diff --git a/go.mod b/go.mod
index 7c80d8b9ba..d092d310d3 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,7 @@ require (
github.com/onsi/ginkgo/v2 v2.27.2
github.com/onsi/gomega v1.38.2
github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7
- github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42
+ github.com/openshift/api v0.0.0-20251111193948-50e2ece149d7
github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235
github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d
github.com/openshift/cluster-control-plane-machine-set-operator v0.0.0-20251029084908-344babe6a957
diff --git a/go.sum b/go.sum
index 8bd9a898a4..fd132c885f 100644
--- a/go.sum
+++ b/go.sum
@@ -449,8 +449,8 @@ github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jD
github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7 h1:Z1swlS6b3Adm6RPhjqefs3DWnNFLDxRX+WC8GMXhja4=
github.com/openshift-eng/openshift-tests-extension v0.0.0-20251105193959-75a0be5d9bd7/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M=
-github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42 h1:Mo2FlDdoCZ+BE2W4C0lNcxEDeIIhfsYFP6vj4Sggp8w=
-github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
+github.com/openshift/api v0.0.0-20251111193948-50e2ece149d7 h1:MemawsK6SpxEaE5y0NqO5sIX3yTLIIyP89w6DGKukAk=
+github.com/openshift/api v0.0.0-20251111193948-50e2ece149d7/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 h1:9JBeIXmnHlpXTQPi7LPmu1jdxznBhAE7bb1K+3D8gxY=
github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235/go.mod h1:L49W6pfrZkfOE5iC1PqEkuLkXG4W0BX4w8b+L2Bv7fM=
github.com/openshift/cluster-api-actuator-pkg/testutils v0.0.0-20250910145856-21d03d30056d h1:+sqUThLi/lmgT5/scmmjnS6+RZFtbdxRAscNfCPyLPI=
diff --git a/pkg/webhooks/machine_webhook.go b/pkg/webhooks/machine_webhook.go
index ebcd3d830f..39d939e9dd 100644
--- a/pkg/webhooks/machine_webhook.go
+++ b/pkg/webhooks/machine_webhook.go
@@ -799,32 +799,6 @@ func validateAWS(m *machinev1beta1.Machine, config *admissionConfig) (bool, []st
// TODO(alberto): Validate providerSpec.BlockDevices.
// https://github.com/openshift/cluster-api-provider-aws/pull/299#discussion_r433920532
- for i, blockDevice := range providerSpec.BlockDevices {
- ebs := blockDevice.EBS
- if ebs == nil || ebs.VolumeType == nil || ebs.ThroughputMib == nil {
- continue
- }
-
- throughputPath := field.NewPath("providerSpec", "blockDevices").Index(i).Child("ebs", "throughputMib")
- throughputValue := *ebs.ThroughputMib
-
- if *ebs.VolumeType != "gp3" {
- errs = append(errs, field.Invalid(
- throughputPath,
- throughputValue,
- "only valid for gp3 volumes",
- ))
- continue
- }
-
- if throughputValue < 125 || throughputValue > 2000 {
- errs = append(errs, field.Invalid(
- throughputPath,
- throughputValue,
- "must be a value between 125 and 2000",
- ))
- }
- }
switch providerSpec.Placement.Tenancy {
case "", machinev1beta1.DefaultTenancy, machinev1beta1.DedicatedTenancy, machinev1beta1.HostTenancy:
diff --git a/pkg/webhooks/machine_webhook_test.go b/pkg/webhooks/machine_webhook_test.go
index d64e8b7835..827c1a2d04 100644
--- a/pkg/webhooks/machine_webhook_test.go
+++ b/pkg/webhooks/machine_webhook_test.go
@@ -451,90 +451,6 @@ func TestMachineCreation(t *testing.T) {
},
expectedError: "admission webhook \"validation.machine.machine.openshift.io\" denied the request: spec.hostPlacement.dedicatedHost.id: Invalid value: \"invalid\": id must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)",
},
- {
- name: "with VolumeType set to gp3 and Throughput set under minium value",
- platformType: osconfigv1.AWSPlatformType,
- clusterID: "aws-cluster",
- providerSpecValue: &kruntime.RawExtension{
- Object: &machinev1beta1.AWSMachineProviderConfig{
- AMI: machinev1beta1.AWSResourceReference{
- ID: ptr.To[string]("ami"),
- },
- BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
- {
- EBS: &machinev1beta1.EBSBlockDeviceSpec{
- VolumeType: ptr.To[string]("gp3"),
- ThroughputMib: ptr.To[int32](124),
- },
- },
- },
- },
- },
- expectedError: "must be a value between 125 and 2000",
- },
- {
- name: "with VolumeType set to gp3 and Throughput set over maxium value",
- platformType: osconfigv1.AWSPlatformType,
- clusterID: "aws-cluster",
- providerSpecValue: &kruntime.RawExtension{
- Object: &machinev1beta1.AWSMachineProviderConfig{
- AMI: machinev1beta1.AWSResourceReference{
- ID: ptr.To[string]("ami"),
- },
- BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
- {
- EBS: &machinev1beta1.EBSBlockDeviceSpec{
- VolumeType: ptr.To[string]("gp3"),
- ThroughputMib: ptr.To[int32](2001),
- },
- },
- },
- },
- },
- expectedError: "must be a value between 125 and 2000",
- },
- {
- name: "with VolumeType set to gp3 and Throughput set within range",
- platformType: osconfigv1.AWSPlatformType,
- clusterID: "aws-cluster",
- providerSpecValue: &kruntime.RawExtension{
- Object: &machinev1beta1.AWSMachineProviderConfig{
- AMI: machinev1beta1.AWSResourceReference{
