT environment variable to increase
// the frequency of memory collection when memory used rises above a particular threshhold. This can be used to reduce
// the memory footprint of the kube-apiserver during upgrades.
KubeAPIServerGOMemoryLimitAnnotation = "hypershift.openshift.io/kube-apiserver-gomemlimit"
// AWSLoadBalancerSubnetsAnnotation allows specifying the subnets to use for control plane load balancers
// in the AWS platform.
AWSLoadBalancerSubnetsAnnotation = "hypershift.openshift.io/aws-load-balancer-subnets"
// DisableClusterAutoscalerAnnotation allows disabling the cluster autoscaler for a hosted cluster.
// This annotation is only set by the hypershift-operator on HosterControlPlanes.
// It is not set by the end-user.
DisableClusterAutoscalerAnnotation = "hypershift.openshift.io/disable-cluster-autoscaler"
// AroHCP represents the ARO HCP managed service offering
AroHCP = "ARO-HCP"
// RosaHCP represents the ROSA HCP managed service offering
RosaHCP = "ROSA-HCP"
// HostedClusterSizeLabel is a label on HostedClusters indicating a size based on the number of nodes.
HostedClusterSizeLabel = "hypershift.openshift.io/hosted-cluster-size"
// NodeSizeLabel is a label on nodes used to match cluster size to a node size.
NodeSizeLabel = "hypershift.openshift.io/cluster-size"
// ManagementPlatformAnnotation specifies the infrastructure platform of the underlying management cluster
ManagementPlatformAnnotation = "hypershift.openshift.io/management-platform"
)
// HostedClusterSpec is the desired behavior of a HostedCluster.
type HostedClusterSpec struct {
// Release specifies the desired OCP release payload for the hosted cluster.
//
// Updating this field will trigger a rollout of the control plane. The
// behavior of the rollout will be driven by the ControllerAvailabilityPolicy
// and InfrastructureAvailabilityPolicy.
Release Release `json:"release"`
// ControlPlaneRelease specifies the desired OCP release payload for
// control plane components running on the management cluster.
// Updating this field will trigger a rollout of the control plane. The
// behavior of the rollout will be driven by the ControllerAvailabilityPolicy
// and InfrastructureAvailabilityPolicy.
// If not defined, Release is used
// +optional
ControlPlaneRelease *Release `json:"controlPlaneRelease,omitempty"`
// ClusterID uniquely identifies this cluster. This is expected to be
// an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in
// hexadecimal values).
// As with a Kubernetes metadata.uid, this ID uniquely identifies this
// cluster in space and time.
// This value identifies the cluster in metrics pushed to telemetry and
// metrics produced by the control plane operators. If a value is not
// specified, an ID is generated. After initial creation, the value is
// immutable.
// +kubebuilder:validation:Pattern:="[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}"
// +optional
ClusterID string `json:"clusterID,omitempty"`
// updateService may be used to specify the preferred upstream update service.
// By default it will use the appropriate update service for the cluster and region.
//
// +optional
UpdateService configv1.URL `json:"updateService,omitempty"`
// channel is an identifier for explicitly requesting that a non-default
// set of updates be applied to this cluster. The default channel will be
// contain stable updates that are appropriate for production clusters.
//
// +optional
Channel string `json:"channel,omitempty"`
// InfraID is a globally unique identifier for the cluster. This identifier
// will be used to associate various cloud resources with the HostedCluster
// and its associated NodePools.
//
// +optional
// +immutable
InfraID string `json:"infraID,omitempty"`
// Platform specifies the underlying infrastructure provider for the cluster
// and is used to configure platform specific behavior.
//
// +immutable
Platform PlatformSpec `json:"platform"`
// ControllerAvailabilityPolicy specifies the availability policy applied to
// critical control plane components. The default value is HighlyAvailable.
//
// +optional
// +kubebuilder:default:="HighlyAvailable"
// +immutable
ControllerAvailabilityPolicy AvailabilityPolicy `json:"controllerAvailabilityPolicy,omitempty"`
// InfrastructureAvailabilityPolicy specifies the availability policy applied
// to infrastructure services which run on cluster nodes. The default value is
// SingleReplica.
//
// +optional
// +kubebuilder:default:="SingleReplica"
// +immutable
InfrastructureAvailabilityPolicy AvailabilityPolicy `json:"infrastructureAvailabilityPolicy,omitempty"`
// DNS specifies DNS configuration for the cluster.
//
// +immutable
DNS DNSSpec `json:"dns,omitempty"`
// Networking specifies network configuration for the cluster.
//
// +immutable
// +kubebuilder:default={networkType: "OVNKubernetes", clusterNetwork: {{cidr: "10.132.0.0/14"}}, serviceNetwork: {{cidr: "172.31.0.0/16"}}}
Networking ClusterNetworking `json:"networking"`
// Autoscaling specifies auto-scaling behavior that applies to all NodePools
// associated with the control plane.
//
// +optional
Autoscaling ClusterAutoscaling `json:"autoscaling,omitempty"`
// Etcd specifies configuration for the control plane etcd cluster. The
// default ManagementType is Managed. Once set, the ManagementType cannot be
// changed.
//
// +kubebuilder:validation:Optional
// +kubebuilder:default={managementType: "Managed", managed: {storage: {type: "PersistentVolume", persistentVolume: {size: "8Gi"}}}}
// +immutable
Etcd EtcdSpec `json:"etcd"`
// Services specifies how individual control plane services are published from
// the hosting cluster of the control plane.
//
// If a given service is not present in this list, it will be exposed publicly
// by default.
Services []ServicePublishingStrategyMapping `json:"services"`
// PullSecret references a pull secret to be injected into the container
// runtime of all cluster nodes. The secret must have a key named
// ".dockerconfigjson" whose value is the pull secret JSON.
PullSecret corev1.LocalObjectReference `json:"pullSecret"`
// SSHKey references an SSH key to be injected into all cluster node sshd
// servers. The secret must have a single key "id_rsa.pub" whose value is the
// public part of an SSH key.
//
// +immutable
SSHKey corev1.LocalObjectReference `json:"sshKey"`
// IssuerURL is an OIDC issuer URL which is used as the issuer in all
// ServiceAccount tokens generated by the control plane API server. The
// default value is kubernetes.default.svc, which only works for in-cluster
// validation.
//
// +kubebuilder:default:="https://kubernetes.default.svc"
// +immutable
// +optional
// +kubebuilder:validation:Format=uri
IssuerURL string `json:"issuerURL,omitempty"`
// ServiceAccountSigningKey is a reference to a secret containing the private key
// used by the service account token issuer. The secret is expected to contain
// a single key named "key". If not specified, a service account signing key will
// be generated automatically for the cluster. When specifying a service account
// signing key, a IssuerURL must also be specified.
//
// +immutable
// +kubebuilder:validation:Optional
// +optional
ServiceAccountSigningKey *corev1.LocalObjectReference `json:"serviceAccountSigningKey,omitempty"`
// Configuration specifies configuration for individual OCP components in the
// cluster, represented as embedded resources that correspond to the openshift
// configuration API.
//
// +kubebuilder:validation:Optional
// +optional
Configuration *ClusterConfiguration `json:"configuration,omitempty"`
// AuditWebhook contains metadata for configuring an audit webhook endpoint
// for a cluster to process cluster audit events. It references a secret that
// contains the webhook information for the audit webhook endpoint. It is a
// secret because if the endpoint has mTLS the kubeconfig will contain client
// keys. The kubeconfig needs to be stored in the secret with a secret key
// name that corresponds to the constant AuditWebhookKubeconfigKey.
//
// +optional
// +immutable
AuditWebhook *corev1.LocalObjectReference `json:"auditWebhook,omitempty"`
// ImageContentSources specifies image mirrors that can be used by cluster
// nodes to pull content.