- ID: ptr.To[string]("ami"),
- },
- BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
- {
- EBS: &machinev1beta1.EBSBlockDeviceSpec{
- VolumeType: ptr.To[string]("gp3"),
- ThroughputMib: ptr.To[int32](1000),
- },
- },
- },
- },
- },
- expectedError: "",
- },
- {
- name: "with Throughput set on non gp3 volume",
- platformType: osconfigv1.AWSPlatformType,
- clusterID: "aws-cluster",
- providerSpecValue: &kruntime.RawExtension{
- Object: &machinev1beta1.AWSMachineProviderConfig{
- AMI: machinev1beta1.AWSResourceReference{
- ID: ptr.To[string]("ami"),
- },
- BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
- {
- EBS: &machinev1beta1.EBSBlockDeviceSpec{
- VolumeType: ptr.To[string]("io1"),
- ThroughputMib: ptr.To[int32](124),
- },
- },
- },
- },
- },
- expectedError: "only valid for gp3 volumes",
- },
{
name: "with Azure and a nil provider spec value",
platformType: osconfigv1.AzurePlatformType,
diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
index 2f80945d38..005702e993 100644
--- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
+++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
@@ -183,17 +183,6 @@ const (
LoadBalancerTypeOpenShiftManagedDefault PlatformLoadBalancerType = "OpenShiftManagedDefault"
)
-// DNSRecordsType defines whether api, api-int, and ingress records are provided by
-// the internal DNS infrastructure or must be configured external to the cluster.
-// +kubebuilder:validation:Enum=Internal;External
-// +enum
-type DNSRecordsType string
-
-const (
- DNSRecordsTypeExternal DNSRecordsType = "External"
- DNSRecordsTypeInternal DNSRecordsType = "Internal"
-)
-
// PlatformType is a specific supported infrastructure provider.
// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud;KubeVirt;EquinixMetal;PowerVS;AlibabaCloud;Nutanix;External
type PlatformType string
@@ -1033,7 +1022,6 @@ type BareMetalPlatformSpec struct {
// BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider.
// For more information about the network architecture used with the BareMetal platform type, see:
// https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged"
type BareMetalPlatformStatus struct {
// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
// by components inside the cluster, like kubelets using the infrastructure rather
@@ -1086,22 +1074,6 @@ type BareMetalPlatformStatus struct {
// +optional
LoadBalancer *BareMetalPlatformLoadBalancer `json:"loadBalancer,omitempty"`
- // dnsRecordsType determines whether records for api, api-int, and ingress
- // are provided by the internal DNS service or externally.
- // Allowed values are `Internal`, `External`, and omitted.
- // When set to `Internal`, records are provided by the internal infrastructure and
- // no additional user configuration is required for the cluster to function.
- // When set to `External`, records are not provided by the internal infrastructure
- // and must be configured by the user on a DNS server outside the cluster.
- // Cluster nodes must use this external server for their upstream DNS requests.
- // This value may only be set when loadBalancer.type is set to UserManaged.
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default is `Internal`.
- // +openshift:enable:FeatureGate=OnPremDNSRecords
- // +optional
- DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"`
-
// machineNetworks are IP networks used to connect all the OpenShift cluster nodes.
// +listType=atomic
// +kubebuilder:validation:MaxItems=32
@@ -1178,7 +1150,6 @@ type OpenStackPlatformSpec struct {
}
// OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged"
type OpenStackPlatformStatus struct {
// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
// by components inside the cluster, like kubelets using the infrastructure rather
@@ -1235,22 +1206,6 @@ type OpenStackPlatformStatus struct {
// +optional
LoadBalancer *OpenStackPlatformLoadBalancer `json:"loadBalancer,omitempty"`
- // dnsRecordsType determines whether records for api, api-int, and ingress
- // are provided by the internal DNS service or externally.
- // Allowed values are `Internal`, `External`, and omitted.
- // When set to `Internal`, records are provided by the internal infrastructure and
- // no additional user configuration is required for the cluster to function.
- // When set to `External`, records are not provided by the internal infrastructure
- // and must be configured by the user on a DNS server outside the cluster.
- // Cluster nodes must use this external server for their upstream DNS requests.
- // This value may only be set when loadBalancer.type is set to UserManaged.
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default is `Internal`.
- // +openshift:enable:FeatureGate=OnPremDNSRecords
- // +optional
- DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"`
-
// machineNetworks are IP networks used to connect all the OpenShift cluster nodes.
// +listType=atomic
// +kubebuilder:validation:MaxItems=32
@@ -1285,7 +1240,6 @@ type OvirtPlatformLoadBalancer struct {
type OvirtPlatformSpec struct{}
// OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged"
type OvirtPlatformStatus struct {
// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
// by components inside the cluster, like kubelets using the infrastructure rather
@@ -1332,22 +1286,6 @@ type OvirtPlatformStatus struct {
// +kubebuilder:default={"type": "OpenShiftManagedDefault"}
// +optional
LoadBalancer *OvirtPlatformLoadBalancer `json:"loadBalancer,omitempty"`
-
- // dnsRecordsType determines whether records for api, api-int, and ingress
- // are provided by the internal DNS service or externally.
- // Allowed values are `Internal`, `External`, and omitted.
- // When set to `Internal`, records are provided by the internal infrastructure and
- // no additional user configuration is required for the cluster to function.
- // When set to `External`, records are not provided by the internal infrastructure
- // and must be configured by the user on a DNS server outside the cluster.
- // Cluster nodes must use this external server for their upstream DNS requests.
- // This value may only be set when loadBalancer.type is set to UserManaged.
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default is `Internal`.
- // +openshift:enable:FeatureGate=OnPremDNSRecords
- // +optional
- DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"`
}
// VSpherePlatformLoadBalancer defines the load balancer used by the cluster on VSphere platform.
@@ -1745,7 +1683,6 @@ type VSpherePlatformSpec struct {
}
// VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged"
type VSpherePlatformStatus struct {
// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
// by components inside the cluster, like kubelets using the infrastructure rather
@@ -1798,22 +1735,6 @@ type VSpherePlatformStatus struct {
// +optional
LoadBalancer *VSpherePlatformLoadBalancer `json:"loadBalancer,omitempty"`
- // dnsRecordsType determines whether records for api, api-int, and ingress
- // are provided by the internal DNS service or externally.
- // Allowed values are `Internal`, `External`, and omitted.
- // When set to `Internal`, records are provided by the internal infrastructure and
- // no additional user configuration is required for the cluster to function.
- // When set to `External`, records are not provided by the internal infrastructure
- // and must be configured by the user on a DNS server outside the cluster.
- // Cluster nodes must use this external server for their upstream DNS requests.
- // This value may only be set when loadBalancer.type is set to UserManaged.
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default is `Internal`.
- // +openshift:enable:FeatureGate=OnPremDNSRecords
- // +optional
- DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"`
-
// machineNetworks are IP networks used to connect all the OpenShift cluster nodes.
// +listType=atomic
// +kubebuilder:validation:MaxItems=32
@@ -2187,7 +2108,6 @@ type NutanixPrismElementEndpoint struct {
}
// NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider.
-// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged"
type NutanixPlatformStatus struct {
// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
// by components inside the cluster, like kubelets using the infrastructure rather
@@ -2231,22 +2151,6 @@ type NutanixPlatformStatus struct {
// +kubebuilder:default={"type": "OpenShiftManagedDefault"}
// +optional
LoadBalancer *NutanixPlatformLoadBalancer `json:"loadBalancer,omitempty"`
-
- // dnsRecordsType determines whether records for api, api-int, and ingress
- // are provided by the internal DNS service or externally.
- // Allowed values are `Internal`, `External`, and omitted.
- // When set to `Internal`, records are provided by the internal infrastructure and
- // no additional user configuration is required for the cluster to function.
- // When set to `External`, records are not provided by the internal infrastructure
- // and must be configured by the user on a DNS server outside the cluster.
- // Cluster nodes must use this external server for their upstream DNS requests.
- // This value may only be set when loadBalancer.type is set to UserManaged.
- // When omitted, this means the user has no opinion and the platform is left
- // to choose reasonable defaults. These defaults are subject to change over time.
- // The current default is `Internal`.
- // +openshift:enable:FeatureGate=OnPremDNSRecords
- // +optional
- DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go
index 2f627be11e..1282f33158 100644
--- a/vendor/github.com/openshift/api/config/v1/types_node.go
+++ b/vendor/github.com/openshift/api/config/v1/types_node.go
@@ -79,6 +79,7 @@ type CgroupMode string
const (
CgroupModeEmpty CgroupMode = "" // Empty string indicates to honor user set value on the system that should not be overridden by OpenShift
+ CgroupModeV1 CgroupMode = "v1"
CgroupModeV2 CgroupMode = "v2"
CgroupModeDefault CgroupMode = CgroupModeV2
)
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml
index 85875e8a34..a6bbab4369 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml
@@ -1670,24 +1670,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -1766,11 +1748,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
equinixMetal:
description: equinixMetal contains settings specific to the Equinix
Metal infrastructure provider.
@@ -2249,24 +2226,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2319,11 +2278,6 @@ spec:
rule: oldSelf == '' || self == oldSelf
type: object
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
openstack:
description: openstack contains settings specific to the OpenStack
infrastructure provider.
@@ -2361,24 +2315,6 @@ spec:
cloudName is the name of the desired OpenStack cloud in the
client configuration file (`clouds.yaml`).
type: string
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2457,11 +2393,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
ovirt:
description: ovirt contains settings specific to the oVirt infrastructure
provider.