//
// +optional
// +immutable
ImageContentSources []ImageContentSource `json:"imageContentSources,omitempty"`
// AdditionalTrustBundle is a reference to a ConfigMap containing a
// PEM-encoded X.509 certificate bundle that will be added to the hosted controlplane and nodes
//
// +optional
AdditionalTrustBundle *corev1.LocalObjectReference `json:"additionalTrustBundle,omitempty"`
// SecretEncryption specifies a Kubernetes secret encryption strategy for the
// control plane.
//
// +optional
SecretEncryption *SecretEncryptionSpec `json:"secretEncryption,omitempty"`
// FIPS indicates whether this cluster's nodes will be running in FIPS mode.
// If set to true, the control plane's ignition server will be configured to
// expect that nodes joining the cluster will be FIPS-enabled.
//
// +optional
// +immutable
FIPS bool `json:"fips"`
// PausedUntil is a field that can be used to pause reconciliation on a resource.
// Either a date can be provided in RFC3339 format or a boolean. If a date is
// provided: reconciliation is paused on the resource until that date. If the boolean true is
// provided: reconciliation is paused on the resource until the field is removed.
// +optional
PausedUntil *string `json:"pausedUntil,omitempty"`
// OLMCatalogPlacement specifies the placement of OLM catalog components. By default,
// this is set to management and OLM catalog components are deployed onto the management
// cluster. If set to guest, the OLM catalog components will be deployed onto the guest
// cluster.
//
// +kubebuilder:default=management
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="OLMCatalogPlacement is immutable"
// +optional
// +immutable
OLMCatalogPlacement OLMCatalogPlacement `json:"olmCatalogPlacement,omitempty"`
// NodeSelector when specified, must be true for the pods managed by the HostedCluster to be scheduled.
//
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
}
// OLMCatalogPlacement is an enum specifying the placement of OLM catalog components.
// +kubebuilder:validation:Enum=management;guest
type OLMCatalogPlacement string
const (
// ManagementOLMCatalogPlacement indicates OLM catalog components will be placed in
// the management cluster.
ManagementOLMCatalogPlacement OLMCatalogPlacement = "management"
// GuestOLMCatalogPlacement indicates OLM catalog components will be placed in
// the guest cluster.
GuestOLMCatalogPlacement OLMCatalogPlacement = "guest"
)
func (olm *OLMCatalogPlacement) String() string {
return string(*olm)
}
func (olm *OLMCatalogPlacement) Set(s string) error {
switch strings.ToLower(s) {
case "guest":
*olm = GuestOLMCatalogPlacement
case "management":
*olm = ManagementOLMCatalogPlacement
default:
return fmt.Errorf("unknown OLMCatalogPlacement type used '%s'", s)
}
return nil
}
func (olm *OLMCatalogPlacement) Type() string {
return "OLMCatalogPlacement"
}
// ImageContentSource specifies image mirrors that can be used by cluster nodes
// to pull content. For cluster workloads, if a container image registry host of
// the pullspec matches Source then one of the Mirrors are substituted as hosts
// in the pullspec and tried in order to fetch the image.
type ImageContentSource struct {
// Source is the repository that users refer to, e.g. in image pull
// specifications.
//
// +immutable
Source string `json:"source"`
// Mirrors are one or more repositories that may also contain the same images.
//
// +optional
// +immutable
Mirrors []string `json:"mirrors,omitempty"`
}
// ServicePublishingStrategyMapping specifies how individual control plane
// services are published from the hosting cluster of a control plane.
type ServicePublishingStrategyMapping struct {
// Service identifies the type of service being published.
//
// +kubebuilder:validation:Enum=APIServer;OAuthServer;OIDC;Konnectivity;Ignition;OVNSbDb
// +immutable
Service ServiceType `json:"service"`
// ServicePublishingStrategy specifies how to publish Service.
ServicePublishingStrategy `json:"servicePublishingStrategy"`
}
// ServicePublishingStrategy specfies how to publish a ServiceType.
type ServicePublishingStrategy struct {
// Type is the publishing strategy used for the service.