@@ -2494,24 +2425,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2568,11 +2481,6 @@ spec:
set or honored. It will be removed in a future release.'
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
powervs:
description: powervs contains settings specific to the Power Systems
Virtual Servers infrastructure provider.
@@ -2725,24 +2633,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2821,11 +2711,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
type: object
type: object
required:
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml
index f3dd3c3247..206ffb86c1 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml
@@ -1670,24 +1670,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -1766,11 +1748,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
equinixMetal:
description: equinixMetal contains settings specific to the Equinix
Metal infrastructure provider.
@@ -2249,24 +2226,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2319,11 +2278,6 @@ spec:
rule: oldSelf == '' || self == oldSelf
type: object
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
openstack:
description: openstack contains settings specific to the OpenStack
infrastructure provider.
@@ -2361,24 +2315,6 @@ spec:
cloudName is the name of the desired OpenStack cloud in the
client configuration file (`clouds.yaml`).
type: string
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2457,11 +2393,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
ovirt:
description: ovirt contains settings specific to the oVirt infrastructure
provider.
@@ -2494,24 +2425,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2568,11 +2481,6 @@ spec:
set or honored. It will be removed in a future release.'
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
powervs:
description: powervs contains settings specific to the Power Systems
Virtual Servers infrastructure provider.
@@ -2725,24 +2633,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2821,11 +2711,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
type: object
type: object
required:
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
index 99b975aeee..c14a981101 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml
@@ -1670,24 +1670,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -1766,11 +1748,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
equinixMetal:
description: equinixMetal contains settings specific to the Equinix
Metal infrastructure provider.
@@ -2249,24 +2226,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2319,11 +2278,6 @@ spec:
rule: oldSelf == '' || self == oldSelf
type: object
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
openstack:
description: openstack contains settings specific to the OpenStack
infrastructure provider.
@@ -2361,24 +2315,6 @@ spec:
cloudName is the name of the desired OpenStack cloud in the
client configuration file (`clouds.yaml`).
type: string
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2457,11 +2393,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
ovirt:
description: ovirt contains settings specific to the oVirt infrastructure
provider.
@@ -2494,24 +2425,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2568,11 +2481,6 @@ spec:
set or honored. It will be removed in a future release.'
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
powervs:
description: powervs contains settings specific to the Power Systems
Virtual Servers infrastructure provider.
@@ -2725,24 +2633,6 @@ spec:
rule: 'self == oldSelf || (size(self) == 2 && isIP(self[0])
&& isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family()
: true)'
- dnsRecordsType:
- description: |-
- dnsRecordsType determines whether records for api, api-int, and ingress
- are provided by the internal DNS service or externally.
- Allowed values are `Internal`, `External`, and omitted.
- When set to `Internal`, records are provided by the internal infrastructure and
- no additional user configuration is required for the cluster to function.
- When set to `External`, records are not provided by the internal infrastructure
- and must be configured by the user on a DNS server outside the cluster.
- Cluster nodes must use this external server for their upstream DNS requests.
- This value may only be set when loadBalancer.type is set to UserManaged.
- When omitted, this means the user has no opinion and the platform is left
- to choose reasonable defaults. These defaults are subject to change over time.
- The current default is `Internal`.
- enum:
- - Internal
- - External
- type: string
ingressIP:
description: |-
ingressIP is an external IP which routes to the default ingress controller.
@@ -2821,11 +2711,6 @@ spec:
to the nodes in the cluster.
type: string
type: object
- x-kubernetes-validations:
- - message: dnsRecordsType may only be set to External when loadBalancer.type
- is UserManaged
- rule: '!has(self.dnsRecordsType) || self.dnsRecordsType == ''Internal''
- || (has(self.loadBalancer) && self.loadBalancer.type == ''UserManaged'')'
type: object
type: object
required:
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml
index a1d37f65d0..03b091ead5 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml
@@ -372,7 +372,6 @@ infrastructures.config.openshift.io:
- HighlyAvailableArbiter
- HighlyAvailableArbiter+DualReplica
- NutanixMultiSubnets
- - OnPremDNSRecords
- VSphereHostVMGroupZonal
- VSphereMultiNetworks
FilenameOperatorName: config-operator
diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
index b9d0799fbd..be7d462a50 100644
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
@@ -1527,7 +1527,6 @@ var map_BareMetalPlatformStatus = map[string]string{
"ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.",
"nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.",
"loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.",
- "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.",
"machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.",
}
@@ -1790,7 +1789,6 @@ var map_NutanixPlatformStatus = map[string]string{
"ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.",
"ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.",
"loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.",
- "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.",
}
func (NutanixPlatformStatus) SwaggerDoc() map[string]string {
@@ -1857,7 +1855,6 @@ var map_OpenStackPlatformStatus = map[string]string{
"ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.",
"nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.",
"loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.",
- "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.",
"machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.",
}
@@ -1890,7 +1887,6 @@ var map_OvirtPlatformStatus = map[string]string{
"ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.",
"nodeDNSIP": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.",
"loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.",
- "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.",
}
func (OvirtPlatformStatus) SwaggerDoc() map[string]string {
@@ -2073,7 +2069,6 @@ var map_VSpherePlatformStatus = map[string]string{
"ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.",
"nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.",
"loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.",
- "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.",
"machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.",
}
diff --git a/vendor/github.com/openshift/api/console/v1/types.go b/vendor/github.com/openshift/api/console/v1/types.go
index 24dcd5ca0b..416eaa3e87 100644
--- a/vendor/github.com/openshift/api/console/v1/types.go
+++ b/vendor/github.com/openshift/api/console/v1/types.go
@@ -4,7 +4,7 @@ package v1
type Link struct {
// text is the display text for the link
Text string `json:"text"`
- // href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.
- // +kubebuilder:validation:Pattern=`^(https://|mailto:)`
+ // href is the absolute secure URL for the link (must use https)
+ // +kubebuilder:validation:Pattern=`^https://`
Href string `json:"href"`
}
diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go
index 606b95cafc..a02cbf7c17 100644
--- a/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go
@@ -14,7 +14,7 @@ package v1
var map_Link = map[string]string{
"": "Represents a standard link that could be generated in HTML",
"text": "text is the display text for the link",
- "href": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.",
+ "href": "href is the absolute secure URL for the link (must use https)",
}
func (Link) SwaggerDoc() map[string]string {
diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md
index e74ac0734b..df45c853f3 100644
--- a/vendor/github.com/openshift/api/features.md
+++ b/vendor/github.com/openshift/api/features.md
@@ -9,12 +9,11 @@
| Example2| | | Enabled | Enabled | | |
| ExternalSnapshotMetadata| | | Enabled | Enabled | | |
| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | |
-| NewOLMBoxCutterRuntime| | | | Enabled | | Enabled |
| NewOLMCatalogdAPIV1Metas| | | | Enabled | | Enabled |
| NewOLMOwnSingleNamespace| | | | Enabled | | Enabled |
| NewOLMPreflightPermissionChecks| | | | Enabled | | Enabled |
-| NoRegistryClusterInstall| | | | Enabled | | Enabled |
-| ProvisioningRequestAvailable| | | Enabled | Enabled | | |
+| NoRegistryClusterOperations| | | | Enabled | | Enabled |
+| VSphereMixedNodeEnv| | | Enabled | Enabled | | |
| NewOLM| | Enabled | | Enabled | | Enabled |
| NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled |
| AWSClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled |
@@ -65,14 +64,12 @@
| NutanixMultiSubnets| | | Enabled | Enabled | Enabled | Enabled |
| OSStreams| | | Enabled | Enabled | Enabled | Enabled |
| OVNObservability| | | Enabled | Enabled | Enabled | Enabled |
-| OnPremDNSRecords| | | Enabled | Enabled | Enabled | Enabled |
| SELinuxMount| | | Enabled | Enabled | Enabled | Enabled |
| SignatureStores| | | Enabled | Enabled | Enabled | Enabled |
| SigstoreImageVerificationPKI| | | Enabled | Enabled | Enabled | Enabled |
| TranslateStreamCloseWebsocketRequests| | | Enabled | Enabled | Enabled | Enabled |
| VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | Enabled | Enabled |
| VSphereHostVMGroupZonal| | | Enabled | Enabled | Enabled | Enabled |
-| VSphereMixedNodeEnv| | | Enabled | Enabled | Enabled | Enabled |
| VolumeGroupSnapshot| | | Enabled | Enabled | Enabled | Enabled |
| AdditionalRoutingCapabilities| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled |
diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go
index 4dbc7fa02f..33e51639c2 100644
--- a/vendor/github.com/openshift/api/features/features.go
+++ b/vendor/github.com/openshift/api/features/features.go
@@ -513,14 +513,6 @@ var (
enableForClusterProfile(SelfManaged, configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
mustRegister()
- FeatureGateNewOLMBoxCutterRuntime = newFeatureGate("NewOLMBoxCutterRuntime").
- reportProblemsToJiraComponent("olm").
- contactPerson("pegoncal").
- productScope(ocpSpecific).
- enhancementPR("https://github.com/openshift/enhancements/pull/1890").
- enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
- mustRegister()
-
FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather").
reportProblemsToJiraComponent("insights").
contactPerson("tremes").
@@ -780,7 +772,7 @@ var (
contactPerson("vr4manta").
productScope(ocpSpecific).
enhancementPR("https://github.com/openshift/enhancements/pull/1772").
- enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+ enableIn(configv1.DevPreviewNoUpgrade).
mustRegister()
FeatureGatePreconfiguredUDNAddresses = newFeatureGate("PreconfiguredUDNAddresses").
@@ -807,7 +799,7 @@ var (
enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default).
mustRegister()
- FeatureGateNoRegistryClusterInstall = newFeatureGate("NoRegistryClusterInstall").