//
// +kubebuilder:validation:Enum=LoadBalancer;NodePort;Route;None;S3
// +immutable
Type PublishingStrategyType `json:"type"`
// NodePort configures exposing a service using a NodePort.
NodePort *NodePortPublishingStrategy `json:"nodePort,omitempty"`
// LoadBalancer configures exposing a service using a LoadBalancer.
LoadBalancer *LoadBalancerPublishingStrategy `json:"loadBalancer,omitempty"`
// Route configures exposing a service using a Route.
Route *RoutePublishingStrategy `json:"route,omitempty"`
}
// PublishingStrategyType defines publishing strategies for services.
type PublishingStrategyType string
var (
// LoadBalancer exposes a service with a LoadBalancer kube service.
LoadBalancer PublishingStrategyType = "LoadBalancer"
// NodePort exposes a service with a NodePort kube service.
NodePort PublishingStrategyType = "NodePort"
// Route exposes services with a Route + ClusterIP kube service.
Route PublishingStrategyType = "Route"
// S3 exposes a service through an S3 bucket
S3 PublishingStrategyType = "S3"
// None disables exposing the service
None PublishingStrategyType = "None"
)
// ServiceType defines what control plane services can be exposed from the
// management control plane.
type ServiceType string
var (
// APIServer is the control plane API server.
APIServer ServiceType = "APIServer"
// Konnectivity is the control plane Konnectivity networking service.
Konnectivity ServiceType = "Konnectivity"
// OAuthServer is the control plane OAuth service.
OAuthServer ServiceType = "OAuthServer"
// OIDC is the control plane OIDC service.
OIDC ServiceType = "OIDC"
// Ignition is the control plane ignition service for nodes.
Ignition ServiceType = "Ignition"
// OVNSbDb is the optional control plane ovn southbound database service used by OVNKubernetes CNI.
OVNSbDb ServiceType = "OVNSbDb"
)
// NodePortPublishingStrategy specifies a NodePort used to expose a service.
type NodePortPublishingStrategy struct {
// Address is the host/ip that the NodePort service is exposed over.
Address string `json:"address"`
// Port is the port of the NodePort service. If <=0, the port is dynamically
// assigned when the service is created.
Port int32 `json:"port,omitempty"`
}
// LoadBalancerPublishingStrategy specifies setting used to expose a service as a LoadBalancer.
type LoadBalancerPublishingStrategy struct {
// Hostname is the name of the DNS record that will be created pointing to the LoadBalancer.
// +optional
Hostname string `json:"hostname,omitempty"`
}
// RoutePublishingStrategy specifies options for exposing a service as a Route.
type RoutePublishingStrategy struct {
// Hostname is the name of the DNS record that will be created pointing to the Route.
// +optional
Hostname string `json:"hostname,omitempty"`
}
// DNSSpec specifies the DNS configuration in the cluster.
type DNSSpec struct {
// BaseDomain is the base domain of the cluster.
//
// +immutable
BaseDomain string `json:"baseDomain"`
// BaseDomainPrefix is the base domain prefix of the cluster.
// defaults to clusterName if not set. Set it to "" if you don't want a prefix to be prepended to BaseDomain.
//
// +optional
// +immutable
BaseDomainPrefix *string `json:"baseDomainPrefix,omitempty"`
// PublicZoneID is the Hosted Zone ID where all the DNS records that are
// publicly accessible to the internet exist.
//
// +optional
// +immutable
PublicZoneID string `json:"publicZoneID,omitempty"`
// PrivateZoneID is the Hosted Zone ID where all the DNS records that are only
// available internally to the cluster exist.
//
// +optional
// +immutable
PrivateZoneID string `json:"privateZoneID,omitempty"`
}
// ClusterNetworking specifies network configuration for a cluster.
type ClusterNetworking struct {
// MachineNetwork is the list of IP address pools for machines.