+ FeatureGateNoRegistryClusterOperations = newFeatureGate("NoRegistryClusterOperations").
reportProblemsToJiraComponent("Installer / Agent based installation").
contactPerson("andfasano").
productScope(ocpSpecific).
@@ -924,19 +916,4 @@ var (
enhancementPR("https://github.com/openshift/enhancements/pull/1845").
enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
mustRegister()
- FeatureGateOnPremDNSRecords = newFeatureGate("OnPremDNSRecords").
- reportProblemsToJiraComponent("Networking / On-Prem DNS").
- contactPerson("bnemec").
- productScope(ocpSpecific).
- enhancementPR("https://github.com/openshift/enhancements/pull/1803").
- enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
- mustRegister()
-
- FeatureGateProvisioningRequestAvailable = newFeatureGate("ProvisioningRequestAvailable").
- reportProblemsToJiraComponent("Cluster Autoscaler").
- contactPerson("elmiko").
- productScope(ocpSpecific).
- enhancementPR("https://github.com/openshift/enhancements/pull/1752").
- enableIn(configv1.DevPreviewNoUpgrade).
- mustRegister()
)
diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go
index 0cc634a5fd..161f2324c2 100644
--- a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go
+++ b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go
@@ -213,19 +213,6 @@ type EBSBlockDeviceSpec struct {
// it is not used in requests to create gp2, st1, sc1, or standard volumes.
// +optional
Iops *int64 `json:"iops,omitempty"`
- // throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.
- //
- // This parameter is valid only for gp3 volumes.
- // Valid Range: Minimum value of 125. Maximum value of 2000.
- //
- // When omitted, this means no opinion, and the platform is left to
- // choose a reasonable default, which is subject to change over time.
- // The current default is 125.
- //
- // +kubebuilder:validation:Minimum:=125
- // +kubebuilder:validation:Maximum:=2000
- // +optional
- ThroughputMib *int32 `json:"throughputMib,omitempty"`
// The size of the volume, in GiB.
//
// Constraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned
@@ -238,7 +225,7 @@ type EBSBlockDeviceSpec struct {
// a volume size, the default is the snapshot size.
// +optional
VolumeSize *int64 `json:"volumeSize,omitempty"`
- // volumeType can be of type gp2, gp3, io1, st1, sc1, or standard.
+ // The volume type: gp2, io1, st1, sc1, or standard.
// Default: standard
// +optional
VolumeType *string `json:"volumeType,omitempty"`
diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go
index 0150060f46..92586dcdf1 100644
--- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go
@@ -581,11 +581,6 @@ func (in *EBSBlockDeviceSpec) DeepCopyInto(out *EBSBlockDeviceSpec) {
*out = new(int64)
**out = **in
}
- if in.ThroughputMib != nil {
- in, out := &in.ThroughputMib, &out.ThroughputMib
- *out = new(int32)
- **out = **in
- }
if in.VolumeSize != nil {
in, out := &in.VolumeSize, &out.VolumeSize
*out = new(int64)
diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go
index f03e5cc4ef..23b6eddd37 100644
--- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go
@@ -108,9 +108,8 @@ var map_EBSBlockDeviceSpec = map[string]string{
"encrypted": "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.",
"kmsKey": "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.",
"iops": "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.",
- "throughputMib": "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.",
"volumeSize": "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.",
- "volumeType": "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard",
+ "volumeType": "The volume type: gp2, io1, st1, sc1, or standard. Default: standard",
}
func (EBSBlockDeviceSpec) SwaggerDoc() map[string]string {
diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go
index d54352f2ce..46b906518d 100644
--- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go
+++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go
@@ -298,9 +298,9 @@ type IngressControllerSpec struct {
// case HAProxy handles it in the old process and closes
// the connection after sending the response.
//
- // - HAProxy's `timeout http-keep-alive` duration expires.
- // By default this is 300 seconds, but it can be changed
- // using httpKeepAliveTimeout tuning option.
+ // - HAProxy's `timeout http-keep-alive` duration expires
+ // (300 seconds in OpenShift's configuration, not
+ // configurable).
//
// - The client's keep-alive timeout expires, causing the
// client to close the connection.
@@ -344,47 +344,6 @@ type IngressControllerSpec struct {
// +kubebuilder:default:="Immediate"
// +default="Immediate"
IdleConnectionTerminationPolicy IngressControllerConnectionTerminationPolicy `json:"idleConnectionTerminationPolicy,omitempty"`
-
- // closedClientConnectionPolicy controls how the IngressController
- // behaves when the client closes the TCP connection while the TLS
- // handshake or HTTP request is in progress. This option maps directly
- // to HAProxy’s "abortonclose" option.
- //
- // Valid values are: "Abort" and "Continue".
- // The default value is "Continue".
- //
- // When set to "Abort", the router will stop processing the TLS handshake
- // if it is in progress, and it will not send an HTTP request to the backend server
- // if the request has not yet been sent when the client closes the connection.
- //
- // When set to "Continue", the router will complete the TLS handshake
- // if it is in progress, or send an HTTP request to the backend server
- // and wait for the backend server's response, regardless of
- // whether the client has closed the connection.