//
// +immutable
// +optional
MachineNetwork []MachineNetworkEntry `json:"machineNetwork,omitempty"`
// ClusterNetwork is the list of IP address pools for pods.
//
// +immutable
// +kubebuilder:default:={{cidr: "10.132.0.0/14"}}
ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"`
// ServiceNetwork is the list of IP address pools for services.
// NOTE: currently only one entry is supported.
//
// +optional
// +kubebuilder:default:={{cidr: "172.31.0.0/16"}}
ServiceNetwork []ServiceNetworkEntry `json:"serviceNetwork"`
// NetworkType specifies the SDN provider used for cluster networking.
//
// +kubebuilder:default:="OVNKubernetes"
// +immutable
NetworkType NetworkType `json:"networkType"`
// APIServer contains advanced network settings for the API server that affect
// how the APIServer is exposed inside a cluster node.
//
// +immutable
APIServer *APIServerNetworking `json:"apiServer,omitempty"`
}
// MachineNetworkEntry is a single IP address block for node IP blocks.
type MachineNetworkEntry struct {
// CIDR is the IP block address pool for machines within the cluster.
CIDR ipnet.IPNet `json:"cidr"`
}
// ClusterNetworkEntry is a single IP address block for pod IP blocks. IP blocks
// are allocated with size 2^HostSubnetLength.
type ClusterNetworkEntry struct {
// CIDR is the IP block address pool.
CIDR ipnet.IPNet `json:"cidr"`
// HostPrefix is the prefix size to allocate to each node from the CIDR.
// For example, 24 would allocate 2^8=256 adresses to each node. If this
// field is not used by the plugin, it can be left unset.
// +optional
HostPrefix int32 `json:"hostPrefix,omitempty"`
}
// ServiceNetworkEntry is a single IP address block for the service network.
type ServiceNetworkEntry struct {
// CIDR is the IP block address pool for services within the cluster.
CIDR ipnet.IPNet `json:"cidr"`
}
// +kubebuilder:validation:Pattern:=`^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$`
type CIDRBlock string
// APIServerNetworking specifies how the APIServer is exposed inside a cluster
// node.
type APIServerNetworking struct {
// AdvertiseAddress is the address that nodes will use to talk to the API
// server. This is an address associated with the loopback adapter of each
// node. If not specified, the controller will take default values.
// The default values will be set as 172.20.0.1 or fd00::1.
AdvertiseAddress *string `json:"advertiseAddress,omitempty"`
// Port is the port at which the APIServer is exposed inside a node. Other
// pods using host networking cannot listen on this port.
// If unset 6443 is used.
// This is useful to choose a port other than the default one which might interfere with customer environments e.g. https://github.com/openshift/hypershift/pull/356.
// Setting this to 443 is possible only for backward compatibility reasons and it's discouraged.
// Doing so, it would result in the controller overriding the KAS endpoint in the guest cluster having a discrepancy with the KAS Pod and potentially causing temporarily network failures.
Port *int32 `json:"port,omitempty"`
// AllowedCIDRBlocks is an allow list of CIDR blocks that can access the APIServer
// If not specified, traffic is allowed from all addresses.
// This depends on underlying support by the cloud provider for Service LoadBalancerSourceRanges
AllowedCIDRBlocks []CIDRBlock `json:"allowedCIDRBlocks,omitempty"`
}
// NetworkType specifies the SDN provider used for cluster networking.
//
// +kubebuilder:validation:Enum=OpenShiftSDN;Calico;OVNKubernetes;Other
type NetworkType string
const (
// OpenShiftSDN specifies OpenShiftSDN as the SDN provider
OpenShiftSDN NetworkType = "OpenShiftSDN"
// Calico specifies Calico as the SDN provider
Calico NetworkType = "Calico"
// OVNKubernetes specifies OVN as the SDN provider
OVNKubernetes NetworkType = "OVNKubernetes"
// Other specifies an undefined SDN provider
Other NetworkType = "Other"
)
// PlatformType is a specific supported infrastructure provider.
//
// +kubebuilder:validation:Enum=AWS;None;IBMCloud;Agent;KubeVirt;Azure;PowerVS
type PlatformType string
const (
// AWSPlatform represents Amazon Web Services infrastructure.
AWSPlatform PlatformType = "AWS"
// NonePlatform represents user supplied (e.g. bare metal) infrastructure.
NonePlatform PlatformType = "None"
// IBMCloudPlatform represents IBM Cloud infrastructure.
IBMCloudPlatform PlatformType = "IBMCloud"
// AgentPlatform represents user supplied insfrastructure booted with agents.
AgentPlatform PlatformType = "Agent"
// KubevirtPlatform represents Kubevirt infrastructure.
KubevirtPlatform PlatformType = "KubeVirt"
// AzurePlatform represents Azure infrastructure.
AzurePlatform PlatformType = "Azure"
// PowerVSPlatform represents PowerVS infrastructure.
PowerVSPlatform PlatformType = "PowerVS"
)
// List all PlatformType instances
func PlatformTypes() []PlatformType {
return []PlatformType{
AWSPlatform,
NonePlatform,
IBMCloudPlatform,
AgentPlatform,
KubevirtPlatform,
AzurePlatform,
PowerVSPlatform,
}
}
// PlatformSpec specifies the underlying infrastructure provider for the cluster
// and is used to configure platform specific behavior.
type PlatformSpec struct {
// Type is the type of infrastructure provider for the cluster.
//
// +unionDiscriminator
// +immutable
Type PlatformType `json:"type"`
// AWS specifies configuration for clusters running on Amazon Web Services.
//
// +optional
// +immutable
AWS *AWSPlatformSpec `json:"aws,omitempty"`
// Agent specifies configuration for agent-based installations.
//
// +optional
// +immutable
Agent *AgentPlatformSpec `json:"agent,omitempty"`
// IBMCloud defines IBMCloud specific settings for components
IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"`
// Azure defines azure specific settings
Azure *AzurePlatformSpec `json:"azure,omitempty"`
// PowerVS specifies configuration for clusters running on IBMCloud Power VS Service.
// This field is immutable. Once set, It can't be changed.
//
// +optional
// +immutable
PowerVS *PowerVSPlatformSpec `json:"powervs,omitempty"`
// KubeVirt defines KubeVirt specific settings for cluster components.
//
// +optional
// +immutable
Kubevirt *KubevirtPlatformSpec `json:"kubevirt,omitempty"`
}
type KubevirtPlatformCredentials struct {
// InfraKubeConfigSecret is a reference to a secret that contains the kubeconfig for the external infra cluster
// that will be used to host the KubeVirt virtual machines for this cluster.
//
// +immutable
// +kubebuilder:validation:Required
// +required
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="infraKubeConfigSecret is immutable"
InfraKubeConfigSecret *KubeconfigSecretRef `json:"infraKubeConfigSecret,omitempty"`
// InfraNamespace defines the namespace on the external infra cluster that is used to host the KubeVirt
// virtual machines. This namespace must already exist before creating the HostedCluster and the kubeconfig
// referenced in the InfraKubeConfigSecret must have access to manage the required resources within this
// namespace.
//
// +immutable
// +kubebuilder:validation:Required
// +required
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="infraNamespace is immutable"
InfraNamespace string `json:"infraNamespace"`
}
// KubevirtPlatformSpec specifies configuration for kubevirt guest cluster installations
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.generateID) || has(self.generateID)", message="Kubevirt GenerateID is required once set"
type KubevirtPlatformSpec struct {
// BaseDomainPassthrough toggles whether or not an automatically
// generated base domain for the guest cluster should be used that
// is a subdomain of the management cluster's *.apps DNS.
//
// For the KubeVirt platform, the basedomain can be autogenerated using
// the *.apps domain of the management/infra hosting cluster
// This makes the guest cluster's base domain a subdomain of the
// hypershift infra/mgmt cluster's base domain.