- //
- // Setting "Abort" can help free CPU resources otherwise spent on TLS computation
- // for connections the client has already closed, and can reduce request queue
- // size, thereby reducing the load on saturated backend servers.
- //
- // Important Considerations:
- //
- // - The default policy ("Continue") is HTTP-compliant, and requests
- // for aborted client connections will still be served.
- // Use the "Continue" policy to allow a client to send a request
- // and then immediately close its side of the connection while
- // still receiving a response on the half-closed connection.
- //
- // - When clients use keep-alive connections, the most common case for premature
- // closure is when the user wants to cancel the transfer or when a timeout
- // occurs. In that case, the "Abort" policy may be used to reduce resource consumption.
- //
- // - Using RSA keys larger than 2048 bits can significantly slow down
- // TLS computations. Consider using the "Abort" policy to reduce CPU usage.
- //
- // +optional
- // +kubebuilder:default:="Continue"
- // +default="Continue"
- ClosedClientConnectionPolicy IngressControllerClosedClientConnectionPolicy `json:"closedClientConnectionPolicy,omitempty"`
}
// httpCompressionPolicy turns on compression for the specified MIME types.
@@ -1925,36 +1884,6 @@ type IngressControllerTuningOptions struct {
// +optional
ConnectTimeout *metav1.Duration `json:"connectTimeout,omitempty"`
- // httpKeepAliveTimeout defines the maximum allowed time to wait for
- // a new HTTP request to appear on a connection from the client to the router.
- //
- // This field expects an unsigned duration string of a decimal number, with optional
- // fraction and a unit suffix, e.g. "300ms", "1.5s" or "2m45s".
- // Valid time units are "ms", "s", "m".
- // The allowed range is from 1 millisecond to 15 minutes.
- //
- // When omitted, this means the user has no opinion and the platform is left
- // to choose a reasonable default. This default is subject to change over time.
- // The current default is 300s.
- //
- // Low values (tens of milliseconds or less) can cause clients to close and reopen connections
- // for each request, leading to reduced connection sharing.
- // For HTTP/2, special care should be taken with low values.
- // A few seconds is a reasonable starting point to avoid holding idle connections open
- // while still allowing subsequent requests to reuse the connection.
- //
- // High values (minutes or more) favor connection reuse but may cause idle
- // connections to linger longer.
- //
- // +kubebuilder:validation:Type:=string
- // +kubebuilder:validation:XValidation:rule="self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$')",message="httpKeepAliveTimeout must be a valid duration string composed of an unsigned integer value, optionally followed by a decimal fraction and a unit suffix (ms, s, m)"
- // +kubebuilder:validation:XValidation:rule="!self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$') || duration(self) <= duration('15m')",message="httpKeepAliveTimeout must be less than or equal to 15 minutes"
- // +kubebuilder:validation:XValidation:rule="!self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$') || duration(self) >= duration('1ms')",message="httpKeepAliveTimeout must be greater than or equal to 1 millisecond"
- // +kubebuilder:validation:MinLength=1
- // +kubebuilder:validation:MaxLength=16
- // +optional
- HTTPKeepAliveTimeout *metav1.Duration `json:"httpKeepAliveTimeout,omitempty"`
-
// tlsInspectDelay defines how long the router can hold data to find a
// matching route.
//
@@ -2211,34 +2140,3 @@ const (
// connection.
IngressControllerConnectionTerminationPolicyDeferred IngressControllerConnectionTerminationPolicy = "Deferred"
)
-
-// IngressControllerClosedClientConnectionPolicy controls how the IngressController
-// behaves when the client closes the TCP connection while the TLS
-// handshake or HTTP request is in progress.
-//
-// +kubebuilder:validation:Enum=Abort;Continue
-type IngressControllerClosedClientConnectionPolicy string
-
-const (
- // IngressControllerClosedClientConnectionPolicyAbort aborts processing early when the client
- // closes the connection.
- //
- // This affects two types of processing: TLS handshake computation on the router
- // and request handling.
- //
- // When the client closes the connection, the router will stop processing
- // the TLS handshake, preventing unnecessary CPU work.
- //
- // If the HTTP request has not yet been sent to the backend, it will be aborted.
- // If the request is already being processed by the backend, the router will
- // half-close the connection to signal this condition to the backend server,
- // which can then decide how to proceed.
- IngressControllerClosedClientConnectionPolicyAbort IngressControllerClosedClientConnectionPolicy = "Abort"
-
- // IngressControllerClosedClientConnectionPolicyContinue continues processing even if the client
- // closes the connection.
- //
- // The router will complete the TLS handshake and wait for the backend
- // server's response regardless of the client having closed the connection.