//
// Example:
// Infra/Mgmt cluster's DNS
// Base: example.com
// Cluster: mgmt-cluster.example.com
// Apps: *.apps.mgmt-cluster.example.com
// KubeVirt Guest cluster's DNS
// Base: apps.mgmt-cluster.example.com
// Cluster: guest.apps.mgmt-cluster.example.com
// Apps: *.apps.guest.apps.mgmt-cluster.example.com
//
// This is possible using OCP wildcard routes
//
// +optional
// +immutable
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="baseDomainPassthrough is immutable"
BaseDomainPassthrough *bool `json:"baseDomainPassthrough,omitempty"`
// GenerateID is used to uniquely apply a name suffix to resources associated with
// kubevirt infrastructure resources
// +kubebuilder:validation:Optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Kubevirt GenerateID is immutable once set"
// +kubebuilder:validation:MaxLength=11
// +optional
GenerateID string `json:"generateID,omitempty"`
// Credentials defines the client credentials used when creating KubeVirt virtual machines.
// Defining credentials is only necessary when the KubeVirt virtual machines are being placed
// on a cluster separate from the one hosting the Hosted Control Plane components.
//
// The default behavior when Credentials is not defined is for the KubeVirt VMs to be placed on
// the same cluster and namespace as the Hosted Control Plane.
// +optional
Credentials *KubevirtPlatformCredentials `json:"credentials,omitempty"`
// StorageDriver defines how the KubeVirt CSI driver exposes StorageClasses on
// the infra cluster (hosting the VMs) to the guest cluster.
//
// +kubebuilder:validation:Optional
// +optional
// +immutable
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="storageDriver is immutable"
StorageDriver *KubevirtStorageDriverSpec `json:"storageDriver,omitempty"`
}
// KubevirtStorageDriverConfigType defines how the kubevirt storage driver is configured.
//
// +kubebuilder:validation:Enum=None;Default;Manual
type KubevirtStorageDriverConfigType string
const (
// NoneKubevirtStorageDriverConfigType means no kubevirt storage driver is used
NoneKubevirtStorageDriverConfigType KubevirtStorageDriverConfigType = "None"
// DefaultKubevirtStorageDriverConfigType means the kubevirt storage driver maps to the
// underlying infra cluster's default storageclass
DefaultKubevirtStorageDriverConfigType KubevirtStorageDriverConfigType = "Default"
// ManualKubevirtStorageDriverConfigType means the kubevirt storage driver mapping is
// explicitly defined.
ManualKubevirtStorageDriverConfigType KubevirtStorageDriverConfigType = "Manual"
)
type KubevirtStorageDriverSpec struct {
// Type represents the type of kubevirt csi driver configuration to use
//
// +unionDiscriminator
// +immutable
// +kubebuilder:default=Default
// +optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="storageDriver.Type is immutable"
Type KubevirtStorageDriverConfigType `json:"type,omitempty"`
// Manual is used to explicilty define how the infra storageclasses are
// mapped to guest storageclasses
//
// +immutable
// +optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="storageDriver.Manual is immutable"
Manual *KubevirtManualStorageDriverConfig `json:"manual,omitempty"`
}
type KubevirtManualStorageDriverConfig struct {
// StorageClassMapping maps StorageClasses on the infra cluster hosting
// the KubeVirt VMs to StorageClasses that are made available within the
// Guest Cluster.
//
// NOTE: It is possible that not all capablities of an infra cluster's
// storageclass will be present for the corresponding guest clusters storageclass.
//
// +optional
// +immutable
// +kubebuilder:validation:Optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="storageClassMapping is immutable"
StorageClassMapping []KubevirtStorageClassMapping `json:"storageClassMapping,omitempty"`
// +optional
// +immutable
// +kubebuilder:validation:Optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="volumeSnapshotClassMapping is immutable"
VolumeSnapshotClassMapping []KubevirtVolumeSnapshotClassMapping `json:"volumeSnapshotClassMapping,omitempty"`
}
type KubevirtStorageClassMapping struct {