- IngressControllerClosedClientConnectionPolicyContinue IngressControllerClosedClientConnectionPolicy = "Continue"
-)
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
index 3bc6b81de4..fd83694c23 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
@@ -2564,11 +2564,6 @@ func (in *IngressControllerTuningOptions) DeepCopyInto(out *IngressControllerTun
*out = new(metav1.Duration)
**out = **in
}
- if in.HTTPKeepAliveTimeout != nil {
- in, out := &in.HTTPKeepAliveTimeout, &out.HTTPKeepAliveTimeout
- *out = new(metav1.Duration)
- **out = **in
- }
if in.TLSInspectDelay != nil {
in, out := &in.TLSInspectDelay, &out.TLSInspectDelay
*out = new(metav1.Duration)
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
index 06096a6c81..d3475d9024 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
@@ -1080,8 +1080,7 @@ var map_IngressControllerSpec = map[string]string{
"tuningOptions": "tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details.\n\nSetting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.",
"unsupportedConfigOverrides": "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.",
"httpCompression": "httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.",
- "idleConnectionTerminationPolicy": "idleConnectionTerminationPolicy maps directly to HAProxy's idle-close-on-response option and controls whether HAProxy keeps idle frontend connections open during a soft stop (router reload).\n\nAllowed values for this field are \"Immediate\" and \"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed immediately during router reloads. This ensures immediate propagation of route changes but may impact clients sensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle connections during a soft reload instead of closing them immediately. These connections remain open until any of the following occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires.\n By default this is 300 seconds, but it can be changed\n using httpKeepAliveTimeout tuning option.\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load balancers that do not properly handle connection resets. Additionally, this option allows you to retain the pre-2.4 HAProxy behaviour: in HAProxy version 2.2 (OpenShift versions < 4.14), maintaining idle connections during a soft reload was the default behaviour, but starting with HAProxy 2.4, the default changed to closing idle connections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.",
- "closedClientConnectionPolicy": "closedClientConnectionPolicy controls how the IngressController behaves when the client closes the TCP connection while the TLS handshake or HTTP request is in progress. This option maps directly to HAProxy’s \"abortonclose\" option.\n\nValid values are: \"Abort\" and \"Continue\". The default value is \"Continue\".\n\nWhen set to \"Abort\", the router will stop processing the TLS handshake if it is in progress, and it will not send an HTTP request to the backend server if the request has not yet been sent when the client closes the connection.\n\nWhen set to \"Continue\", the router will complete the TLS handshake if it is in progress, or send an HTTP request to the backend server and wait for the backend server's response, regardless of whether the client has closed the connection.\n\nSetting \"Abort\" can help free CPU resources otherwise spent on TLS computation for connections the client has already closed, and can reduce request queue size, thereby reducing the load on saturated backend servers.\n\nImportant Considerations:\n\n - The default policy (\"Continue\") is HTTP-compliant, and requests\n for aborted client connections will still be served.\n Use the \"Continue\" policy to allow a client to send a request\n and then immediately close its side of the connection while\n still receiving a response on the half-closed connection.\n\n - When clients use keep-alive connections, the most common case for premature\n closure is when the user wants to cancel the transfer or when a timeout\n occurs. In that case, the \"Abort\" policy may be used to reduce resource consumption.\n\n - Using RSA keys larger than 2048 bits can significantly slow down\n TLS computations. Consider using the \"Abort\" policy to reduce CPU usage.",
+ "idleConnectionTerminationPolicy": "idleConnectionTerminationPolicy maps directly to HAProxy's idle-close-on-response option and controls whether HAProxy keeps idle frontend connections open during a soft stop (router reload).\n\nAllowed values for this field are \"Immediate\" and \"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed immediately during router reloads. This ensures immediate propagation of route changes but may impact clients sensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle connections during a soft reload instead of closing them immediately. These connections remain open until any of the following occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires\n (300 seconds in OpenShift's configuration, not\n configurable).\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load balancers that do not properly handle connection resets. Additionally, this option allows you to retain the pre-2.4 HAProxy behaviour: in HAProxy version 2.2 (OpenShift versions < 4.14), maintaining idle connections during a soft reload was the default behaviour, but starting with HAProxy 2.4, the default changed to closing idle connections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.",
}
func (IngressControllerSpec) SwaggerDoc() map[string]string {
@@ -1116,7 +1115,6 @@ var map_IngressControllerTuningOptions = map[string]string{
"serverFinTimeout": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s",
"tunnelTimeout": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h",
"connectTimeout": "connectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.",
- "httpKeepAliveTimeout": "httpKeepAliveTimeout defines the maximum allowed time to wait for a new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\". Valid time units are \"ms\", \"s\", \"m\". The allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections for each request, leading to reduced connection sharing. For HTTP/2, special care should be taken with low values. A few seconds is a reasonable starting point to avoid holding idle connections open while still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle connections to linger longer.",
"tlsInspectDelay": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s",
"healthCheckInterval": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.",
"maxConnections": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.",
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 88035f1bde..658a9d7a5d 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -976,7 +976,7 @@ github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo
github.com/openshift-eng/openshift-tests-extension/pkg/junit
github.com/openshift-eng/openshift-tests-extension/pkg/util/sets
github.com/openshift-eng/openshift-tests-extension/pkg/version
-# github.com/openshift/api v0.0.0-20251120220512-cb382c9eaf42
+# github.com/openshift/api v0.0.0-20251111193948-50e2ece149d7
## explicit; go 1.24.0
github.com/openshift/api
github.com/openshift/api/annotations